mirror of
https://github.com/azaion/admin.git
synced 2026-06-21 10:21:10 +00:00
refactor: remove deploy.cmd and update Dockerfile for health checks
- Deleted the deploy.cmd script as it was no longer needed. - Updated Dockerfile to include curl for health checks and added a non-root user for improved security. - Modified health check command to use curl for better reliability. - Adjusted docker-compose.test.yml to reflect changes in health check configuration. - Cleaned up appsettings.json and removed unused configuration properties. - Removed Resource entity and related requests from the codebase as part of the architectural shift. - Updated documentation to reflect the removal of hardware binding and related endpoints. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
@@ -16,7 +16,7 @@
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="LazyCache.AspNetCore" Version="2.4.0" />
|
||||
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
|
||||
<PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
|
||||
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.1.2" />
|
||||
</ItemGroup>
|
||||
|
||||
|
||||
@@ -1,140 +0,0 @@
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using Azaion.Common.Configs;
|
||||
using Azaion.Common.Database;
|
||||
using Azaion.Common.Entities;
|
||||
using Azaion.Common.Requests;
|
||||
using LinqToDB;
|
||||
using Microsoft.Extensions.Options;
|
||||
|
||||
namespace Azaion.Services;
|
||||
|
||||
public interface IResourceUpdateService
|
||||
{
|
||||
Task<List<ResourceUpdateItem>> GetUpdate(GetUpdateRequest request, CancellationToken ct = default);
|
||||
Task Publish(PublishResourceRequest request, CancellationToken ct = default);
|
||||
}
|
||||
|
||||
public class ResourceUpdateService(
|
||||
IDbFactory dbFactory,
|
||||
ICache cache,
|
||||
IOptions<ResourcesConfig> resourcesConfig) : IResourceUpdateService
|
||||
{
|
||||
public static string CacheKey(string architecture, string devStage)
|
||||
=> $"Resources.Latest.{architecture}.{devStage}";
|
||||
|
||||
public async Task<List<ResourceUpdateItem>> GetUpdate(GetUpdateRequest request, CancellationToken ct = default)
|
||||
{
|
||||
var latest = await cache.GetFromCacheAsync(
|
||||
CacheKey(request.Architecture, request.DevStage),
|
||||
() => LoadLatest(request.Architecture, request.DevStage, ct));
|
||||
|
||||
var updates = new List<ResourceUpdateItem>();
|
||||
foreach (var (resourceName, resource) in latest)
|
||||
{
|
||||
var currentVersion = request.CurrentVersions.GetValueOrDefault(resourceName, "");
|
||||
if (string.CompareOrdinal(resource.Version, currentVersion) <= 0)
|
||||
continue;
|
||||
|
||||
updates.Add(new ResourceUpdateItem
|
||||
{
|
||||
ResourceName = resource.ResourceName,
|
||||
Version = resource.Version,
|
||||
CdnUrl = resource.CdnUrl,
|
||||
Sha256 = resource.Sha256,
|
||||
EncryptionKey = ResourceColumnEncryption.Decrypt(resource.EncryptionKey, MasterKey),
|
||||
SizeBytes = resource.SizeBytes
|
||||
});
|
||||
}
|
||||
return updates;
|
||||
}
|
||||
|
||||
public async Task Publish(PublishResourceRequest request, CancellationToken ct = default)
|
||||
{
|
||||
await dbFactory.RunAdmin(async db =>
|
||||
{
|
||||
await db.InsertAsync(new Resource
|
||||
{
|
||||
Id = Guid.NewGuid(),
|
||||
ResourceName = request.ResourceName,
|
||||
DevStage = request.DevStage,
|
||||
Architecture = request.Architecture,
|
||||
Version = request.Version,
|
||||
CdnUrl = request.CdnUrl,
|
||||
Sha256 = request.Sha256,
|
||||
EncryptionKey = ResourceColumnEncryption.Encrypt(request.EncryptionKey, MasterKey),
|
||||
SizeBytes = request.SizeBytes,
|
||||
CreatedAt = DateTime.UtcNow
|
||||
}, token: ct);
|
||||
});
|
||||
cache.Invalidate(CacheKey(request.Architecture, request.DevStage));
|
||||
}
|
||||
|
||||
private async Task<Dictionary<string, Resource>> LoadLatest(string architecture, string devStage, CancellationToken ct) =>
|
||||
await dbFactory.Run(async db =>
|
||||
{
|
||||
var rows = await db.Resources
|
||||
.Where(r => r.Architecture == architecture && r.DevStage == devStage)
|
||||
.ToListAsync(token: ct);
|
||||
|
||||
return rows
|
||||
.GroupBy(r => r.ResourceName)
|
||||
.Select(g => g.OrderByDescending(r => r.Version, StringComparer.Ordinal).First())
|
||||
.ToDictionary(r => r.ResourceName);
|
||||
});
|
||||
|
||||
private string MasterKey
|
||||
{
|
||||
get
|
||||
{
|
||||
var key = resourcesConfig.Value.EncryptionMasterKey;
|
||||
if (string.IsNullOrEmpty(key))
|
||||
throw new InvalidOperationException(
|
||||
"ResourcesConfig.EncryptionMasterKey is not configured. Set it via " +
|
||||
"appsettings ResourcesConfig:EncryptionMasterKey or env ResourcesConfig__EncryptionMasterKey.");
|
||||
return key;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
internal static class ResourceColumnEncryption
|
||||
{
|
||||
public static string Encrypt(string plaintext, string masterKey)
|
||||
{
|
||||
using var aes = Aes.Create();
|
||||
aes.Mode = CipherMode.CBC;
|
||||
aes.Padding = PaddingMode.PKCS7;
|
||||
aes.Key = SHA256.HashData(Encoding.UTF8.GetBytes(masterKey));
|
||||
aes.GenerateIV();
|
||||
|
||||
var input = Encoding.UTF8.GetBytes(plaintext);
|
||||
using var encryptor = aes.CreateEncryptor();
|
||||
var cipher = encryptor.TransformFinalBlock(input, 0, input.Length);
|
||||
|
||||
var combined = new byte[aes.IV.Length + cipher.Length];
|
||||
Buffer.BlockCopy(aes.IV, 0, combined, 0, aes.IV.Length);
|
||||
Buffer.BlockCopy(cipher, 0, combined, aes.IV.Length, cipher.Length);
|
||||
return Convert.ToBase64String(combined);
|
||||
}
|
||||
|
||||
public static string Decrypt(string ciphertextBase64, string masterKey)
|
||||
{
|
||||
var combined = Convert.FromBase64String(ciphertextBase64);
|
||||
using var aes = Aes.Create();
|
||||
aes.Mode = CipherMode.CBC;
|
||||
aes.Padding = PaddingMode.PKCS7;
|
||||
aes.Key = SHA256.HashData(Encoding.UTF8.GetBytes(masterKey));
|
||||
|
||||
var ivLen = aes.BlockSize / 8;
|
||||
var iv = new byte[ivLen];
|
||||
Buffer.BlockCopy(combined, 0, iv, 0, ivLen);
|
||||
aes.IV = iv;
|
||||
|
||||
var cipher = new byte[combined.Length - ivLen];
|
||||
Buffer.BlockCopy(combined, ivLen, cipher, 0, cipher.Length);
|
||||
|
||||
using var decryptor = aes.CreateDecryptor();
|
||||
var plain = decryptor.TransformFinalBlock(cipher, 0, cipher.Length);
|
||||
return Encoding.UTF8.GetString(plain);
|
||||
}
|
||||
}
|
||||
@@ -5,6 +5,7 @@ using Azaion.Common.Entities;
|
||||
using Azaion.Common.Extensions;
|
||||
using Azaion.Common.Requests;
|
||||
using LinqToDB;
|
||||
using Npgsql;
|
||||
|
||||
namespace Azaion.Services;
|
||||
|
||||
@@ -31,27 +32,49 @@ public class UserService(IDbFactory dbFactory, ICache cache) : IUserService
|
||||
|
||||
public async Task RegisterUser(RegisterUserRequest request, CancellationToken ct = default)
|
||||
{
|
||||
await dbFactory.RunAdmin(async db =>
|
||||
try
|
||||
{
|
||||
var existingUser = await db.Users.FirstOrDefaultAsync(u => u.Email == request.Email, token: ct);
|
||||
if (existingUser != null)
|
||||
throw new BusinessException(ExceptionEnum.EmailExists);
|
||||
|
||||
await db.InsertAsync(new User
|
||||
await dbFactory.RunAdmin(async db =>
|
||||
{
|
||||
Id = Guid.NewGuid(),
|
||||
Email = request.Email,
|
||||
PasswordHash = request.Password.ToHash(),
|
||||
Role = request.Role,
|
||||
CreatedAt = DateTime.UtcNow,
|
||||
IsEnabled = true
|
||||
}, token: ct);
|
||||
});
|
||||
await db.InsertAsync(new User
|
||||
{
|
||||
Id = Guid.NewGuid(),
|
||||
Email = request.Email,
|
||||
PasswordHash = request.Password.ToHash(),
|
||||
Role = request.Role,
|
||||
CreatedAt = DateTime.UtcNow,
|
||||
IsEnabled = true
|
||||
}, token: ct);
|
||||
});
|
||||
}
|
||||
catch (PostgresException ex) when (ex.SqlState == PostgresErrorCodes.UniqueViolation)
|
||||
{
|
||||
throw new BusinessException(ExceptionEnum.EmailExists);
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<RegisterDeviceResponse> RegisterDevice(CancellationToken ct = default)
|
||||
{
|
||||
return await dbFactory.RunAdmin(async db =>
|
||||
var (serial, email) = await NextDeviceIdentity(ct);
|
||||
var password = Convert.ToHexString(RandomNumberGenerator.GetBytes(DevicePasswordBytes)).ToLowerInvariant();
|
||||
|
||||
await RegisterUser(new RegisterUserRequest
|
||||
{
|
||||
Email = email,
|
||||
Password = password,
|
||||
Role = RoleEnum.CompanionPC
|
||||
}, ct);
|
||||
|
||||
return new RegisterDeviceResponse
|
||||
{
|
||||
Serial = serial,
|
||||
Email = email,
|
||||
Password = password
|
||||
};
|
||||
}
|
||||
|
||||
private async Task<(string Serial, string Email)> NextDeviceIdentity(CancellationToken ct) =>
|
||||
await dbFactory.Run(async db =>
|
||||
{
|
||||
var lastEmail = await db.Users
|
||||
.Where(u => u.Role == RoleEnum.CompanionPC)
|
||||
@@ -67,28 +90,10 @@ public class UserService(IDbFactory dbFactory, ICache cache) : IUserService
|
||||
nextNumber = current + 1;
|
||||
}
|
||||
|
||||
var serial = $"{DeviceEmailPrefix}{nextNumber.ToString($"D{SerialNumberLength}")}";
|
||||
var email = $"{serial}{DeviceEmailDomain}";
|
||||
var password = Convert.ToHexString(RandomNumberGenerator.GetBytes(DevicePasswordBytes)).ToLowerInvariant();
|
||||
|
||||
await db.InsertAsync(new User
|
||||
{
|
||||
Id = Guid.NewGuid(),
|
||||
Email = email,
|
||||
PasswordHash = password.ToHash(),
|
||||
Role = RoleEnum.CompanionPC,
|
||||
CreatedAt = DateTime.UtcNow,
|
||||
IsEnabled = true
|
||||
}, token: ct);
|
||||
|
||||
return new RegisterDeviceResponse
|
||||
{
|
||||
Serial = serial,
|
||||
Email = email,
|
||||
Password = password
|
||||
};
|
||||
var serial = $"{DeviceEmailPrefix}{nextNumber.ToString($"D{SerialNumberLength}")}";
|
||||
var email = $"{serial}{DeviceEmailDomain}";
|
||||
return (serial, email);
|
||||
});
|
||||
}
|
||||
|
||||
public async Task<User?> GetByEmail(string? email, CancellationToken ct = default)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user