Files
Nexus.Reader/src/NexusReader.UI.Shared/Pages/Account/Register.razor
T
Antigravity 711480f8f6 feat(infra): Docker-compose configuration and environment-specific security guards for Beta deployment to Test environment (#56)
This pull request introduces the dedicated containerized infrastructure and configuration for deploying NexusReader's beta version in the Test environment.

### Summary of Changes

1. **Docker Infrastructure & Secrets**:
   - **`docker-compose.test.yml`**: Configured dedicated database and auxiliary services (PostgreSQL 17, Qdrant, Neo4j) on isolated, non-standard ports to ensure zero conflict with the existing server configurations.
   - **`.env.test.template`**: Provided an environment variable template showing required setups, including mandatory database passwords, API keys, and admin custom passwords.
   - **`.gitignore`**: Excluded local `.env` files to prevent accidental commits of production or staging secrets.

2. **Database Hardening**:
   - Configured Neo4j with basic authentication (`IDriver` instantiation uses basic auth when credentials are provided in configuration).
   - Configured PostgreSQL to use mandatory authentication.
   - Configured the admin seeder (`DbInitializer.cs`) to dynamically use `NEXUS_ADMIN_PASSWORD` from environment variables, falling back to a default password in local Development only.

3. **Feature-Flagged Restrictions**:
   - **`appsettings.Test.json`**: Implemented `Features:AllowRegistration` and `Features:AllowPasswordReset` flags set to `false`.
   - **Middleware Enforcement (`Program.cs`)**: Intercepts requests to `/identity/register` and `/identity/forgotPassword` (and their MVC/form variations) and rejects them with a `403 Forbidden` response in restricted environments.
   - **OAuth Provisioning Guard (`Program.cs`)**: Blocks new account provisioning via Google OAuth callback by checking the `Features:AllowRegistration` configuration, redirecting users to the login page with a descriptive error.
   - **UI Protection (`Login.razor`, `Register.razor`)**: Conditionally hides registration/password reset links and intercepts manual navigation attempts to `/account/register` by redirecting to login with a warning.

---------

Co-authored-by: Marek Jasiński <jasins.marek@gmail.com>
Reviewed-on: #56
Co-authored-by: Antigravity <antigravity@google.com>
Co-committed-by: Antigravity <antigravity@google.com>
2026-06-01 17:17:45 +00:00

144 lines
5.4 KiB
Plaintext

@page "/account/register"
@layout AuthLayout
@attribute [AllowAnonymous]
@using Microsoft.AspNetCore.Components.Forms
@using NexusReader.UI.Shared.Services
@using NexusReader.UI.Shared.Components.Atoms
@inject IIdentityService IdentityService
@inject NavigationManager NavigationManager
@inject IJSRuntime JS
@inject FeatureSettings FeatureSettings
<div class="login-page-container">
<div class="mesh-bg"></div>
<div class="auth-card">
<div class="auth-header">
<div class="logo-box">
<NexusIcon Name="robot" Size="48" />
</div>
<h1 class="app-name">Nexus <span>Reader</span></h1>
<p class="auth-subtitle">Utwórz nowe konto</p>
</div>
<EditForm Model="@_registerModel" OnValidSubmit="HandleRegister" class="auth-form">
<DataAnnotationsValidator />
<div class="field-group">
<div class="field-icon">
<NexusIcon Name="mail" Size="18" />
</div>
<InputText id="email" @bind-Value="_registerModel.Email" placeholder="E-mail" class="field-input" />
</div>
<ValidationMessage For="@(() => _registerModel.Email)" class="auth-validation" />
<div class="field-group">
<div class="field-icon">
<NexusIcon Name="lock" Size="18" />
</div>
<InputText id="password" type="password" @bind-Value="_registerModel.Password" placeholder="Hasło" class="field-input" />
</div>
<ValidationMessage For="@(() => _registerModel.Password)" class="auth-validation" />
<div class="field-group">
<div class="field-icon">
<NexusIcon Name="lock" Size="18" />
</div>
<InputText id="confirmPassword" type="password" @bind-Value="_registerModel.ConfirmPassword" placeholder="Potwierdź hasło" class="field-input" />
</div>
<ValidationMessage For="@(() => _registerModel.ConfirmPassword)" class="auth-validation" />
@if (!string.IsNullOrEmpty(_errorMessage))
{
<div class="auth-error">@_errorMessage</div>
}
<button type="submit" class="btn-submit-auth" disabled="@_isSubmitting">
@if (_isSubmitting)
{
<div class="auth-loader"></div>
}
else
{
<span>Zarejestruj się</span>
}
</button>
</EditForm>
<div class="auth-footer">
<p class="auth-switch">Masz już konto? <a href="/account/login">Zaloguj się</a></p>
</div>
</div>
</div>
<form id="nexusLoginForm" method="post" action="/account/login-form" style="display:none">
<input type="hidden" name="email" value="@_registerModel.Email" />
<input type="hidden" name="password" value="@_registerModel.Password" />
<input type="hidden" name="rememberMe" value="false" />
</form>
@code {
private RegisterModel _registerModel = new();
private string? _errorMessage;
private bool _isSubmitting;
protected override void OnInitialized()
{
var allowRegistration = FeatureSettings.AllowRegistration;
if (!allowRegistration)
{
NavigationManager.NavigateTo("/account/login?error=RegistrationDisabled", replace: true);
}
}
private async Task HandleRegister()
{
_isSubmitting = true;
_errorMessage = null;
try
{
var regResult = await IdentityService.RegisterAsync(_registerModel.Email, _registerModel.Password);
if (regResult.IsSuccess)
{
var loginResult = await IdentityService.LoginAsync(_registerModel.Email, _registerModel.Password);
if (loginResult.IsSuccess)
{
// Trigger hidden form submission via robust JS helper to perform cookie-based sign-in
await JS.InvokeVoidAsync("nexusAuth.submitLoginForm", "nexusLoginForm", _registerModel.Email, _registerModel.Password, false);
}
else
{
NavigationManager.NavigateTo("/account/login");
}
}
else
{
_errorMessage = regResult.Errors.FirstOrDefault()?.Message ?? "Rejestracja nie powiodła się.";
}
}
catch (Exception)
{
_errorMessage = "Wystąpił błąd podczas rejestracji.";
}
finally
{
_isSubmitting = false;
}
}
public class RegisterModel
{
[System.ComponentModel.DataAnnotations.Required(ErrorMessage = "E-mail jest wymagany")]
[System.ComponentModel.DataAnnotations.EmailAddress(ErrorMessage = "Nieprawidłowy e-mail")]
public string Email { get; set; } = string.Empty;
[System.ComponentModel.DataAnnotations.Required(ErrorMessage = "Hasło jest wymagane")]
[System.ComponentModel.DataAnnotations.MinLength(8, ErrorMessage = "Minimum 8 znaków")]
public string Password { get; set; } = string.Empty;
[System.ComponentModel.DataAnnotations.Compare(nameof(Password), ErrorMessage = "Hasła nie są identyczne")]
public string ConfirmPassword { get; set; } = string.Empty;
}
}