giteaadmin/Tau.Acuvim
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e2cbb83397
Tau.Acuvim/portal/.env.example
Diseri Pearson e2cbb83397 Portal: Client Dashboard, Measurements page, Excel exports, Grafana auth, RLS 
A bundle of related portal work — picked up while ensuring per-customer
isolation actually works end-to-end and replacing the placeholder Client
landing page. Build green, full test suite 66/66.

Frontend — Client surface
- DashboardPage: replace placeholder with 4 KPI cards (kWh, current kW,
  active devices, estimated cost), 24h active-power ECharts mini-chart,
  per-device "today/range" table, and a date-range picker with shortcuts
  (Today / 7d / 30d / This month / Custom). 30s auto-refresh.
- New Measurements page (/measurements, Client mode, any authenticated
  user) with multi-select device filter, full date range incl. an
  "All time" shortcut, server-paginated preview, and Excel export.
- "Export to Excel" buttons on: Client Dashboard summary, Client Dashboard
  raw measurements, Admin fleet dashboard, Admin customer-detail Cost tab.
- DashboardsPage sidebar items: let the menu item grow and reset
  line-height so the two-line title+description doesn't crush.

Frontend — Admin / user mgmt
- RestrictedAdmin role: admin who only sees their assigned customers.
  New UserFormDrawer choice + CustomerAccessModal for granting/revoking
  per-customer access; surfaced from the Users page.

Backend
- ClosedXML 0.104.2 + ExcelExportService (pure formatter; frozen header,
  currency/kWh/kW/date number formats, AdjustToContents).
- DashboardSummaryService computes per-device totals + estimated cost
  (hourly bucketing × site's municipality's active tariff, mirroring
  FleetCostService for the Admin side).
- New endpoints:
    GET  /api/dashboard/summary[+/export.xlsx]
    GET  /api/measurements/raw[+/export.xlsx]   (deviceIds, paginated)
    GET  /api/sites/devices                     (flat list w/ site name)
    GET  /api/fleet/dashboard/export.xlsx
    GET  /api/fleet/customers/{id}/cost/export.xlsx
    GET  /api/auth/check                        (cookie-only liveness)
- AdminCustomerAccess: per-user customer scoping for RestrictedAdmin via
  Postgres-row-level filter — RlsContext (per-DI-scope state) +
  CustomerFilterMiddleware (populates from claims after auth) +
  fleet.* DbSets gain HasQueryFilter expressions. Bootstrappers
  Elevate() to bypass the filter for trusted system code.
- Migration: 20260518095759_AddAdminCustomerAccess (mapping table,
  composite PK on UserId+CustomerId).

Infra / templating (the "spin it up via the template" piece)
- docker-compose.prod.yml + docker-compose.yml: pass WhiteLabel__*,
  Application__RunMode, FleetIngest__* through to the container as
  ${VAR:-default} substitutions. Previously these were silently dropped
  in prod — a customer's .env settings for branding/fleet-push never
  reached the running process. Latent bug, fixed.
- docker-compose.prod.yml: forwardAuth middleware labels on the
  Grafana router pointing at /api/auth/check. Option (a) from the
  README's three prod-auth modes — every Grafana request now gates on
  a valid portal cookie. Anonymous stays off.
- .env.example rewritten with a Client section, optional FleetIngest
  block, and an Admin variant block — annotated on what's required vs.
  optional and where the seed-only-on-first-boot caveat applies.
- README "Grafana embedding" table: option (a) now marked active with
  an inline note on how to switch modes later.
- OPERATIONS.md step 3 includes the white-label pre-brand .env snippet;
  step 4 (formerly "decide Grafana auth mode") updated to reflect
  that auth is wired by default.

Tests
- New BrandingSeedFromOptionsTests (5 tests) pins the env-var → IOptions
  → DB seed contract: first read seeds from options; subsequent reads
  return the DB row (UI edits survive restarts); EnsureSeededAsync is
  idempotent; UpdateAsync falls back to options for blanked fields.
- CustomerTokenGraceTests helper: pass the new RlsContext to
  AdminDbContext (SetAll() so existing semantics hold).

Verified end-to-end
- Real Docker spin-up with WhiteLabel__* in a throwaway .env →
  /api/branding returned all six fields verbatim (ApplicationName,
  LogoUrl, three colors, FooterText).
- curl login → /api/dashboard/summary returned valid JSON →
  /api/dashboard/summary/export.xlsx returned a 6.9 KB file the
  `file` command identifies as "Microsoft Excel 2007+".
- /api/measurements/raw with and without deviceIds filter returned
  correct paginated rows; /export.xlsx with filter produced a valid
  7.1 KB xlsx with the meter count in the filename.
- Frontend tsc -b clean; backend dotnet build 0/0; xunit 66/66.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-19 09:15:44 +02:00

80 lines
4.7 KiB
Plaintext
Raw Blame History

# Copy to .env for docker compose use.
# DO NOT commit .env (it carries secrets).
#
# This file documents BOTH the Client (per-customer) and Admin (fleet
# aggregator) configurations. For a customer stack: leave Application__RunMode
# at Client and ignore the Admin section. For the Admin stack: flip
# Application__RunMode=Admin, point Database__ConnectionString at the central
# fleet DB, and ignore the FleetIngest section.
# ── Common ───────────────────────────────────────────────────────────────
# Compose project + container prefix. MUST be lowercase (Docker Compose v2 requirement).
# For a customer ID like ABC0001, set the project name to its lowercase form: abc0001.
# Containers come out as abc0001_portal / abc0001_grafana / abc0001_timescale.
# For the Admin stack a conventional name is `admin`.
COMPOSE_PROJECT_NAME=portal-dev
# Production-only: public hostname Traefik routes to this stack.
# Required by docker-compose.prod.yml. Ignored by the dev compose.
CUSTOMER_HOST=abc0001.portal.example.com
# RunMode: Client (default, per-customer) or Admin (fleet aggregator).
# Single binary, config-selected; see portal/docs/FLEET-DESIGN.md.
Application__RunMode=Client
# ── Database ─────────────────────────────────────────────────────────────
# For Client stacks: each customer has its own POSTGRES_PASSWORD — do NOT reuse
# across customers. For the Admin stack, this points at admin_fleet (separate DB).
POSTGRES_DB=power_monitoring
POSTGRES_USER=power_user
POSTGRES_PASSWORD=change_me_for_local_only
# ── Portal authentication ────────────────────────────────────────────────
# DefaultAdmin* seeds the first-ever account; ignored once any account with that
# email exists. In Production the password MUST be changed or the app refuses
# to start. Use `openssl rand -base64 32` to generate.
Authentication__DefaultAdminEmail=admin@example.com
Authentication__DefaultAdminPassword=ChangeMe123!
# ── Grafana ──────────────────────────────────────────────────────────────
GRAFANA_ADMIN_PASSWORD=admin
# Path prefix Grafana is mounted at behind Traefik. Same-origin embed in the SPA.
Grafana__EmbedPathPrefix=/grafana
# Prod auth is option (a) Traefik forwardAuth → portal /api/auth/check, wired
# via labels in docker-compose.prod.yml. Nothing to set here.
# ── White-label (seed values applied only on first boot) ────────────────
# These pre-brand a fresh stack so the customer admin never sees the generic
# template on their first sign-in. After the first boot the row in the
# customer's DB is authoritative; changing these env vars + restarting does
# NOT re-apply them. To restyle later, use Settings → Branding in the UI.
# Leave any blank to fall back to the template default (appsettings.template.json).
# WhiteLabel__ApplicationName=ACME Power
# WhiteLabel__PrimaryColor=#0c4a6e
# WhiteLabel__SecondaryColor=#0e7490
# WhiteLabel__AccentColor=#06b6d4
# WhiteLabel__FooterText=© ACME Power 2026
# Logo upload is via Settings → Branding; URL form below is only useful if you
# host the logo externally and don't want to upload it.
# WhiteLabel__LogoUrl=https://cdn.example.com/acme/logo.png
# ── Fleet ingest (Client mode only — push to an Admin stack) ────────────
# Enable per-customer AFTER registering them on the Admin Customers page; the
# token is shown once at creation. URL + Token are REQUIRED when Enabled=true
# (RunModeGuards refuses startup otherwise).
# FleetIngest__Enabled=true
# FleetIngest__Url=https://admin.portal.example.com/api/fleet/ingest
# FleetIngest__Token=
# FleetIngest__IntervalSeconds=60
# FleetIngest__BatchSize=5000
# FleetIngest__BatchMaxBytes=1048576
# ── Admin stack only ─────────────────────────────────────────────────────
# When Application__RunMode=Admin:
# - Database__ConnectionString MUST be set (no autoprovision for Admin).
# - Ignore the FleetIngest__* and WhiteLabel__* sections above unless you
# want to brand the Admin operator console differently from customer stacks.
# Example:
# Application__RunMode=Admin
# Database__ConnectionString=Host=timescaledb;Port=5432;Database=admin_fleet;Username=power_user;Password=<secret>
Reference in New Issue View Git Blame Copy Permalink