711480f8f6
This pull request introduces the dedicated containerized infrastructure and configuration for deploying NexusReader's beta version in the Test environment. ### Summary of Changes 1. **Docker Infrastructure & Secrets**: - **`docker-compose.test.yml`**: Configured dedicated database and auxiliary services (PostgreSQL 17, Qdrant, Neo4j) on isolated, non-standard ports to ensure zero conflict with the existing server configurations. - **`.env.test.template`**: Provided an environment variable template showing required setups, including mandatory database passwords, API keys, and admin custom passwords. - **`.gitignore`**: Excluded local `.env` files to prevent accidental commits of production or staging secrets. 2. **Database Hardening**: - Configured Neo4j with basic authentication (`IDriver` instantiation uses basic auth when credentials are provided in configuration). - Configured PostgreSQL to use mandatory authentication. - Configured the admin seeder (`DbInitializer.cs`) to dynamically use `NEXUS_ADMIN_PASSWORD` from environment variables, falling back to a default password in local Development only. 3. **Feature-Flagged Restrictions**: - **`appsettings.Test.json`**: Implemented `Features:AllowRegistration` and `Features:AllowPasswordReset` flags set to `false`. - **Middleware Enforcement (`Program.cs`)**: Intercepts requests to `/identity/register` and `/identity/forgotPassword` (and their MVC/form variations) and rejects them with a `403 Forbidden` response in restricted environments. - **OAuth Provisioning Guard (`Program.cs`)**: Blocks new account provisioning via Google OAuth callback by checking the `Features:AllowRegistration` configuration, redirecting users to the login page with a descriptive error. - **UI Protection (`Login.razor`, `Register.razor`)**: Conditionally hides registration/password reset links and intercepts manual navigation attempts to `/account/register` by redirecting to login with a warning. --------- Co-authored-by: Marek Jasiński <jasins.marek@gmail.com> Reviewed-on: #56 Co-authored-by: Antigravity <antigravity@google.com> Co-committed-by: Antigravity <antigravity@google.com>
144 lines
5.4 KiB
Plaintext
144 lines
5.4 KiB
Plaintext
@page "/account/register"
|
|
@layout AuthLayout
|
|
@attribute [AllowAnonymous]
|
|
@using Microsoft.AspNetCore.Components.Forms
|
|
@using NexusReader.UI.Shared.Services
|
|
@using NexusReader.UI.Shared.Components.Atoms
|
|
@inject IIdentityService IdentityService
|
|
@inject NavigationManager NavigationManager
|
|
@inject IJSRuntime JS
|
|
@inject FeatureSettings FeatureSettings
|
|
|
|
<div class="login-page-container">
|
|
<div class="mesh-bg"></div>
|
|
|
|
<div class="auth-card">
|
|
<div class="auth-header">
|
|
<div class="logo-box">
|
|
<NexusIcon Name="robot" Size="48" />
|
|
</div>
|
|
<h1 class="app-name">Nexus <span>Reader</span></h1>
|
|
<p class="auth-subtitle">Utwórz nowe konto</p>
|
|
</div>
|
|
|
|
<EditForm Model="@_registerModel" OnValidSubmit="HandleRegister" class="auth-form">
|
|
<DataAnnotationsValidator />
|
|
|
|
<div class="field-group">
|
|
<div class="field-icon">
|
|
<NexusIcon Name="mail" Size="18" />
|
|
</div>
|
|
<InputText id="email" @bind-Value="_registerModel.Email" placeholder="E-mail" class="field-input" />
|
|
</div>
|
|
<ValidationMessage For="@(() => _registerModel.Email)" class="auth-validation" />
|
|
|
|
<div class="field-group">
|
|
<div class="field-icon">
|
|
<NexusIcon Name="lock" Size="18" />
|
|
</div>
|
|
<InputText id="password" type="password" @bind-Value="_registerModel.Password" placeholder="Hasło" class="field-input" />
|
|
</div>
|
|
<ValidationMessage For="@(() => _registerModel.Password)" class="auth-validation" />
|
|
|
|
<div class="field-group">
|
|
<div class="field-icon">
|
|
<NexusIcon Name="lock" Size="18" />
|
|
</div>
|
|
<InputText id="confirmPassword" type="password" @bind-Value="_registerModel.ConfirmPassword" placeholder="Potwierdź hasło" class="field-input" />
|
|
</div>
|
|
<ValidationMessage For="@(() => _registerModel.ConfirmPassword)" class="auth-validation" />
|
|
|
|
@if (!string.IsNullOrEmpty(_errorMessage))
|
|
{
|
|
<div class="auth-error">@_errorMessage</div>
|
|
}
|
|
|
|
<button type="submit" class="btn-submit-auth" disabled="@_isSubmitting">
|
|
@if (_isSubmitting)
|
|
{
|
|
<div class="auth-loader"></div>
|
|
}
|
|
else
|
|
{
|
|
<span>Zarejestruj się</span>
|
|
}
|
|
</button>
|
|
</EditForm>
|
|
|
|
<div class="auth-footer">
|
|
<p class="auth-switch">Masz już konto? <a href="/account/login">Zaloguj się</a></p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<form id="nexusLoginForm" method="post" action="/account/login-form" style="display:none">
|
|
<input type="hidden" name="email" value="@_registerModel.Email" />
|
|
<input type="hidden" name="password" value="@_registerModel.Password" />
|
|
<input type="hidden" name="rememberMe" value="false" />
|
|
</form>
|
|
|
|
@code {
|
|
private RegisterModel _registerModel = new();
|
|
private string? _errorMessage;
|
|
private bool _isSubmitting;
|
|
|
|
protected override void OnInitialized()
|
|
{
|
|
var allowRegistration = FeatureSettings.AllowRegistration;
|
|
if (!allowRegistration)
|
|
{
|
|
NavigationManager.NavigateTo("/account/login?error=RegistrationDisabled", replace: true);
|
|
}
|
|
}
|
|
|
|
private async Task HandleRegister()
|
|
{
|
|
_isSubmitting = true;
|
|
_errorMessage = null;
|
|
|
|
try
|
|
{
|
|
var regResult = await IdentityService.RegisterAsync(_registerModel.Email, _registerModel.Password);
|
|
if (regResult.IsSuccess)
|
|
{
|
|
var loginResult = await IdentityService.LoginAsync(_registerModel.Email, _registerModel.Password);
|
|
if (loginResult.IsSuccess)
|
|
{
|
|
// Trigger hidden form submission via robust JS helper to perform cookie-based sign-in
|
|
await JS.InvokeVoidAsync("nexusAuth.submitLoginForm", "nexusLoginForm", _registerModel.Email, _registerModel.Password, false);
|
|
}
|
|
else
|
|
{
|
|
NavigationManager.NavigateTo("/account/login");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
_errorMessage = regResult.Errors.FirstOrDefault()?.Message ?? "Rejestracja nie powiodła się.";
|
|
}
|
|
}
|
|
catch (Exception)
|
|
{
|
|
_errorMessage = "Wystąpił błąd podczas rejestracji.";
|
|
}
|
|
finally
|
|
{
|
|
_isSubmitting = false;
|
|
}
|
|
}
|
|
|
|
public class RegisterModel
|
|
{
|
|
[System.ComponentModel.DataAnnotations.Required(ErrorMessage = "E-mail jest wymagany")]
|
|
[System.ComponentModel.DataAnnotations.EmailAddress(ErrorMessage = "Nieprawidłowy e-mail")]
|
|
public string Email { get; set; } = string.Empty;
|
|
|
|
[System.ComponentModel.DataAnnotations.Required(ErrorMessage = "Hasło jest wymagane")]
|
|
[System.ComponentModel.DataAnnotations.MinLength(8, ErrorMessage = "Minimum 8 znaków")]
|
|
public string Password { get; set; } = string.Empty;
|
|
|
|
[System.ComponentModel.DataAnnotations.Compare(nameof(Password), ErrorMessage = "Hasła nie są identyczne")]
|
|
public string ConfirmPassword { get; set; } = string.Empty;
|
|
}
|
|
}
|