711822f5de
This PR provides critical stabilization, memory leak resolution, and security enhancements for the NexusReader application, specifically focusing on Blazor InteractiveAuto lifecycle safety, thread-safe automated authentication token refresh, and deduplication of active AI service queries. ### Key Enhancements #### 1. Security & Lifecycle Stabilization (`AuthenticationHeaderHandler.cs` & `Library.razor`) * **Secure Token Propagation (CWE-200)**: Modified the outbound delegating handler to only append JWT Bearer headers to trusted base origin requests matching the application's configured `NavigationManager.BaseUri`, preventing potential token leakage to external services. * **Captive Dependency & Memory Leak Fix (CWE-400)**: Avoided capturing scoped dependencies in a singleton handler by wrapping the resolution of `IIdentityService` inside a dedicated, disposable `IServiceProvider` scope (`_serviceProvider.CreateScope()`). * **Thread-Safe Automated Refresh**: Embedded a `SemaphoreSlim` lock around the automated `RefreshTokenAsync` renewal sequence to handle concurrent API requests gracefully without triggering duplicate token refresh attempts. * **Pre-rendering Safety**: Deferred the secure book loading query in `Library.razor` from `OnInitializedAsync` to client-side `OnAfterRenderAsync(firstRender: true)` to avoid inevitable `401 Unauthorized` responses and logs during the server pre-rendering phase. #### 2. Robust AI Request Deduplication (`KnowledgeService.cs`) * **State Recovery Guards**: Enhanced the thread-safe `Lazy<Task<Result<KnowledgePacket>>>` deduplication map by adding thorough failure handling blocks. Active requests are guaranteed to be cleaned up (`TryRemove`) inside `finally` and failed results pathways, ensuring future retries can run immediately if an initial request encounters an error. #### 3. Idempotent AI UI Fetching & JSRuntime Guards * **Interactive Guards**: Added an `_isInteractive` check to `GroundednessBadge.razor` and `AiAssistantBubble.razor` components, deferring WebAssembly API executions and DOM updates to client-side `OnAfterRenderAsync`. * **State Synchronization**: Integrated a synchronous `OnParametersSet` to properly reset groundedness badges when content changes. * **Flicker Elimination**: Moved JSRuntime local-storage checks in `Home.razor` (for focus mode preferences) to `OnAfterRenderAsync(firstRender: true)`, resolving startup JSInterop exceptions and eliminating layout shifts. ### Verification Performed * Mandatory build gate verified: `Kompilacja powiodła się.` with zero compile errors (`dotnet build NexusReader.slnx --no-restore`). * Validated dependency resolution patterns and async safety (no `async void`). --------- Co-authored-by: Marek Jasiński <jasins.marek@gmail.com> Reviewed-on: #45 Reviewed-by: Marek Jaisński <jasins.marek@gmail.com> Co-authored-by: Antigravity <antigravity@google.com> Co-committed-by: Antigravity <antigravity@google.com>
117 lines
3.9 KiB
Plaintext
117 lines
3.9 KiB
Plaintext
@page "/reader"
|
|
@page "/reader/{BookId:guid}"
|
|
@layout ReaderLayout
|
|
@attribute [Authorize]
|
|
@using NexusReader.UI.Shared.Services
|
|
@implements IAsyncDisposable
|
|
@inject IQuizStateService QuizState
|
|
@inject IFocusModeService FocusMode
|
|
@inject IJSRuntime JS
|
|
@inject NavigationManager NavManager
|
|
@inject IReaderNavigationService NavService
|
|
@inject IIdentityService IdentityService
|
|
<PageTitle>Nexus E-Reader</PageTitle>
|
|
|
|
<div class="home-reader-container">
|
|
<ReaderCanvas @ref="readerCanvas" />
|
|
</div>
|
|
|
|
|
|
@code {
|
|
[Parameter] public Guid? BookId { get; set; }
|
|
|
|
private ReaderCanvas? readerCanvas;
|
|
private string? _activeQuizBlockId;
|
|
|
|
private IJSObjectReference? _interopModule;
|
|
private IJSObjectReference? _keydownHandler;
|
|
private DotNetObjectReference<Home>? _dotNetRef;
|
|
|
|
protected override void OnInitialized()
|
|
{
|
|
QuizState.OnQuizRequested += HandleQuizRequestedAsync;
|
|
FocusMode.OnFocusModeChanged += HandleUpdate;
|
|
}
|
|
|
|
protected override async Task OnParametersSetAsync()
|
|
{
|
|
var uri = NavManager.ToAbsoluteUri(NavManager.Uri);
|
|
int chapterIndex = 0;
|
|
if (Microsoft.AspNetCore.WebUtilities.QueryHelpers.ParseQuery(uri.Query).TryGetValue("chapter", out var chapterValue))
|
|
{
|
|
int.TryParse(chapterValue, out chapterIndex);
|
|
}
|
|
|
|
if (BookId.HasValue && BookId.Value != Guid.Empty)
|
|
{
|
|
if (NavService.CurrentEbookId != BookId.Value || NavService.CurrentChapterIndex != chapterIndex)
|
|
{
|
|
NavService.SetBook(BookId.Value, chapterIndex);
|
|
}
|
|
}
|
|
else if (NavService.CurrentEbookId == Guid.Empty)
|
|
{
|
|
// If no BookId in URL and no book currently selected, try to load last read book
|
|
var profileResult = await IdentityService.GetProfileAsync();
|
|
if (profileResult.IsSuccess && profileResult.Value.LastReadBook != null)
|
|
{
|
|
NavService.SetBook(profileResult.Value.LastReadBook.Id, chapterIndex > 0 ? chapterIndex : profileResult.Value.LastReadBook.LastChapterIndex);
|
|
}
|
|
}
|
|
}
|
|
|
|
protected override async Task OnAfterRenderAsync(bool firstRender)
|
|
{
|
|
if (firstRender)
|
|
{
|
|
await FocusMode.InitializeAsync();
|
|
try {
|
|
_interopModule = await JS.InvokeAsync<IJSObjectReference>("import", "./_content/NexusReader.UI.Shared/js/focusInterop.js");
|
|
_dotNetRef = DotNetObjectReference.Create(this);
|
|
_keydownHandler = await _interopModule.InvokeAsync<IJSObjectReference>("attachKeyboardListener", _dotNetRef);
|
|
} catch { } /* ignored dynamically */
|
|
StateHasChanged();
|
|
}
|
|
}
|
|
|
|
[JSInvokable]
|
|
public async Task OnFocusKeypressed()
|
|
{
|
|
await FocusMode.ToggleAsync();
|
|
StateHasChanged();
|
|
}
|
|
|
|
private async Task HandleNodeSelected(string nodeId)
|
|
{
|
|
if (readerCanvas != null)
|
|
{
|
|
await readerCanvas.ScrollToNodeAsync(nodeId);
|
|
}
|
|
}
|
|
|
|
private async Task HandleQuizRequestedAsync(string blockId)
|
|
{
|
|
_activeQuizBlockId = blockId;
|
|
await InvokeAsync(StateHasChanged);
|
|
}
|
|
|
|
private Task HandleUpdate() => InvokeAsync(StateHasChanged);
|
|
|
|
public async ValueTask DisposeAsync()
|
|
{
|
|
QuizState.OnQuizRequested -= HandleQuizRequestedAsync;
|
|
FocusMode.OnFocusModeChanged -= HandleUpdate;
|
|
|
|
if (_interopModule != null && _keydownHandler != null)
|
|
{
|
|
try {
|
|
await _interopModule.InvokeVoidAsync("detachKeyboardListener", _keydownHandler);
|
|
await _interopModule.DisposeAsync();
|
|
await _keydownHandler.DisposeAsync();
|
|
} catch { } // Circuit disconnected catch explicitly
|
|
}
|
|
|
|
_dotNetRef?.Dispose();
|
|
}
|
|
}
|