ClarityStack/Clarity
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OPC # 0001: Extract Clarity into standalone repo

Browse Source
This commit is contained in:
amadzarak
2026-04-25 17:26:35 -04:00
commit 60821e219c
65 changed files with 10203 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.dockerignore
+12
View File
@@ -0,0 +1,12 @@
**/.vs
**/.git
**/.idea
**/bin
**/obj
**/node_modules
**/.env
**/npm-debug.log
**/.dockerignore
**/Dockerfile*
**/docker-compose*
ClientAssets/
.gitignore
+366
View File
@@ -0,0 +1,366 @@
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
##
## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
# User-specific files
*.rsuser
*.suo
*.user
*.userosscache
*.sln.docstates
# User-specific files (MonoDevelop/Xamarin Studio)
*.userprefs
# Mono auto generated files
mono_crash.*
# Build results
[Dd]ebug/
[Dd]ebugPublic/
[Rr]elease/
[Rr]eleases/
x64/
x86/
[Ww][Ii][Nn]32/
[Aa][Rr][Mm]/
[Aa][Rr][Mm]64/
bld/
[Bb]in/
[Oo]bj/
[Oo]ut/
[Ll]og/
[Ll]ogs/
# Visual Studio 2015/2017 cache/options directory
.vs/
# Uncomment if you have tasks that create the project's static files in wwwroot
#wwwroot/
# Visual Studio 2017 auto generated files
Generated\ Files/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
# NUnit
*.VisualState.xml
TestResult.xml
nunit-*.xml
# Build Results of an ATL Project
[Dd]ebugPS/
[Rr]eleasePS/
dlldata.c
# Benchmark Results
BenchmarkDotNet.Artifacts/
# .NET Core
project.lock.json
project.fragment.lock.json
artifacts/
# ASP.NET Scaffolding
ScaffoldingReadMe.txt
# StyleCop
StyleCopReport.xml
# Files built by Visual Studio
*_i.c
*_p.c
*_h.h
*.ilk
*.meta
*.obj
*.iobj
*.pch
*.pdb
*.ipdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*_wpftmp.csproj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.svclog
*.scc
# Chutzpah Test files
_Chutzpah*
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opendb
*.opensdf
*.sdf
*.cachefile
*.VC.db
*.VC.VC.opendb
# Visual Studio profiler
*.psess
*.vsp
*.vspx
*.sap
# Visual Studio Trace Files
*.e2e
# TFS 2012 Local Workspace
$tf/
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
*.DotSettings.user
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# AxoCover is a Code Coverage Tool
.axoCover/*
!.axoCover/settings.json
# Coverlet is a free, cross platform Code Coverage Tool
coverage*.json
coverage*.xml
coverage*.info
# Visual Studio code coverage results
*.coverage
*.coveragexml
# NCrunch
_NCrunch_*
.*crunch*.local.xml
nCrunchTemp_*
# MightyMoose
*.mm.*
AutoTest.Net/
# Web workbench (sass)
.sass-cache/
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
# Note: Comment the next line if you want to checkin your web deploy settings,
# but database connection strings (with potential passwords) will be unencrypted
*.pubxml
*.publishproj
# Microsoft Azure Web App publish settings. Comment the next line if you want to
# checkin your Azure Web App publish settings, but sensitive information contained
# in these scripts will be unencrypted
PublishScripts/
# NuGet Packages
*.nupkg
# NuGet Symbol Packages
*.snupkg
# The packages folder can be ignored because of Package Restore
**/[Pp]ackages/*
# except build/, which is used as an MSBuild target.
!**/[Pp]ackages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/[Pp]ackages/repositories.config
# NuGet v3's project.json files produces more ignorable files
*.nuget.props
*.nuget.targets
# Microsoft Azure Build Output
csx/
*.build.csdef
# Microsoft Azure Emulator
ecf/
rcf/
# Windows Store app package directories and files
AppPackages/
BundleArtifacts/
Package.StoreAssociation.xml
_pkginfo.txt
*.appx
*.appxbundle
*.appxupload
# Visual Studio cache files
# files ending in .cache can be ignored
*.[Cc]ache
# but keep track of directories ending in .cache
!?*.[Cc]ache/
# Others
ClientBin/
~$*
*~
*.dbmdl
*.dbproj.schemaview
*.jfm
*.pfx
*.publishsettings
orleans.codegen.cs
# Including strong name files can present a security risk
# (https://github.com/github/gitignore/pull/2483#issue-259490424)
#*.snk
# Since there are multiple workflows, uncomment next line to ignore bower_components
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
#bower_components/
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file
# to a newer Visual Studio version. Backup files are not needed,
# because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
ServiceFabricBackup/
*.rptproj.bak
# SQL Server files
*.mdf
*.ldf
*.ndf
# Business Intelligence projects
*.rdl.data
*.bim.layout
*.bim_*.settings
*.rptproj.rsuser
*- [Bb]ackup.rdl
*- [Bb]ackup ([0-9]).rdl
*- [Bb]ackup ([0-9][0-9]).rdl
# Microsoft Fakes
FakesAssemblies/
# GhostDoc plugin setting file
*.GhostDoc.xml
# Node.js Tools for Visual Studio
.ntvs_analysis.dat
node_modules/
# Visual Studio 6 build log
*.plg
# Visual Studio 6 workspace options file
*.opt
# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
*.vbw
# Visual Studio LightSwitch build output
**/*.HTMLClient/GeneratedArtifacts
**/*.DesktopClient/GeneratedArtifacts
**/*.DesktopClient/ModelManifest.xml
**/*.Server/GeneratedArtifacts
**/*.Server/ModelManifest.xml
_Pvt_Extensions
# Paket dependency manager
.paket/paket.exe
paket-files/
# FAKE - F# Make
.fake/
# CodeRush personal settings
.cr/personal
# Python Tools for Visual Studio (PTVS)
__pycache__/
*.pyc
# Cake - Uncomment if you are using it
# tools/**
# !tools/packages.config
# Tabs Studio
*.tss
# Telerik's JustMock configuration file
*.jmconfig
# BizTalk build output
*.btp.cs
*.btm.cs
*.odx.cs
*.xsd.cs
# OpenCover UI analysis results
OpenCover/
# Azure Stream Analytics local run output
ASALocalRun/
# MSBuild Binary and Structured Log
*.binlog
# NVidia Nsight GPU debugger configuration file
*.nvuser
# MFractors (Xamarin productivity tool) working folder
.mfractor/
# Local History for Visual Studio
.localhistory/
# BeatPulse healthcheck temp database
healthchecksdb
# Backup folder for Package Reference Convert tool in Visual Studio 2017
MigrationBackup/
# Ionide (cross platform F# VS Code tools) working folder
.ionide/
# Fody - auto-generated XML schema
FodyWeavers.xsd
VaultData/
ClientAssets/
Clarity.AppHost/AppHost.cs
+80
View File
@@ -0,0 +1,80 @@
using Microsoft.Extensions.Hosting;
using Scalar.Aspire;
var builder = DistributedApplication.CreateBuilder(args);
#region MINIO
var minio = builder.AddMinioContainer("minio");
#endregion
#region REDIS
var cache = builder.AddRedis("cache");
#endregion
#region POSTGRESQL AND PGADMIN
var postgres = builder.AddPostgres("postgres")
.WithLifetime(ContainerLifetime.Persistent)
.WithHostPort(5432)
.WithPgAdmin();
var postgresdb = postgres.AddDatabase("postgresdb");
#endregion
#region KEYCLOAK
var keycloakDb = postgres.AddDatabase("authdb");
var keycloak = builder.AddKeycloak("keycloak", 8080)
.WithEnvironment(async ctx =>
{
var connString = await keycloakDb.Resource.ConnectionStringExpression.GetValueAsync(CancellationToken.None);
var conn = new Npgsql.NpgsqlConnectionStringBuilder(connString);
ctx.EnvironmentVariables["KC_DB"] = "postgres";
ctx.EnvironmentVariables["KC_DB_URL"] = $"jdbc:postgresql://postgres:5432/{keycloakDb.Resource.DatabaseName}";
ctx.EnvironmentVariables["KC_DB_USERNAME"] = conn.Username!;
ctx.EnvironmentVariables["KC_DB_PASSWORD"] = conn.Password!;
})
.WaitFor(keycloakDb)
.WithRealmImport("KeycloakConfig/");
#endregion
#region EFCORE MIGRATION WORKER
var migrations = builder.AddProject<Projects.Clarity_MigrationService>("clarity-migrationservice")
.WithReference(postgresdb)
.WaitFor(postgresdb);
#endregion
#region REST API
var server = builder.AddProject<Projects.Clarity_Server>("server")
.WaitFor(keycloak)
.WithReference(cache)
.WithReference(postgresdb)
.WaitFor(cache)
.WaitFor(postgresdb)
.WithReference(migrations)
.WithReference(minio)
.WaitForCompletion(migrations)
.WithHttpHealthCheck("/health")
.WithHttpEndpoint(port: 5416, name: "clarity-http")
.WithExternalHttpEndpoints();
#endregion
#region REACT
var webfrontend = builder.AddViteApp("webfrontend", "../frontend")
.WaitFor(keycloak)
.WithReference(server)
.WaitFor(server)
.WithEnvironment("VITE_KEYCLOAK_URL", keycloak.GetEndpoint("http"))
.WithEnvironment("VITE_KEYCLOAK_REALM", "clarity")
.WithEnvironment("VITE_KEYCLOAK_CLIENT_ID", "clarity-web-app");
server.PublishWithContainerFiles(webfrontend, "wwwroot");
#endregion
#region SCALAR API DOCS
var scalar = builder.AddScalarApiReference();
scalar
.WithApiReference(server);
// .WithApiReference(webfrontend);
#endregion
builder.Build().Run();
Clarity.AppHost/Clarity.AppHost.csproj
+30
View File
@@ -0,0 +1,30 @@
<Project Sdk="Aspire.AppHost.Sdk/13.2.2">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<UserSecretsId>a37b81ab-bcb8-4599-a049-4c21e1e4ff17</UserSecretsId>
</PropertyGroup>
<ItemGroup>
<ProjectReference Include="..\Clarity.MigrationService\Clarity.MigrationService.csproj" />
<ProjectReference Include="..\Clarity.Server\Clarity.Server.csproj" />
</ItemGroup>
<ItemGroup>
<PackageReference Include="Aspire.Hosting.JavaScript" />
<PackageReference Include="Aspire.Hosting.Keycloak" />
<PackageReference Include="Aspire.Hosting.PostgreSQL" />
<PackageReference Include="Aspire.Hosting.Redis" />
<PackageReference Include="CommunityToolkit.Aspire.Hosting.Minio" />
<PackageReference Include="Scalar.Aspire" />
</ItemGroup>
<ItemGroup>
<None Update="KeycloakConfig\realm-export.json">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</None>
</ItemGroup>
</Project>
Clarity.AppHost/KeycloakConfig/realm-export.json
+2753
View File
File diff suppressed because it is too large Load Diff
Clarity.AppHost/Properties/launchSettings.json
+31
View File
@@ -0,0 +1,31 @@
{
"$schema": "https://json.schemastore.org/launchsettings.json",
"profiles": {
"https": {
"commandName": "Project",
"dotnetRunMessages": true,
"launchBrowser": true,
"applicationUrl": "https://clarity.dev.localhost:17052;http://clarity.dev.localhost:15033",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development",
"DOTNET_ENVIRONMENT": "Development",
"ASPIRE_DASHBOARD_OTLP_ENDPOINT_URL": "https://localhost:21214",
"ASPIRE_DASHBOARD_MCP_ENDPOINT_URL": "https://localhost:23283",
"ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL": "https://localhost:22072"
}
},
"http": {
"commandName": "Project",
"dotnetRunMessages": true,
"launchBrowser": true,
"applicationUrl": "http://clarity.dev.localhost:15033",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development",
"DOTNET_ENVIRONMENT": "Development",
"ASPIRE_DASHBOARD_OTLP_ENDPOINT_URL": "http://localhost:19177",
"ASPIRE_DASHBOARD_MCP_ENDPOINT_URL": "http://localhost:18052",
"ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL": "http://localhost:20131"
}
}
}
}
Clarity.AppHost/appsettings.Development.json
+8
View File
@@ -0,0 +1,8 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
}
}
Clarity.AppHost/appsettings.json
+9
View File
@@ -0,0 +1,9 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning",
"Aspire.Hosting.Dcp": "Warning"
}
}
}
Clarity.MigrationService/Clarity.MigrationService.csproj
+21
View File
@@ -0,0 +1,21 @@
<Project Sdk="Microsoft.NET.Sdk.Worker">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
<UserSecretsId>dotnet-Clarity.MigrationService-bf435d60-c671-4bd2-bd5a-41edaf989137</UserSecretsId>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.EntityFrameworkCore" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" />
<PackageReference Include="Microsoft.Extensions.Hosting" />
<PackageReference Include="Aspire.Npgsql.EntityFrameworkCore.PostgreSQL" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\Clarity.Server\Clarity.Server.csproj" />
<ProjectReference Include="..\Clarity.ServiceDefaults\Clarity.ServiceDefaults.csproj" />
</ItemGroup>
</Project>
Clarity.MigrationService/Program.cs
+16
View File
@@ -0,0 +1,16 @@
using Clarity.MigrationService;
using Clarity.Server.Data;
using Microsoft.EntityFrameworkCore;
var builder = Host.CreateApplicationBuilder(args);
builder.AddServiceDefaults();
builder.Services.AddHostedService<Worker>();
var connectionString = builder.Configuration.GetConnectionString("postgresdb")
?? throw new InvalidOperationException("Connection string 'postgresdb' not found.");
builder.Services.AddDbContext<ApplicationDbContext>(options =>
options.UseNpgsql(connectionString));
var host = builder.Build();
host.Run();
Clarity.MigrationService/Properties/launchSettings.json
+12
View File
@@ -0,0 +1,12 @@
{
"$schema": "https://json.schemastore.org/launchsettings.json",
"profiles": {
"Clarity.MigrationService": {
"commandName": "Project",
"dotnetRunMessages": true,
"environmentVariables": {
"DOTNET_ENVIRONMENT": "Development"
}
}
}
}
Clarity.MigrationService/Worker.cs
+46
View File
@@ -0,0 +1,46 @@
using Clarity.Server.Data;
using Microsoft.EntityFrameworkCore;
using System.Diagnostics;
namespace Clarity.MigrationService;
public class Worker(
IServiceProvider serviceProvider,
IHostApplicationLifetime hostApplicationLifetime) : BackgroundService
{
public const string ActivitySourceName = "Migrations";
private static readonly ActivitySource s_activitySource = new(ActivitySourceName);
protected override async Task ExecuteAsync(
CancellationToken cancellationToken)
{
using var activity = s_activitySource.StartActivity(
"Migrating database", ActivityKind.Client);
try
{
using var scope = serviceProvider.CreateScope();
var dbContext = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
await RunMigrationAsync(dbContext, cancellationToken);
}
catch (Exception ex)
{
activity?.AddException(ex);
throw;
}
hostApplicationLifetime.StopApplication();
}
private static async Task RunMigrationAsync(
ApplicationDbContext dbContext, CancellationToken cancellationToken)
{
var strategy = dbContext.Database.CreateExecutionStrategy();
await strategy.ExecuteAsync(async () =>
{
// Run migration in a transaction to avoid partial migration if it fails.
await dbContext.Database.MigrateAsync(cancellationToken);
});
}
}
Clarity.MigrationService/appsettings.Development.json
+8
View File
@@ -0,0 +1,8 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.Hosting.Lifetime": "Information"
}
}
}
Clarity.MigrationService/appsettings.json
+8
View File
@@ -0,0 +1,8 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.Hosting.Lifetime": "Information"
}
}
}
Clarity.Server/Clarity.Server.csproj
+34
View File
@@ -0,0 +1,34 @@
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Aspire.Keycloak.Authentication" />
<PackageReference Include="Aspire.Npgsql.EntityFrameworkCore.PostgreSQL" />
<PackageReference Include="Aspire.StackExchange.Redis.OutputCaching" />
<PackageReference Include="CommunityToolkit.Aspire.Minio.Client" />
<PackageReference Include="Microsoft.AspNetCore.OpenApi" />
<PackageReference Include="Microsoft.EntityFrameworkCore" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Design">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
<PackageReference Include="Microsoft.Extensions.Http.Resilience" />
<PackageReference Include="Microsoft.Extensions.ServiceDiscovery" />
<PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" />
<PackageReference Include="OpenTelemetry.Extensions.Hosting" />
<PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" />
<PackageReference Include="OpenTelemetry.Instrumentation.Http" />
<PackageReference Include="OpenTelemetry.Instrumentation.Runtime" />
<PackageReference Include="Scalar.Aspire" />
<PackageReference Include="VaultSharp" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\Clarity.ServiceDefaults\Clarity.ServiceDefaults.csproj" />
</ItemGroup>
</Project>
Clarity.Server/Clarity.Server.http
+6
View File
@@ -0,0 +1,6 @@
@Server_HostAddress = http://localhost:5416
GET {{Server_HostAddress}}/api/weatherforecast/
Accept: application/json
###
Clarity.Server/Data/ApplicationDbContext.cs
+27
View File
@@ -0,0 +1,27 @@
using Clarity.Server.Entity;
using Microsoft.EntityFrameworkCore;
namespace Clarity.Server.Data
{
public class ApplicationDbContext : DbContext
{
public DbSet<Profile> Profiles => Set<Profile>();
public DbSet<SysParams> SysParams => Set<SysParams>();
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
: base(options)
{
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.Entity<Profile>(entity =>
{
entity.HasKey(p => p.Id);
entity.HasIndex(p => p.KeycloakSubject).IsUnique();
entity.Property(p => p.KeycloakSubject).IsRequired();
});
}
}
}
Clarity.Server/Data/ApplicationDbContextFactory.cs
+22
View File
@@ -0,0 +1,22 @@
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Design;
namespace Clarity.Server.Data;
public class ApplicationDbContextFactory : IDesignTimeDbContextFactory<ApplicationDbContext>
{
public ApplicationDbContext CreateDbContext(string[] args)
{
var configuration = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json", optional: false)
.AddJsonFile("appsettings.Development.json", optional: true)
.AddEnvironmentVariables()
.Build();
var optionsBuilder = new DbContextOptionsBuilder<ApplicationDbContext>();
optionsBuilder.UseNpgsql(configuration.GetConnectionString("postgresdb"));
return new ApplicationDbContext(optionsBuilder.Options);
}
}
Clarity.Server/Data/BlindIndexHelper.cs
+37
View File
@@ -0,0 +1,37 @@
using System.Security.Cryptography;
using System.Text;
namespace Clarity.Server.Data;
public static class BlindIndexHelper
{
// In a real environment, this "Pepper" comes from your TenantKeyProvider or Vault!
// It must NEVER change once records are written, or searches will break.
public static string Compute(string? input, byte[] staticPepper)
{
if (string.IsNullOrWhiteSpace(input)) return string.Empty;
// 1. Normalize (Remove dashes, spaces, make uppercase)
var normalized = input.Replace("-", "").Replace(" ", "").ToUpperInvariant();
// 2. Hash using HMAC-SHA256 and the static Pepper
using var hmac = new HMACSHA256(staticPepper);
var hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(normalized));
// 3. Return Base64 for database storage
return Convert.ToBase64String(hashBytes);
}
}
[AttributeUsage(AttributeTargets.Property)]
public class BlindIndexedAttribute : Attribute
{
public string TargetPropertyName { get; }
public BlindIndexedAttribute(string targetPropertyName)
{
TargetPropertyName = targetPropertyName;
}
}
Clarity.Server/Data/Migrations/20260424021033_InitialCreate.Designer.cs
Generated
+95
View File
@@ -0,0 +1,95 @@
// <auto-generated />
using System;
using Clarity.Server.Data;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Infrastructure;
using Microsoft.EntityFrameworkCore.Migrations;
using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace Clarity.Server.Data.Migrations
{
[DbContext(typeof(ApplicationDbContext))]
[Migration("20260424021033_InitialCreate")]
partial class InitialCreate
{
/// <inheritdoc />
protected override void BuildTargetModel(ModelBuilder modelBuilder)
{
#pragma warning disable 612, 618
modelBuilder
.HasAnnotation("ProductVersion", "10.0.6")
.HasAnnotation("Relational:MaxIdentifierLength", 63);
NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
modelBuilder.Entity("Clarity.Server.Data.SysParams", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("EncryptedKek")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.ToTable("SysParams");
});
modelBuilder.Entity("Clarity.Server.Entity.Profile", b =>
{
b.Property<Guid>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("uuid");
b.Property<DateTimeOffset>("CreatedAt")
.HasColumnType("timestamp with time zone");
b.Property<byte[]>("EncryptedDek")
.IsRequired()
.HasColumnType("bytea");
b.Property<string>("FirstName")
.IsRequired()
.HasColumnType("text");
b.Property<string>("KeycloakSubject")
.IsRequired()
.HasColumnType("text");
b.Property<string>("LastName")
.IsRequired()
.HasColumnType("text");
b.Property<string>("MiddleName")
.IsRequired()
.HasColumnType("text");
b.Property<bool>("OnboardingComplete")
.HasColumnType("boolean");
b.Property<string>("Ssn")
.IsRequired()
.HasColumnType("text");
b.Property<string>("Tenant")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.HasIndex("KeycloakSubject")
.IsUnique();
b.ToTable("Profiles");
});
#pragma warning restore 612, 618
}
}
}
Clarity.Server/Data/Migrations/20260424021033_InitialCreate.cs
+65
View File
@@ -0,0 +1,65 @@
using System;
using Microsoft.EntityFrameworkCore.Migrations;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace Clarity.Server.Data.Migrations
{
/// <inheritdoc />
public partial class InitialCreate : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateTable(
name: "Profiles",
columns: table => new
{
Id = table.Column<Guid>(type: "uuid", nullable: false),
KeycloakSubject = table.Column<string>(type: "text", nullable: false),
FirstName = table.Column<string>(type: "text", nullable: false),
MiddleName = table.Column<string>(type: "text", nullable: false),
LastName = table.Column<string>(type: "text", nullable: false),
Ssn = table.Column<string>(type: "text", nullable: false),
OnboardingComplete = table.Column<bool>(type: "boolean", nullable: false),
CreatedAt = table.Column<DateTimeOffset>(type: "timestamp with time zone", nullable: false),
EncryptedDek = table.Column<byte[]>(type: "bytea", nullable: false),
Tenant = table.Column<string>(type: "text", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_Profiles", x => x.Id);
});
migrationBuilder.CreateTable(
name: "SysParams",
columns: table => new
{
Id = table.Column<int>(type: "integer", nullable: false)
.Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
EncryptedKek = table.Column<string>(type: "text", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_SysParams", x => x.Id);
});
migrationBuilder.CreateIndex(
name: "IX_Profiles_KeycloakSubject",
table: "Profiles",
column: "KeycloakSubject",
unique: true);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropTable(
name: "Profiles");
migrationBuilder.DropTable(
name: "SysParams");
}
}
}
Clarity.Server/Data/Migrations/ApplicationDbContextModelSnapshot.cs
+92
View File
@@ -0,0 +1,92 @@
// <auto-generated />
using System;
using Clarity.Server.Data;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Infrastructure;
using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace Clarity.Server.Data.Migrations
{
[DbContext(typeof(ApplicationDbContext))]
partial class ApplicationDbContextModelSnapshot : ModelSnapshot
{
protected override void BuildModel(ModelBuilder modelBuilder)
{
#pragma warning disable 612, 618
modelBuilder
.HasAnnotation("ProductVersion", "10.0.6")
.HasAnnotation("Relational:MaxIdentifierLength", 63);
NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
modelBuilder.Entity("Clarity.Server.Data.SysParams", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("EncryptedKek")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.ToTable("SysParams");
});
modelBuilder.Entity("Clarity.Server.Entity.Profile", b =>
{
b.Property<Guid>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("uuid");
b.Property<DateTimeOffset>("CreatedAt")
.HasColumnType("timestamp with time zone");
b.Property<byte[]>("EncryptedDek")
.IsRequired()
.HasColumnType("bytea");
b.Property<string>("FirstName")
.IsRequired()
.HasColumnType("text");
b.Property<string>("KeycloakSubject")
.IsRequired()
.HasColumnType("text");
b.Property<string>("LastName")
.IsRequired()
.HasColumnType("text");
b.Property<string>("MiddleName")
.IsRequired()
.HasColumnType("text");
b.Property<bool>("OnboardingComplete")
.HasColumnType("boolean");
b.Property<string>("Ssn")
.IsRequired()
.HasColumnType("text");
b.Property<string>("Tenant")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.HasIndex("KeycloakSubject")
.IsUnique();
b.ToTable("Profiles");
});
#pragma warning restore 612, 618
}
}
}
Clarity.Server/Data/PIIEncryptInterceptor.cs
+272
View File
@@ -0,0 +1,272 @@
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Diagnostics;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json.Serialization;
using VaultSharp;
using VaultSharp.V1.SecretsEngines;
using VaultSharp.V1.SecretsEngines.Transit;
using VaultSharp.V1.Commons;
using System.Collections.Generic;
namespace Clarity.Server.Data;
public interface IPIIEntity
{
public byte[] EncryptedDek { get; set; }
public string Tenant { get; set; }
}
public interface IPIIVault
{
Task<(byte[] PlaintextKey, string CiphertextKey)> GenerateTenantKEKAsync(string tenantId);
Task<byte[]> DecryptTenantKEKAsync(string encryptedKek, string tenantId);
Task<string> RewrapTenantKEKAsync(string encryptedKek, string tenantId);
}
public class TenantKeyProvider
{
public byte[]? CurrentKey { get; private set; }
public void SetKey(byte[] key) => CurrentKey = key;
}
public class PIIVault : IPIIVault
{
private readonly IVaultClient _vaultClient;
private const string TransitPath = "clarity-transit";
private const string MasterKeyName = "master-key";
public PIIVault(IVaultClient vaultClient)
{
_vaultClient = vaultClient;
}
// https://github.com/rajanadar/VaultSharp/blob/master/test/VaultSharp.Samples/Backends/Secrets/TransitSecretsBackendSamples.cs
public async Task<(byte[] PlaintextKey, string CiphertextKey)> GenerateTenantKEKAsync(string tenantId)
{
var encodedContext = Convert.ToBase64String(Encoding.UTF8.GetBytes(tenantId));
var dataKeyOptions = new DataKeyRequestOptions
{
DataKeyType = TransitDataKeyType.plaintext,
Base64EncodedContext = encodedContext
};
Secret<DataKeyResponse> response = await _vaultClient.V1.Secrets.Transit.GenerateDataKeyAsync(
MasterKeyName,
dataKeyOptions,
TransitPath);
byte[] rawPlaintextBytes = Convert.FromBase64String(response.Data.Base64EncodedPlainText);
string ciphertext = response.Data.CipherText;
return (rawPlaintextBytes, ciphertext);
}
public async Task<byte[]> DecryptTenantKEKAsync(string encryptedKek, string tenantId)
{
var encodedContext = Convert.ToBase64String(Encoding.UTF8.GetBytes(tenantId));
var decryptOptions = new DecryptRequestOptions
{
CipherText = encryptedKek,
Base64EncodedContext = encodedContext
};
Secret<DecryptionResponse> response = await _vaultClient.V1.Secrets.Transit.DecryptAsync(
MasterKeyName,
decryptOptions,
TransitPath);
return Convert.FromBase64String(response.Data.Base64EncodedPlainText);
}
public async Task<string> RewrapTenantKEKAsync(string encryptedKek, string tenantId)
{
var encodedContext = Convert.ToBase64String(Encoding.UTF8.GetBytes(tenantId));
var rewrapOptions = new RewrapRequestOptions
{
CipherText = encryptedKek,
Base64EncodedContext = encodedContext
};
var response = await _vaultClient.V1.Secrets.Transit.RewrapAsync(
MasterKeyName,
rewrapOptions,
TransitPath);
return response.Data.CipherText;
}
}
public static class TenantSecurityExtensions
{
public static async Task InitializeTenantSecurityAsync(this WebApplication app)
{
using var scope = app.Services.CreateScope();
var db = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
var piiVault = scope.ServiceProvider.GetRequiredService<IPIIVault>();
var keyProvider = scope.ServiceProvider.GetRequiredService<TenantKeyProvider>();
var tenantId = app.Configuration["Tenant__Id"] ?? "CLARITY_01000000";
var settings = await db.SysParams.FirstOrDefaultAsync();
if (settings == null)
{
// Generate the key!
var (plaintext, ciphertext) = await piiVault.GenerateTenantKEKAsync(tenantId);
// Save ciphertext to DB so we have it for the next restart
db.SysParams.Add(new SysParams { EncryptedKek = ciphertext });
await db.SaveChangesAsync();
// Store plaintext in RAM
keyProvider.SetKey(plaintext);
}
else
{
// Ask Vault to unwrap the existing key using the Master Key + Context
var plaintext = await piiVault.DecryptTenantKEKAsync(settings.EncryptedKek, tenantId);
// Store plaintext back in RAM
keyProvider.SetKey(plaintext);
}
}
}
[AttributeUsage(AttributeTargets.Property)]
public class PiiDataAttribute : Attribute
{
}
public class EnvelopeEncryptionInterceptor : SaveChangesInterceptor, IMaterializationInterceptor
{
private readonly TenantKeyProvider _keyProvider;
public EnvelopeEncryptionInterceptor(TenantKeyProvider keyProvider)
{
_keyProvider = keyProvider;
}
public override InterceptionResult<int> SavingChanges(DbContextEventData eventData, InterceptionResult<int> result)
{
EncryptEntities(eventData.Context);
return base.SavingChanges(eventData, result);
}
public override ValueTask<InterceptionResult<int>> SavingChangesAsync(DbContextEventData eventData, InterceptionResult<int> result, CancellationToken cancellationToken = default)
{
EncryptEntities(eventData.Context);
return base.SavingChangesAsync(eventData, result, cancellationToken);
}
public object InitializedInstance(MaterializationInterceptionData materializationData, object entity)
{
if (entity is not IPIIEntity piiEntity || _keyProvider.CurrentKey == null || piiEntity.EncryptedDek == null)
{
return entity;
}
try
{
// 1. Open the Envelope (Unwrap Row DEK)
byte[] rowDek = AesGcmHelper.Decrypt(piiEntity.EncryptedDek, _keyProvider.CurrentKey);
var props = entity.GetType().GetProperties()
.Where(p => p.PropertyType == typeof(string) && Attribute.IsDefined(p, typeof(PiiDataAttribute)));
foreach (var prop in props)
{
var cipherText = (string?)prop.GetValue(entity);
if (!string.IsNullOrEmpty(cipherText))
{
prop.SetValue(entity, AesGcmHelper.DecryptString(cipherText, rowDek));
}
}
}
catch (CryptographicException) { /* Log unauthorized tampering! */ }
return entity;
}
private void EncryptEntities(DbContext? context)
{
if (context == null || _keyProvider.CurrentKey == null) return;
var entries = context.ChangeTracker.Entries<IPIIEntity>()
.Where(e => e.State == EntityState.Added || e.State == EntityState.Modified);
foreach (var entry in entries)
{
var entity = entry.Entity;
byte[] rowDek = RandomNumberGenerator.GetBytes(32);
// 2. Wrap the Row DEK
entity.EncryptedDek = AesGcmHelper.Encrypt(rowDek, _keyProvider.CurrentKey);
var props = entity.GetType().GetProperties()
.Where(p => p.PropertyType == typeof(string) && Attribute.IsDefined(p, typeof(PiiDataAttribute)));
foreach (var prop in props)
{
var plainText = (string?)prop.GetValue(entity);
if (!string.IsNullOrEmpty(plainText))
{
prop.SetValue(entity, AesGcmHelper.EncryptString(plainText, rowDek));
}
}
}
}
}
/// <summary>
/// AES-GCM High-Performance Helper
/// Uses Span<byte> for speed, but returns byte[] for EF Core storage.
/// </summary>
public static class AesGcmHelper
{
private const int NonceSize = 12; // AesGcm.NonceByteSizes.MaxSize
private const int TagSize = 16; // AesGcm.TagByteSizes.MaxSize
public static byte[] Encrypt(ReadOnlySpan<byte> data, ReadOnlySpan<byte> key)
{
// Final buffer: [Nonce (12)] [Tag (16)] [Ciphertext (N)]
byte[] result = new byte[NonceSize + TagSize + data.Length];
Span<byte> nonce = result.AsSpan(0, NonceSize);
Span<byte> tag = result.AsSpan(NonceSize, TagSize);
Span<byte> cipher = result.AsSpan(NonceSize + TagSize);
RandomNumberGenerator.Fill(nonce);
using var aes = new AesGcm(key);
aes.Encrypt(nonce, data, cipher, tag);
return result;
}
public static byte[] Decrypt(ReadOnlySpan<byte> encryptedData, ReadOnlySpan<byte> key)
{
if (encryptedData.Length < NonceSize + TagSize)
throw new CryptographicException("Ciphertext too short.");
ReadOnlySpan<byte> nonce = encryptedData.Slice(0, NonceSize);
ReadOnlySpan<byte> tag = encryptedData.Slice(NonceSize, TagSize);
ReadOnlySpan<byte> cipher = encryptedData.Slice(NonceSize + TagSize);
byte[] result = new byte[cipher.Length];
using var aes = new AesGcm(key);
aes.Decrypt(nonce, cipher, tag, result);
return result;
}
public static string EncryptString(string text, byte[] key) =>
Convert.ToBase64String(Encrypt(System.Text.Encoding.UTF8.GetBytes(text), key));
public static string DecryptString(string cipher, byte[] key) =>
System.Text.Encoding.UTF8.GetString(Decrypt(Convert.FromBase64String(cipher), key));
}
Clarity.Server/Data/SysParams.cs
+12
View File
@@ -0,0 +1,12 @@
using System.ComponentModel.DataAnnotations;
namespace Clarity.Server.Data
{
public class SysParams
{
[Key]
public int Id { get; set; } = 1;
public string EncryptedKek { get; set; } = string.Empty;
}
}
Clarity.Server/Dockerfile
+38
View File
@@ -0,0 +1,38 @@
# -- Stage 1: Build Vite frontend ---------------------------------------------
FROM node:22-alpine AS frontend
WORKDIR /frontend
COPY frontend/package.json frontend/package-lock.json* ./
RUN npm ci --legacy-peer-deps
COPY frontend/ ./
RUN npm run build
# Output lands in /frontend/dist
# -- Stage 2: Build .NET server -----------------------------------------------
FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
WORKDIR /src
COPY ["Clarity.Server/Clarity.Server.csproj", "Clarity.Server/"]
COPY ["Clarity.ServiceDefaults/Clarity.ServiceDefaults.csproj", "Clarity.ServiceDefaults/"]
COPY ["Directory.Packages.props", "./"]
RUN dotnet restore "Clarity.Server/Clarity.Server.csproj"
COPY . .
# Embed the Vite build into wwwroot (mirrors Aspire PublishWithContainerFiles)
COPY --from=frontend /frontend/dist ./Clarity.Server/wwwroot/
RUN dotnet publish "Clarity.Server/Clarity.Server.csproj" \
-c Release -o /app/publish
# -- Stage 3: Runtime ----------------------------------------------------------
FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS runtime
WORKDIR /app
COPY --from=build /app/publish .
EXPOSE 8080
ENTRYPOINT ["dotnet", "Clarity.Server.dll"]
Clarity.Server/Endpoints/DebugEndpoints.cs
+33
View File
@@ -0,0 +1,33 @@
using System.Runtime.CompilerServices;
using System.Security.Claims;
namespace Clarity.Server.Endpoints
{
public static class DebugEndpoints
{
public static IEndpointRouteBuilder MapDebugEndpoints(this IEndpointRouteBuilder app)
{
var api = app.MapGroup("/api").RequireAuthorization();
api.MapGet("debug/claims", (ClaimsPrincipal user) =>
{
var sub = user.FindFirstValue(ClaimTypes.NameIdentifier) ?? user.FindFirstValue("sub");
return Results.Ok(new
{
Subject = sub,
Username = user.FindFirstValue("preferred_username"),
Email = user.FindFirstValue(ClaimTypes.Email) ?? user.FindFirstValue("email"),
IsAuthenticated = user.Identity?.IsAuthenticated,
AllClaims = user.Claims.Select(c => new { c.Type, c.Value })
});
});
// Sanity check - no auth required, confirms API is reachable
api.MapGet("auth/ping", () => Results.Ok(new { Status = "ok", Time = DateTimeOffset.UtcNow }))
.AllowAnonymous();
return app;
}
}
}
Clarity.Server/Endpoints/ProfileEndpoints.cs
+57
View File
@@ -0,0 +1,57 @@
using Clarity.Server.Services;
using Microsoft.AspNetCore.Mvc;
using System.Security.Claims;
namespace Clarity.Server.Endpoints
{
public static class ProfileEndpoints
{
public record OnboardingRequest(string FirstName, string? MiddleName, string LastName, string Ssn);
public static IEndpointRouteBuilder MapProfileEndpoints(this IEndpointRouteBuilder app)
{
var group = app.MapGroup("/api/profile").RequireAuthorization();
group.MapGet("/", async (ClaimsPrincipal user, ProfileService svc, CancellationToken ct) =>
{
var sub = user.FindFirstValue(ClaimTypes.NameIdentifier) ?? user.FindFirstValue("sub");
if (sub is null) return Results.Unauthorized();
var profile = await svc.GetBySubjectAsync(sub, ct);
if (profile is null)
return Results.NotFound(new { onboardingComplete = false });
return Results.Ok(profile);
});
group.MapGet("/{subject}", async (string subject, ProfileService profileService) =>
{
var profile = await profileService.GetBySubjectAsync(subject);
if (profile == null)
return Results.NotFound(new { message = "Profile not found!" });
return Results.Ok(profile);
});
group.MapPost("/onboarding", async (
[FromBody] OnboardingRequest req,
ClaimsPrincipal user,
ProfileService svc,
CancellationToken ct) =>
{
var sub = user.FindFirstValue(ClaimTypes.NameIdentifier) ?? user.FindFirstValue("sub");
if (sub is null) return Results.Unauthorized();
var existing = await svc.GetBySubjectAsync(sub, ct);
if (existing is not null)
return Results.Conflict(new { message = "Profile already exists." });
var profile = await svc.CreateAsync(sub, req.FirstName, req.MiddleName, req.LastName, req.Ssn, ct);
return Results.Ok(profile);
});
return app;
}
}
}
Clarity.Server/Entity/Profile.cs
+32
View File
@@ -0,0 +1,32 @@
using Clarity.Server.Data;
using System.ComponentModel.DataAnnotations.Schema;
namespace Clarity.Server.Entity
{
public class Profile : IPIIEntity
{
public Guid Id { get; set; }
/// <summary>Keycloak subject ID (the "sub" claim). Unique per user.</summary>
public string KeycloakSubject { get; set; } = string.Empty;
// Actual Application data
[PiiData]
public string FirstName { get; set; }
[PiiData]
public string MiddleName { get; set; }
[PiiData]
public string LastName { get; set; }
[PiiData]
public string Ssn { get; set; }
// Audit
// Onboarding Flow
public bool OnboardingComplete { get; set; } = false;
public DateTimeOffset CreatedAt { get; set; } = DateTimeOffset.UtcNow;
public byte[] EncryptedDek { get; set; } = Array.Empty<byte>();
public string Tenant { get; set; } = string.Empty;
}
}
Clarity.Server/MinioExtensions.cs
+38
View File
@@ -0,0 +1,38 @@
using Minio;
using Minio.DataModel.Args;
namespace Clarity.Server.Extensions;
public static class MinioExtensions
{
/// <summary>
/// Idempotently provisions MinIO buckets on application startup.
/// </summary>
public static async Task ProvisionBucketsAsync(this WebApplication app, params string[] bucketNames)
{
// Skip entirely if Minio isn't configured (e.g. tenant containers without Minio env var)
var connStr = app.Configuration.GetConnectionString("minio");
if (string.IsNullOrWhiteSpace(connStr)) return;
using var scope = app.Services.CreateScope();
var minioClient = scope.ServiceProvider.GetRequiredService<IMinioClient>();
var logger = scope.ServiceProvider.GetRequiredService<ILogger<Program>>();
foreach (var bucket in bucketNames)
{
try
{
var exists = await minioClient.BucketExistsAsync(new BucketExistsArgs().WithBucket(bucket));
if (!exists)
{
await minioClient.MakeBucketAsync(new MakeBucketArgs().WithBucket(bucket));
logger.LogInformation("🚀 Project Clarity: Successfully provisioned MinIO bucket '{Bucket}'", bucket);
}
}
catch (Exception ex)
{
logger.LogError(ex, "❌ Project Clarity: Failed to provision MinIO bucket '{Bucket}'", bucket);
}
}
}
}
Clarity.Server/Program.cs
+179
View File
@@ -0,0 +1,179 @@
using Clarity.Server;
using Clarity.Server.Data;
using Clarity.Server.Endpoints;
using Clarity.Server.Extensions;
using Clarity.Server.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http.HttpResults;
using Microsoft.EntityFrameworkCore;
using System.Net;
using System.Security.Claims;
var builder = WebApplication.CreateBuilder(args);
// Add service defaults & Aspire client integrations.
builder.AddServiceDefaults();
if (!string.IsNullOrEmpty(builder.Configuration.GetConnectionString("cache")))
{
builder.AddRedisClientBuilder("cache")
.WithOutputCache();
}
else
{
builder.Services.AddOutputCache();
}
#region HASHICORP_VAULT
var keyProvider = new TenantKeyProvider();
var encryptionInterceptor = new EnvelopeEncryptionInterceptor(keyProvider);
// Add them to DI so your bootstrapper can still resolve them!
builder.Services.AddSingleton(keyProvider);
builder.Services.AddSingleton(encryptionInterceptor);
builder.Services.AddClarityVaultCryptography(builder.Configuration);
//builder.Services.AddSingleton<EnvelopeEncryptionInterceptor>();
//builder.Services.AddSingleton<TenantKeyProvider>();
builder.Services.AddSingleton<IPIIVault, PIIVault>();
#endregion
#region POSTGRESQL
//builder.AddNpgsqlDbContext<ApplicationDbContext>(connectionName: "postgresdb");
builder.AddNpgsqlDbContext<ApplicationDbContext>(
connectionName: "postgresdb",
configureDbContextOptions: options =>
{
options.AddInterceptors(encryptionInterceptor);
});
#endregion
#region MINIO
builder.AddMinioClient("minio");
#endregion
builder.Services.AddScoped<ProfileService>();
// Add services to the container.
builder.Services.AddProblemDetails();
// Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
builder.Services.AddOpenApi();
// Keycloak__BaseUrl and Keycloak__Realm are injected by ClarityContainerService at container creation.
// Fall back to Aspire service-discovery var for local dev (running outside Docker).
// BaseUrl = internal URL for fetching OIDC discovery (host.docker.internal:8080 inside Docker)
// PublicUrl = public-facing issuer URL that appears in JWT `iss` claim (localhost:8080)
// PublicUrl = browser-facing issuer (matches `iss` claim in JWT) e.g. https://keycloak.clarity.test
// InternalUrl = container-internal URL for OIDC metadata fetch — avoids self-signed cert issues
// BaseUrl is legacy fallback kept for local dev outside Docker
var keycloakPublicUrl = builder.Configuration["Keycloak:BaseUrl"]
?? builder.Configuration["services__keycloak__http__0"]
?? "http://localhost:8080";
var keycloakInternalUrl = builder.Configuration["Keycloak:InternalUrl"]
?? "http://keycloak:8080";
var keycloakRealm = builder.Configuration["Keycloak:Realm"] ?? "clarity";
// AddKeycloakJwtBearer uses the named IHttpClientFactory client "KeycloakBackchannel" for all
// backchannel requests (discovery + JWKS). Register our rewriting handler on that named client
// so every request to keycloak.clarity.test[:port] is rewritten to http://keycloak:8080 before
// it leaves the container — avoiding self-signed cert issues and DNS failures.
builder.Services.AddTransient<InternalKeycloakHandler>();
builder.Services.AddHttpClient("KeycloakBackchannel")
.AddHttpMessageHandler<InternalKeycloakHandler>();
builder.Services.AddAuthentication()
.AddKeycloakJwtBearer("keycloak", realm: keycloakRealm,
options =>
{
// Authority = public issuer, must match `iss` claim in the JWT
options.Authority = $"{keycloakPublicUrl}/realms/{keycloakRealm}";
options.Audience = "clarity-rest-api";
options.RequireHttpsMetadata = false;
// Fetch OIDC discovery doc over internal HTTP to avoid self-signed cert trust issues
options.MetadataAddress = $"{keycloakInternalUrl}/realms/{keycloakRealm}/.well-known/openid-configuration";
options.TokenValidationParameters.ValidIssuers =
[
$"{keycloakPublicUrl}/realms/{keycloakRealm}",
$"{keycloakInternalUrl}/realms/{keycloakRealm}",
// Keycloak advertises http://keycloak.clarity.test:8080 as issuer when accessed
// directly on port 8080 (before KC_HOSTNAME_URL takes full effect).
$"http://keycloak.clarity.test:8080/realms/{keycloakRealm}",
$"http://keycloak.clarity.test/realms/{keycloakRealm}",
];
});
builder.Services.AddAuthorization();
var app = builder.Build();
// Run EF Core migrations on every cold start — safe, idempotent, self-healing.
// One container = one tenant = no concurrent migrator race.
await using (var scope = app.Services.CreateAsyncScope())
{
var db = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
await db.Database.MigrateAsync();
}
await app.InitializeTenantSecurityAsync();
#region MINIO PROVISION BUCKETS
await app.ProvisionBucketsAsync("clarity-documents", "clarity-profile-pictures");
#endregion
// Configure the HTTP request pipeline.
app.UseExceptionHandler();
if (app.Environment.IsDevelopment())
{
app.MapOpenApi();
}
app.UseOutputCache();
app.UseAuthentication();
app.UseAuthorization();
// Serves Keycloak config to the frontend at runtime so the realm (which is per-tenant)
// doesn't have to be baked in at image build time.
app.MapGet("/api/config", (IConfiguration cfg) => Results.Ok(new
{
keycloakUrl = cfg["Keycloak:BaseUrl"] ?? "http://localhost:8080",
realm = cfg["Keycloak:Realm"] ?? "clarity",
clientId = "clarity-web-app",
})).AllowAnonymous();
#if DEBUG
app.MapDebugEndpoints();
#endif
app.MapProfileEndpoints();
app.MapDefaultEndpoints();
app.UseFileServer();
app.Run();
/// <summary>
/// Delegating handler registered on the "KeycloakBackchannel" IHttpClientFactory named client.
/// Rewrites any backchannel request targeting the public Keycloak hostname
/// (e.g. jwks_uri returned by the OIDC discovery doc) to the internal Docker DNS URL,
/// avoiding self-signed cert issues inside tenant containers.
/// </summary>
sealed class InternalKeycloakHandler : DelegatingHandler
{
// Matches http:// or https:// + keycloak.clarity.test + optional :port
private static readonly System.Text.RegularExpressions.Regex PublicHostPattern =
new(@"https?://keycloak\.clarity\.test(:\d+)?", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
private const string InternalUrl = "http://keycloak:8080";
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken ct)
{
if (request.RequestUri is not null)
{
var rewritten = PublicHostPattern.Replace(request.RequestUri.ToString(), InternalUrl);
request.RequestUri = new Uri(rewritten);
}
return base.SendAsync(request, ct);
}
}
Clarity.Server/Properties/launchSettings.json
+23
View File
@@ -0,0 +1,23 @@
{
"$schema": "https://json.schemastore.org/launchsettings.json",
"profiles": {
"http": {
"commandName": "Project",
"dotnetRunMessages": true,
"launchBrowser": false,
"applicationUrl": "http://localhost:5416",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"https": {
"commandName": "Project",
"dotnetRunMessages": true,
"launchBrowser": false,
"applicationUrl": "https://localhost:7308;http://localhost:5416",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}
Clarity.Server/Services/ProfileService.cs
+42
View File
@@ -0,0 +1,42 @@
using Clarity.Server.Data;
using Clarity.Server.Entity;
using Microsoft.EntityFrameworkCore;
namespace Clarity.Server.Services
{
public class ProfileService
{
private readonly ApplicationDbContext db;
private readonly IPIIVault piiVault;
public ProfileService(ApplicationDbContext db, IPIIVault piiVault)
{
this.db = db;
this.piiVault = piiVault;
}
public Task<Profile?> GetBySubjectAsync(string sub, CancellationToken ct = default) =>
db.Profiles.FirstOrDefaultAsync(p => p.KeycloakSubject == sub, ct);
public async Task<Profile> CreateAsync(string sub, string firstName, string? middleName, string lastName, string ssn, CancellationToken ct = default)
{
var profile = new Profile
{
Id = Guid.NewGuid(),
KeycloakSubject = sub,
FirstName = firstName,
MiddleName = middleName ?? string.Empty,
LastName = lastName,
Ssn = ssn,
OnboardingComplete = true,
CreatedAt = DateTimeOffset.UtcNow,
};
db.Profiles.Add(profile);
await db.SaveChangesAsync(ct);
return profile;
}
}
}
Clarity.Server/VaultSharpExtensions.cs
+26
View File
@@ -0,0 +1,26 @@
using Clarity.Server.Data;
using System.Runtime.Serialization;
using VaultSharp;
using VaultSharp.Core;
using VaultSharp.V1.AuthMethods;
using VaultSharp.V1.AuthMethods.Token;
namespace Clarity.Server
{
public static class VaultSharpExtensions
{
public static IServiceCollection AddClarityVaultCryptography(this IServiceCollection services, IConfiguration config)
{
var vaultAddress = config["Vault:Address"] ?? "http://localhost:8200";
var vaultToken = config["Vault:Token"] ?? "root";
IAuthMethodInfo authMethod = new TokenAuthMethodInfo(vaultToken);
var vaultClientSettings = new VaultClientSettings(vaultAddress, authMethod);
IVaultClient vaultClient = new VaultClient(vaultClientSettings);
services.AddSingleton<IVaultClient>(vaultClient);
return services;
}
}
}
Clarity.Server/appsettings.Development.json
+11
View File
@@ -0,0 +1,11 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"ConnectionStrings": {
"postgresdb": "Host=localhost;Port=56235;Database=postgresdb;Username=postgres;Password=WdW+Q3wzq.Ssuzq6rT4A}_"
}
}
Clarity.Server/appsettings.json
+9
View File
@@ -0,0 +1,9 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*"
}
Clarity.ServiceDefaults/Clarity.ServiceDefaults.csproj
+22
View File
@@ -0,0 +1,22 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<IsAspireSharedProject>true</IsAspireSharedProject>
</PropertyGroup>
<ItemGroup>
<FrameworkReference Include="Microsoft.AspNetCore.App" />
<PackageReference Include="Microsoft.Extensions.Http.Resilience" />
<PackageReference Include="Microsoft.Extensions.ServiceDiscovery" />
<PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" />
<PackageReference Include="OpenTelemetry.Extensions.Hosting" />
<PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" />
<PackageReference Include="OpenTelemetry.Instrumentation.Http" />
<PackageReference Include="OpenTelemetry.Instrumentation.Runtime" />
</ItemGroup>
</Project>
Clarity.ServiceDefaults/Extensions.cs
+127
View File
@@ -0,0 +1,127 @@
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Diagnostics.HealthChecks;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Diagnostics.HealthChecks;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.ServiceDiscovery;
using OpenTelemetry;
using OpenTelemetry.Metrics;
using OpenTelemetry.Trace;
namespace Microsoft.Extensions.Hosting;
// Adds common Aspire services: service discovery, resilience, health checks, and OpenTelemetry.
// This project should be referenced by each service project in your solution.
// To learn more about using this project, see https://aka.ms/dotnet/aspire/service-defaults
public static class Extensions
{
private const string HealthEndpointPath = "/health";
private const string AlivenessEndpointPath = "/alive";
public static TBuilder AddServiceDefaults<TBuilder>(this TBuilder builder) where TBuilder : IHostApplicationBuilder
{
builder.ConfigureOpenTelemetry();
builder.AddDefaultHealthChecks();
builder.Services.AddServiceDiscovery();
builder.Services.ConfigureHttpClientDefaults(http =>
{
// Turn on resilience by default
http.AddStandardResilienceHandler();
// Turn on service discovery by default
http.AddServiceDiscovery();
});
// Uncomment the following to restrict the allowed schemes for service discovery.
// builder.Services.Configure<ServiceDiscoveryOptions>(options =>
// {
// options.AllowedSchemes = ["https"];
// });
return builder;
}
public static TBuilder ConfigureOpenTelemetry<TBuilder>(this TBuilder builder) where TBuilder : IHostApplicationBuilder
{
builder.Logging.AddOpenTelemetry(logging =>
{
logging.IncludeFormattedMessage = true;
logging.IncludeScopes = true;
});
builder.Services.AddOpenTelemetry()
.WithMetrics(metrics =>
{
metrics.AddAspNetCoreInstrumentation()
.AddHttpClientInstrumentation()
.AddRuntimeInstrumentation();
})
.WithTracing(tracing =>
{
tracing.AddSource(builder.Environment.ApplicationName)
.AddAspNetCoreInstrumentation(tracing =>
// Exclude health check requests from tracing
tracing.Filter = context =>
!context.Request.Path.StartsWithSegments(HealthEndpointPath)
&& !context.Request.Path.StartsWithSegments(AlivenessEndpointPath)
)
// Uncomment the following line to enable gRPC instrumentation (requires the OpenTelemetry.Instrumentation.GrpcNetClient package)
//.AddGrpcClientInstrumentation()
.AddHttpClientInstrumentation();
});
builder.AddOpenTelemetryExporters();
return builder;
}
private static TBuilder AddOpenTelemetryExporters<TBuilder>(this TBuilder builder) where TBuilder : IHostApplicationBuilder
{
var useOtlpExporter = !string.IsNullOrWhiteSpace(builder.Configuration["OTEL_EXPORTER_OTLP_ENDPOINT"]);
if (useOtlpExporter)
{
builder.Services.AddOpenTelemetry().UseOtlpExporter();
}
// Uncomment the following lines to enable the Azure Monitor exporter (requires the Azure.Monitor.OpenTelemetry.AspNetCore package)
//if (!string.IsNullOrEmpty(builder.Configuration["APPLICATIONINSIGHTS_CONNECTION_STRING"]))
//{
// builder.Services.AddOpenTelemetry()
// .UseAzureMonitor();
//}
return builder;
}
public static TBuilder AddDefaultHealthChecks<TBuilder>(this TBuilder builder) where TBuilder : IHostApplicationBuilder
{
builder.Services.AddHealthChecks()
// Add a default liveness check to ensure app is responsive
.AddCheck("self", () => HealthCheckResult.Healthy(), ["live"]);
return builder;
}
public static WebApplication MapDefaultEndpoints(this WebApplication app)
{
// Adding health checks endpoints to applications in non-development environments has security implications.
// See https://aka.ms/dotnet/aspire/healthchecks for details before enabling these endpoints in non-development environments.
if (app.Environment.IsDevelopment())
{
// All health checks must pass for app to be considered ready to accept traffic after starting
app.MapHealthChecks(HealthEndpointPath);
// Only health checks tagged with the "live" tag must pass for app to be considered alive
app.MapHealthChecks(AlivenessEndpointPath, new HealthCheckOptions
{
Predicate = r => r.Tags.Contains("live")
});
}
return app;
}
}
Clarity.slnx
+16
View File
@@ -0,0 +1,16 @@
<Solution>
<Folder Name="/Solution Items/">
<File Path="Directory.Packages.props" />
</Folder>
<Folder Name="/Clarity (Product)/">
<Project Path="Clarity.AppHost/Clarity.AppHost.csproj" />
<Project Path="Clarity.MigrationService/Clarity.MigrationService.csproj" />
<Project Path="Clarity.Server/Clarity.Server.csproj" />
<Project Path="Clarity.ServiceDefaults/Clarity.ServiceDefaults.csproj" Id="8aaa5e11-244b-4722-b3be-ab1c0540cc2b" />
<Project Path="frontend/frontend.esproj">
<Build />
<Deploy />
</Project>
</Folder>
</Solution>
Directory.Packages.props
+53
View File
@@ -0,0 +1,53 @@
<Project>
<PropertyGroup>
<!-- Enable central package management, https://learn.microsoft.com/en-us/nuget/consume-packages/Central-Package-Management -->
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
</PropertyGroup>
<!-- Aspire Packages -->
<ItemGroup>
<PackageVersion Include="Aspire.Hosting.PostgreSQL" Version="13.2.2" />
<PackageVersion Include="Aspire.Keycloak.Authentication" Version="13.2.2-preview.1.26207.2" />
<PackageVersion Include="Aspire.Npgsql.EntityFrameworkCore.PostgreSQL" Version="13.2.2" />
<PackageVersion Include="Aspire.StackExchange.Redis.OutputCaching" Version="13.2.2" />
<PackageVersion Include="Aspire.Hosting.JavaScript" Version="13.2.2" />
<PackageVersion Include="Aspire.Hosting.Keycloak" Version="13.2.2-preview.1.26207.2" />
<PackageVersion Include="Aspire.Hosting.Redis" Version="13.2.2" />
<PackageVersion Include="CommunityToolkit.Aspire.Hosting.Minio" Version="13.2.1-beta.532" />
<PackageVersion Include="CommunityToolkit.Aspire.Minio.Client" Version="13.2.1-beta.532" />
<PackageVersion Include="Docker.DotNet" Version="3.125.15" />
<PackageVersion Include="Microsoft.EntityFrameworkCore" Version="10.0.6" />
<PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="10.0.6" />
<PackageVersion Include="Microsoft.EntityFrameworkCore.Tools" Version="10.0.6" />
<PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="10.0.7" />
<PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.7" />
<PackageVersion Include="Npgsql" Version="10.0.2" />
<PackageVersion Include="LibGit2Sharp" Version="0.31.0" />
<PackageVersion Include="Scalar.Aspire" Version="0.9.24" />
<PackageVersion Include="VaultSharp" Version="1.17.5.1" />
<PackageVersion Include="Yarp.ReverseProxy" Version="2.3.0" />
</ItemGroup>
<!-- Clarity.MigrationService -->
<ItemGroup>
<PackageVersion Include="Microsoft.Extensions.Hosting" Version="10.0.6" />
</ItemGroup>
<!-- ControlPlane -->
<ItemGroup>
<PackageVersion Include="Aspire.Hosting.Sdk" Version="13.2.2" />
<PackageVersion Include="Aspire.Hosting.RabbitMQ" Version="13.2.2" />
<PackageVersion Include="Aspire.RabbitMQ.Client" Version="13.2.2" />
<PackageVersion Include="Keycloak.AuthServices.Sdk" Version="2.9.0" />
<PackageVersion Include="MassTransit" Version="8.4.1" />
<PackageVersion Include="MassTransit.RabbitMQ" Version="8.4.1" />
</ItemGroup>
<!-- Clarity.Server -->
<ItemGroup>
<PackageVersion Include="Microsoft.AspNetCore.OpenApi" Version="10.0.6" />
<PackageVersion Include="Microsoft.Extensions.Http.Resilience" Version="10.5.0" />
<PackageVersion Include="Microsoft.Extensions.ServiceDiscovery" Version="10.5.0" />
<PackageVersion Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.15.2" />
<PackageVersion Include="OpenTelemetry.Extensions.Hosting" Version="1.15.2" />
<PackageVersion Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.15.1" />
<PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="1.15.0" />
<PackageVersion Include="OpenTelemetry.Instrumentation.Runtime" Version="1.15.0" />
</ItemGroup>
</Project>
frontend/.dockerignore
+2
View File
@@ -0,0 +1,2 @@
node_modules/
dist/
frontend/.gitignore
+24
View File
@@ -0,0 +1,24 @@
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
pnpm-debug.log*
lerna-debug.log*
node_modules
dist
dist-ssr
*.local
# Editor directories and files
.vscode/*
!.vscode/extensions.json
.idea
.DS_Store
*.suo
*.ntvs*
*.njsproj
*.sln
*.sw?
frontend/.npmrc
+1
View File
@@ -0,0 +1 @@
legacy-peer-deps=true
frontend/eslint.config.js
+28
View File
@@ -0,0 +1,28 @@
import js from '@eslint/js'
import globals from 'globals'
import reactHooks from 'eslint-plugin-react-hooks'
import reactRefresh from 'eslint-plugin-react-refresh'
import tseslint from 'typescript-eslint'
export default tseslint.config(
{ ignores: ['dist'] },
{
extends: [js.configs.recommended, ...tseslint.configs.recommended],
files: ['**/*.{ts,tsx}'],
languageOptions: {
ecmaVersion: 2020,
globals: globals.browser,
},
plugins: {
'react-hooks': reactHooks,
'react-refresh': reactRefresh,
},
rules: {
...reactHooks.configs.recommended.rules,
'react-refresh/only-export-components': [
'warn',
{ allowConstantExport: true },
],
},
},
)
frontend/frontend.esproj
+10
View File
@@ -0,0 +1,10 @@
<Project Sdk="Microsoft.VisualStudio.JavaScript.Sdk/1.0.4110890">
<PropertyGroup>
<ShouldRunNpmInstall>false</ShouldRunNpmInstall>
<ShouldRunBuildScript>false</ShouldRunBuildScript>
</PropertyGroup>
<ItemGroup>
<Folder Include="src\Admin\" />
<Folder Include="src\Onboarding\" />
</ItemGroup>
</Project>
frontend/index.html
+13
View File
@@ -0,0 +1,13 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<link rel="icon" type="image/svg+xml" href="/Aspire.png" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Aspire Starter</title>
</head>
<body>
<div id="root"></div>
<script type="module" src="/src/main.tsx"></script>
</body>
</html>
frontend/package-lock.json
Generated
+3713
View File
File diff suppressed because it is too large Load Diff
frontend/package.json
+34
View File
@@ -0,0 +1,34 @@
{
"name": "frontend",
"private": true,
"version": "0.0.0",
"type": "module",
"scripts": {
"dev": "vite",
"build": "tsc -b && vite build",
"lint": "eslint .",
"preview": "vite preview"
},
"dependencies": {
"@blueprintjs/core": "^5.19.1",
"@blueprintjs/icons": "^5.18.0",
"keycloak-js": "^26.2.3",
"react": "^19.0.0",
"react-dom": "^19.0.0",
"react-multistep": "^7.0.0"
},
"devDependencies": {
"@eslint/js": "^9.39.1",
"@types/node": "^24.10.1",
"@types/react": "^19.0.0",
"@types/react-dom": "^19.0.0",
"@vitejs/plugin-react": "^5.1.1",
"eslint": "^9.39.1",
"eslint-plugin-react-hooks": "^5.2.0",
"eslint-plugin-react-refresh": "^0.4.24",
"globals": "^16.5.0",
"typescript": "~5.9.3",
"typescript-eslint": "^8.48.1",
"vite": "^7.2.6"
}
}
frontend/public/Aspire.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.0 KiB

frontend/public/github.svg
+3
View File
@@ -0,0 +1,3 @@
<svg width="24" height="24" viewBox="0 0 24 24" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
<path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546-1.387-1.333-1.756-1.333-1.756-1.089-.745.083-.729.083-.729 1.205.084 1.839 1.237 1.839 1.237 1.07 1.834 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.604-2.665-.305-5.467-1.334-5.467-5.931 0-1.311.469-2.381 1.236-3.221-.124-.303-.535-1.524.117-3.176 0 0 1.008-.322 3.301 1.23.957-.266 1.983-.399 3.003-.404 1.02.005 2.047.138 3.006.404 2.291-1.552 3.297-1.23 3.297-1.23.653 1.653.242 2.874.118 3.176.77.84 1.235 1.911 1.235 3.221 0 4.609-2.807 5.624-5.479 5.921.43.372.823 1.102.823 2.222v3.293c0 .319.192.694.801.576 4.765-1.589 8.199-6.086 8.199-11.386 0-6.627-5.373-12-12-12z"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 839 B

frontend/src/App.css
+794
View File
@@ -0,0 +1,794 @@
/* CSS Variables for theming */
:root {
--bg-gradient-start: #1a1a2e;
--bg-gradient-end: #16213e;
--card-bg: rgba(30, 30, 46, 0.95);
--card-hover-shadow: rgba(0, 0, 0, 0.3);
--text-primary: #ffffff;
--text-secondary: #e2e8f0;
--text-tertiary: #cbd5e0;
--accent-gradient-start: #7c92f5;
--accent-gradient-end: #8b5ecf;
--weather-card-bg: rgba(45, 45, 60, 0.8);
--weather-card-border: rgba(255, 255, 255, 0.1);
--section-title-color: #f7fafc;
--date-color: #cbd5e0;
--summary-color: #f7fafc;
--temp-unit-color: #e2e8f0;
--divider-color: #4a5568;
--error-bg: rgba(220, 38, 38, 0.1);
--error-border: #ef4444;
--error-text: #fca5a5;
--skeleton-bg-1: rgba(255, 255, 255, 0.05);
--skeleton-bg-2: rgba(255, 255, 255, 0.1);
--tile-min-height: 120px;
--tile-gap: 0.75rem;
--cta-height: 3rem;
--card-inner-gap: 1rem;
--focus-color: #a78bfa;
}
@media (prefers-color-scheme: light) {
:root {
--bg-gradient-start: #f0f4ff;
--bg-gradient-end: #e0e7ff;
--card-bg: rgba(255, 255, 255, 0.98);
--card-hover-shadow: rgba(0, 0, 0, 0.15);
--text-primary: #1a202c;
--text-secondary: #2d3748;
--text-tertiary: #4a5568;
--accent-gradient-start: #5b6fd8;
--accent-gradient-end: #6b46a3;
--weather-card-bg: rgba(255, 255, 255, 0.9);
--weather-card-border: rgba(102, 126, 234, 0.15);
--section-title-color: #1a202c;
--date-color: #2d3748;
--summary-color: #1a202c;
--temp-unit-color: #4a5568;
--divider-color: #cbd5e0;
--error-bg: #fee;
--error-border: #dc2626;
--error-text: #991b1b;
--skeleton-bg-1: #f0f0f0;
--skeleton-bg-2: #e0e0e0;
--tile-min-height: 120px;
--tile-gap: 0.75rem;
--cta-height: 3rem;
--card-inner-gap: 1rem;
--focus-color: #5b21b6;
}
}
/* Root container */
#root {
width: 100%;
min-height: 100vh;
display: flex;
flex-direction: column;
overflow-x: hidden;
}
/* Accessibility utilities */
.visually-hidden {
position: absolute;
width: 1px;
height: 1px;
padding: 0;
margin: -1px;
overflow: hidden;
clip: rect(0, 0, 0, 0);
white-space: nowrap;
border-width: 0;
}
/* App container */
.app-container {
width: 100%;
min-height: 100vh;
display: flex;
flex-direction: column;
background: linear-gradient(135deg, var(--bg-gradient-start) 0%, var(--bg-gradient-end) 100%);
color: var(--text-primary);
}
/* Header */
.app-header {
padding: 2.5rem 2rem 1.5rem;
text-align: center;
animation: fadeInDown 0.6s ease-out;
}
.logo-link {
display: inline-block;
border-radius: 0.5rem;
}
.logo-link:focus-visible {
outline: 3px solid var(--accent-gradient-end);
outline-offset: 8px;
}
.logo {
height: 5rem;
width: auto;
transition: transform 300ms ease, filter 300ms ease;
filter: drop-shadow(0 4px 8px rgba(0, 0, 0, 0.2));
}
.logo:hover {
transform: scale(1.1) rotate(5deg);
filter: drop-shadow(0 8px 16px rgba(0, 0, 0, 0.3));
}
.app-title {
font-size: 2.75rem;
font-weight: 700;
margin: 1.25rem 0 0.5rem;
background: linear-gradient(135deg, var(--text-primary) 0%, var(--text-secondary) 100%);
-webkit-background-clip: text;
-webkit-text-fill-color: transparent;
background-clip: text;
letter-spacing: -0.02em;
}
.app-subtitle {
font-size: 1.05rem;
color: var(--text-tertiary);
margin: 0;
font-weight: 300;
}
/* Main content */
.main-content {
flex: 1;
max-width: 1400px;
width: 100%;
margin: 0 auto;
padding: 0rem 2rem 2rem;
display: flex;
justify-content: center;
align-items: center;
}
/* Card styles */
.card {
background: var(--card-bg);
backdrop-filter: blur(10px);
border-radius: 1rem;
padding: 1.25rem 1.5rem;
box-shadow: 0 8px 32px rgba(0, 0, 0, 0.1);
color: var(--text-primary);
animation: fadeInUp 0.6s ease-out;
border: 1px solid var(--weather-card-border);
display: flex;
flex-direction: column;
gap: var(--card-inner-gap);
}
/* Section styles */
.demo-section {
animation: fadeInUp 0.6s ease-out;
}
.weather-section {
animation: fadeInUp 0.6s ease-out;
animation-delay: 0.1s;
flex: 1;
max-width: 1200px;
width: 100%;
}
.section-header {
display: flex;
justify-content: space-between;
align-items: flex-start;
margin-bottom: 0;
flex-wrap: wrap;
gap: 1rem;
}
.header-actions {
display: flex;
gap: 0.75rem;
align-items: center;
}
.section-title {
font-size: 1.25rem;
font-weight: 600;
margin: 0;
color: var(--section-title-color);
}
/* Counter area */
.counter-card .section-header {
margin-bottom: 0;
}
.counter-panel {
background: var(--weather-card-bg);
border-radius: 0.75rem;
border: 1px solid var(--weather-card-border);
padding: 1.25rem;
display: flex;
flex-direction: column;
gap: var(--tile-gap);
min-height: var(--tile-min-height);
backdrop-filter: blur(10px);
flex: 1;
}
.counter-value-group {
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
gap: 0.25rem;
flex: 1;
margin-bottom: var(--tile-gap);
text-align: center;
}
.counter-label {
font-size: 0.75rem;
text-transform: uppercase;
letter-spacing: 0.1em;
color: var(--text-tertiary);
font-weight: 600;
}
.counter-value {
font-size: 2.25rem;
font-weight: 700;
line-height: 1;
background: linear-gradient(135deg, var(--accent-gradient-start) 0%, var(--accent-gradient-end) 100%);
-webkit-background-clip: text;
-webkit-text-fill-color: transparent;
background-clip: text;
}
.increment-button {
display: flex;
align-items: center;
justify-content: center;
gap: 0.5rem;
background: linear-gradient(135deg, var(--accent-gradient-start) 0%, var(--accent-gradient-end) 100%);
color: white;
border: none;
border-radius: 0.5rem;
padding: 0 1.5rem;
height: var(--cta-height);
font-size: 0.875rem;
font-weight: 600;
cursor: pointer;
transition: all 0.3s ease;
box-shadow: 0 2px 8px rgba(102, 126, 234, 0.3);
width: 100%;
margin-top: auto;
}
.increment-button:hover {
transform: translateY(-1px);
box-shadow: 0 4px 12px rgba(102, 126, 234, 0.4);
}
.increment-button:active {
transform: translateY(0);
}
.increment-button:focus-visible {
outline: 3px solid var(--accent-gradient-end);
outline-offset: 2px;
}
.increment-icon {
transition: transform 0.3s ease;
}
.increment-button:hover .increment-icon {
transform: scale(1.1);
}
/* Toggle switch */
.toggle-switch {
display: flex;
background: rgba(255, 255, 255, 0.1);
border-radius: 0.5rem;
padding: 0.25rem;
gap: 0.25rem;
border: 1px solid var(--weather-card-border);
margin: 0;
padding: 0.25rem;
min-width: 0;
}
.toggle-switch legend {
padding: 0;
}
@media (prefers-color-scheme: light) {
.toggle-switch {
background: rgba(102, 126, 234, 0.08);
}
}
.toggle-option {
display: flex;
align-items: center;
justify-content: center;
background: transparent;
color: var(--text-secondary);
border: none;
border-radius: 0.375rem;
padding: 0 1rem;
height: 2.5rem;
font-size: 0.875rem;
font-weight: 600;
cursor: pointer;
transition: all 0.3s ease;
min-width: 3rem;
position: relative;
}
.toggle-option[aria-pressed="true"] {
background: linear-gradient(135deg, var(--accent-gradient-start) 0%, var(--accent-gradient-end) 100%);
color: white;
box-shadow: 0 2px 8px rgba(102, 126, 234, 0.3);
}
.toggle-option[aria-pressed="false"]:hover {
background: rgba(255, 255, 255, 0.05);
color: var(--text-primary);
}
@media (prefers-color-scheme: light) {
.toggle-option[aria-pressed="false"]:hover {
background: rgba(102, 126, 234, 0.1);
}
}
.toggle-option:focus-visible {
outline: 3px solid var(--focus-color);
outline-offset: 2px;
z-index: 1;
}
/* Refresh button */
.refresh-button {
display: flex;
align-items: center;
justify-content: center;
gap: 0.5rem;
background: linear-gradient(135deg, var(--accent-gradient-start) 0%, var(--accent-gradient-end) 100%);
color: white;
border: none;
border-radius: 0.5rem;
padding: 0 1.5rem;
height: var(--cta-height);
font-size: 0.875rem;
font-weight: 600;
cursor: pointer;
transition: transform 0.3s ease, box-shadow 0.3s ease, opacity 0.3s ease;
box-shadow: 0 2px 8px rgba(102, 126, 234, 0.3);
min-width: 140px;
white-space: nowrap;
}
.refresh-button:hover:not(:disabled) {
transform: translateY(-1px);
box-shadow: 0 4px 12px rgba(102, 126, 234, 0.4);
}
.refresh-button:disabled {
opacity: 0.6;
cursor: not-allowed;
transform: none;
}
.refresh-button:focus-visible {
outline: 3px solid var(--focus-color);
outline-offset: 3px;
}
.refresh-icon {
transition: transform 0.3s ease;
}
.refresh-icon.spinning {
animation: spin 1s linear infinite;
}
/* Error message */
.error-message {
display: flex;
align-items: center;
gap: 0.75rem;
background-color: var(--error-bg);
border-left: 4px solid var(--error-border);
color: var(--error-text);
padding: 1rem;
border-radius: 0.5rem;
margin: 1rem 0;
animation: slideIn 0.3s ease-out;
}
/* Loading skeleton */
.loading-skeleton {
display: flex;
flex-direction: column;
gap: 1rem;
margin-top: 1rem;
}
.skeleton-row {
height: 80px;
background: linear-gradient(90deg, var(--skeleton-bg-1) 25%, var(--skeleton-bg-2) 50%, var(--skeleton-bg-1) 75%);
background-size: 200% 100%;
animation: shimmer 1.5s infinite;
border-radius: 0.5rem;
}
/* Weather grid */
.weather-grid {
display: grid;
grid-template-columns: repeat(auto-fill, minmax(200px, 1fr));
gap: 1rem;
margin-top: 0.75rem;
}
.weather-card {
background: var(--weather-card-bg);
border-radius: 0.75rem;
padding: 1.25rem;
display: flex;
flex-direction: column;
gap: 0.75rem;
transition: all 0.3s ease;
border: 1px solid var(--weather-card-border);
backdrop-filter: blur(10px);
min-height: var(--tile-min-height);
}
.weather-card:hover {
transform: translateY(-4px);
box-shadow: 0 4px 16px rgba(0, 0, 0, 0.2);
}
.weather-card:focus-within {
outline: 2px solid var(--focus-color);
outline-offset: 2px;
}
.weather-date {
font-weight: 600;
font-size: 0.875rem;
color: var(--date-color);
text-transform: uppercase;
letter-spacing: 0.05em;
margin: 0;
}
.weather-summary {
font-size: 1.125rem;
font-weight: 500;
color: var(--summary-color);
min-height: 1.5rem;
margin: 0;
}
.weather-temps {
display: flex;
align-items: center;
justify-content: center;
gap: 0.75rem;
margin-top: 0.5rem;
padding-top: 0.75rem;
border-top: 1px solid var(--weather-card-border);
}
.temp-group {
display: flex;
flex-direction: column;
align-items: center;
width: 100%;
}
.temp-value {
font-size: 1.5rem;
font-weight: 700;
background: linear-gradient(135deg, var(--accent-gradient-start) 0%, var(--accent-gradient-end) 100%);
-webkit-background-clip: text;
-webkit-text-fill-color: transparent;
background-clip: text;
}
.temp-unit {
font-size: 0.75rem;
color: var(--temp-unit-color);
margin-top: 0.125rem;
}
/* Responsive design */
@media (max-width: 1024px) {
.main-content {
padding: 1rem;
}
}
.app-footer {
padding: 1.5rem;
text-align: center;
background: rgba(0, 0, 0, 0.2);
backdrop-filter: blur(10px);
}
.app-footer nav {
display: flex;
justify-content: center;
align-items: center;
gap: 1.5rem;
}
.app-footer a {
color: var(--text-secondary);
text-decoration: none;
font-weight: 500;
transition: color 0.3s ease, border-color 0.3s ease;
border-bottom: 2px solid transparent;
font-size: 0.875rem;
padding-bottom: 0.125rem;
}
.app-footer a:hover {
color: var(--text-primary);
border-bottom-color: var(--text-primary);
}
.app-footer a:focus-visible {
outline: 3px solid var(--focus-color);
outline-offset: 4px;
border-radius: 4px;
}
/* Animations */
@keyframes fadeInDown {
from {
opacity: 0;
transform: translateY(-20px);
}
to {
opacity: 1;
transform: translateY(0);
}
}
@keyframes fadeInUp {
from {
opacity: 0;
transform: translateY(20px);
}
to {
opacity: 1;
transform: translateY(0);
}
}
@keyframes slideIn {
from {
opacity: 0;
transform: translateX(-10px);
}
to {
opacity: 1;
transform: translateX(0);
}
}
@keyframes spin {
from {
transform: rotate(0deg);
}
to {
transform: rotate(360deg);
}
}
@keyframes shimmer {
0% {
background-position: -200% 0;
}
100% {
background-position: 200% 0;
}
}
/* Responsive design */
@media (max-width: 1024px) {
.main-content {
grid-template-columns: 1fr;
padding: 1rem;
gap: 1rem;
}
}
/* Footer */
.app-footer {
padding: 1.5rem 0;
text-align: center;
background: rgba(0, 0, 0, 0.2);
backdrop-filter: blur(10px);
display: flex;
justify-content: center;
align-items: center;
}
.app-footer > * {
max-width: 1400px;
width: 100%;
display: flex;
justify-content: space-between;
align-items: center;
padding: 0 2rem;
gap: 1rem;
}
.app-footer a {
color: var(--text-secondary);
text-decoration: none;
font-weight: 500;
transition: color 0.3s ease, transform 0.3s ease;
border-bottom: 2px solid transparent;
font-size: 0.875rem;
}
.app-footer a:hover {
color: var(--text-primary);
border-bottom-color: var(--text-primary);
}
.app-footer a:focus-visible {
outline: 2px solid var(--text-primary);
outline-offset: 4px;
border-radius: 2px;
}
.github-link {
display: inline-flex;
align-items: center;
gap: 0.5rem;
border-bottom: none !important;
}
.github-link:focus-visible {
outline: 3px solid var(--focus-color);
outline-offset: 4px;
border-radius: 4px;
}
.github-link img {
transition: transform 0.3s ease, opacity 0.3s ease;
filter: brightness(0) invert(1);
}
@media (prefers-color-scheme: light) {
.github-link img {
filter: brightness(0) invert(0);
opacity: 0.7;
}
.github-link:hover img {
opacity: 1;
}
}
.github-link:hover img {
transform: scale(1.1);
}
@media (max-width: 768px) {
:root {
--cta-height: 2.75rem;
}
.app-header {
padding: 1.5rem 1rem 1rem;
}
.logo {
height: 3rem;
}
.app-title {
font-size: 1.5rem;
}
.app-subtitle {
font-size: 0.875rem;
}
.main-content {
padding: 0.75rem;
}
.card {
padding: 1rem;
}
.section-title {
font-size: 1.125rem;
}
.section-header {
flex-direction: column;
align-items: stretch;
gap: 0.75rem;
}
.header-actions {
width: 100%;
}
.toggle-switch {
flex: 1;
}
.toggle-option {
flex: 1;
}
.refresh-button {
flex: 1;
justify-content: center;
padding: 0 1.25rem;
}
.weather-grid {
grid-template-columns: 1fr;
gap: 0.75rem;
}
.weather-card {
padding: 1.25rem;
}
.app-footer {
padding: 1rem 0;
}
.app-footer > * {
flex-direction: column;
padding: 0 1.5rem;
}
.github-link {
order: -1;
}
}
/* Reduced motion support */
@media (prefers-reduced-motion: reduce) {
*,
*::before,
*::after {
animation-duration: 0.01ms !important;
animation-iteration-count: 1 !important;
transition-duration: 0.01ms !important;
}
}
/* High contrast mode support */
@media (prefers-contrast: high) {
.card {
border: 2px solid currentColor;
}
.weather-card {
border: 1px solid currentColor;
}
}
/* Focus visible support for better keyboard navigation */
*:focus-visible {
outline: 3px solid var(--accent-gradient-end);
outline-offset: 2px;
}
frontend/src/App.tsx
+35
View File
@@ -0,0 +1,35 @@
import { useEffect, useState } from 'react'
import { getKeycloak } from './keycloak'
import { OnboardingPage } from './Onboarding'
import { ProfilePreview } from './Profile/ProfilePreview'
import './App.css'
type ProfileState = 'loading' | 'onboarding' | 'ready'
async function fetchProfileState(): Promise<ProfileState> {
const keycloak = getKeycloak()
await keycloak.updateToken(30)
const res = await fetch('/api/profile', {
headers: { Authorization: `Bearer ${keycloak.token}` },
})
if (res.status === 404) return 'onboarding'
if (res.ok) return 'ready'
throw new Error(`Unexpected status ${res.status}`)
}
function App() {
const [state, setState] = useState<ProfileState>('loading')
useEffect(() => {
fetchProfileState().then(setState).catch(() => setState('onboarding'))
}, [])
if (state === 'loading') return <p>Loading</p>
if (state === 'onboarding')
return <OnboardingPage onComplete={() => setState('ready')} />
return <ProfilePreview onLogout={() => getKeycloak().logout()} />
}
export default App
frontend/src/Onboarding/BackgroundWizard.tsx
+11
View File
@@ -0,0 +1,11 @@
import { OnboardingPage } from './OnboardingPage'
type BackgroundWizardProps = {
onComplete: () => void
}
function BackgroundWizard({ onComplete }: BackgroundWizardProps) {
return <OnboardingPage onComplete={onComplete} />
}
export default BackgroundWizard
frontend/src/Onboarding/OnboardingPage.module.css
+89
View File
@@ -0,0 +1,89 @@
.container {
min-height: 100vh;
display: grid;
place-items: center;
padding: 2rem 1rem;
background:
radial-gradient(circle at 15% 20%, rgba(52, 152, 219, 0.22), transparent 45%),
radial-gradient(circle at 80% 75%, rgba(46, 204, 113, 0.2), transparent 45%),
linear-gradient(160deg, #f4f7fb 0%, #e8eef7 100%);
}
.card {
width: min(700px, 100%);
display: grid;
gap: 1.25rem;
}
.header {
display: grid;
gap: 0.5rem;
}
.title {
margin: 0;
}
.subtitle {
margin: 0;
color: #5f6b7c;
}
.stepTabs {
display: flex;
flex-wrap: wrap;
gap: 0.5rem;
}
.tab,
.tabActive {
border: 1px solid #c8d1e0;
border-radius: 999px;
padding: 0.35rem 0.9rem;
background: #ffffff;
color: #394b59;
font: inherit;
}
.tabActive {
border-color: #106ba3;
color: #106ba3;
background: #edf6ff;
}
.formGrid {
display: grid;
gap: 0.5rem;
}
.actions {
display: flex;
justify-content: space-between;
gap: 0.75rem;
}
.reviewRow {
border-top: 1px solid #d8e1ec;
padding-top: 0.75rem;
margin-top: 0.25rem;
}
.reviewTitle {
margin: 0 0 0.5rem;
}
.reviewGrid {
display: grid;
grid-template-columns: max-content 1fr;
gap: 0.25rem 0.75rem;
}
@media (max-width: 640px) {
.container {
padding: 1rem;
}
.actions {
flex-direction: column-reverse;
}
}
frontend/src/Onboarding/OnboardingPage.tsx
+242
View File
@@ -0,0 +1,242 @@
import React, { useEffect, useMemo, useState, type ReactNode } from 'react'
import { Button, Callout, Card, FormGroup, H2, H5, InputGroup, Intent, ProgressBar } from '@blueprintjs/core'
import MultiStep, { type SignalParent, useMultiStep } from 'react-multistep'
import { getKeycloak } from '../keycloak'
import styles from './OnboardingPage.module.css'
type OnboardingPayload = {
firstName: string
middleName: string
lastName: string
ssn: string
}
type StepProps = {
signalParent?: SignalParent
title?: ReactNode
value: OnboardingPayload
onChange: (updates: Partial<OnboardingPayload>) => void
onSubmit?: () => Promise<void>
isSubmitting?: boolean
error?: string | null
}
interface OnboardingPageProps {
onComplete: () => void
}
function StepChrome({ children, onSubmit, isSubmitting = false }: { children: ReactNode; onSubmit?: () => Promise<void>; isSubmitting?: boolean }) {
const { activeStep, stepCount, steps, currentStepValid, next, previous, goToStep } = useMultiStep()
const isLastStep = activeStep === stepCount - 1
const progress = ((activeStep + 1) / stepCount) * 100
const handleAdvance = async () => {
if (!isLastStep) {
next()
return
}
if (onSubmit) {
await onSubmit()
}
}
return (
<Card className={styles.card} elevation={2}>
<div className={styles.header}>
<H2 className={styles.title}>Finish Your Profile</H2>
<p className={styles.subtitle}>We only need a few details to complete onboarding.</p>
<ProgressBar value={progress / 100} animate stripes={false} />
</div>
<div className={styles.stepTabs}>
{steps.map(step => (
<button
key={step.index}
type="button"
className={step.index === activeStep ? styles.tabActive : styles.tab}
onClick={() => goToStep(step.index)}
>
{(step.title as React.ReactNode) ?? `Step ${step.index + 1}`}
</button>
))}
</div>
<div>{children}</div>
<div className={styles.actions}>
<Button disabled={activeStep === 0 || isSubmitting} onClick={previous}>
Back
</Button>
<Button
intent={Intent.PRIMARY}
loading={isSubmitting}
disabled={!currentStepValid || isSubmitting}
onClick={() => void handleAdvance()}
>
{isLastStep ? 'Complete Onboarding' : 'Continue'}
</Button>
</div>
</Card>
)
}
function NameStep({ signalParent, value, onChange }: StepProps) {
useEffect(() => {
signalParent?.({ isValid: value.firstName.trim().length > 0 })
}, [signalParent, value.firstName])
return (
<StepChrome>
<div className={styles.formGrid}>
<FormGroup label="First name" labelFor="firstName" labelInfo="*">
<InputGroup
id="firstName"
value={value.firstName}
onValueChange={nextValue => onChange({ firstName: nextValue })}
placeholder="Ada"
autoFocus
/>
</FormGroup>
<FormGroup label="Middle name (optional)" labelFor="middleName">
<InputGroup
id="middleName"
value={value.middleName}
onValueChange={nextValue => onChange({ middleName: nextValue })}
placeholder="Lovelace"
/>
</FormGroup>
<FormGroup label="SSN" labelFor="ssn" labelInfo="*">
<InputGroup
id="ssn"
value={value.ssn}
onValueChange={nextValue => onChange({ ssn: nextValue })}
placeholder="XXX-XX-XXXX"
type="password"
/>
</FormGroup>
</div>
</StepChrome>
)
}
function ReviewStep({ signalParent, value, onChange, onSubmit, isSubmitting = false, error = null }: StepProps) {
useEffect(() => {
const isValid =
value.firstName.trim().length > 0 &&
value.lastName.trim().length > 0 &&
value.ssn.trim().length > 0
signalParent?.({ isValid })
}, [signalParent, value.firstName, value.lastName, value.ssn])
return (
<StepChrome onSubmit={onSubmit} isSubmitting={isSubmitting}>
<div className={styles.formGrid}>
<FormGroup label="Last name" labelFor="lastName" labelInfo="*">
<InputGroup
id="lastName"
value={value.lastName}
onValueChange={nextValue => onChange({ lastName: nextValue })}
placeholder="Byron"
/>
</FormGroup>
</div>
<div className={styles.reviewRow}>
<H5 className={styles.reviewTitle}>Review</H5>
<div className={styles.reviewGrid}>
<span>First</span>
<span>{value.firstName || '-'}</span>
<span>Middle</span>
<span>{value.middleName || '-'}</span>
<span>Last</span>
<span>{value.lastName || '-'}</span>
<span>SSN</span>
<span>{'•'.repeat(value.ssn.length) || '-'}</span>
</div>
</div>
{error && (
<Callout intent={Intent.DANGER} title="Could not save profile">
{error}
</Callout>
)}
</StepChrome>
)
}
export function OnboardingPage({ onComplete }: OnboardingPageProps) {
const [form, setForm] = useState<OnboardingPayload>({
firstName: '',
middleName: '',
lastName: '',
ssn: '',
})
const [isSubmitting, setIsSubmitting] = useState(false)
const [error, setError] = useState<string | null>(null)
const payload = useMemo(
() => ({
firstName: form.firstName.trim(),
middleName: form.middleName.trim(),
lastName: form.lastName.trim(),
ssn: form.ssn.trim(),
}),
[form.firstName, form.middleName, form.lastName, form.ssn],
)
const handleChange = (updates: Partial<OnboardingPayload>) => {
setForm(current => ({ ...current, ...updates }))
}
const handleSubmit = async () => {
setIsSubmitting(true)
setError(null)
try {
const keycloak = getKeycloak()
await keycloak.updateToken(30)
const response = await fetch('/api/profile/onboarding', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${keycloak.token}`,
},
body: JSON.stringify(payload),
})
if (response.ok || response.status === 409) {
onComplete()
return
}
let message = `Status ${response.status}`
const data = (await response.json().catch(() => null)) as { message?: string } | null
if (data?.message) {
message = data.message
}
setError(message)
} catch (submitError) {
setError(submitError instanceof Error ? submitError.message : 'Unexpected error')
} finally {
setIsSubmitting(false)
}
}
return (
<div className={styles.container}>
<MultiStep initialStep={0} onValidationError={() => setError('Please complete required fields before continuing.')}>
<NameStep title="Identity" value={form} onChange={handleChange} />
<ReviewStep
title="Finalize"
value={form}
onChange={handleChange}
onSubmit={handleSubmit}
isSubmitting={isSubmitting}
error={error}
/>
</MultiStep>
</div>
)
}
frontend/src/Onboarding/index.ts
+1
View File
@@ -0,0 +1 @@
export { OnboardingPage } from './OnboardingPage'
frontend/src/Profile/ProfilePreview.module.css
+126
View File
@@ -0,0 +1,126 @@
.container {
display: flex;
align-items: center;
justify-content: center;
min-height: 100vh;
background: #f5f7fa;
}
.card {
width: 100%;
max-width: 480px;
padding: 2.5rem;
border: 1px solid #e0e0e0;
border-radius: 12px;
background: #fff;
display: flex;
flex-direction: column;
gap: 1.5rem;
}
.header {
display: flex;
flex-direction: column;
gap: 0.25rem;
}
.title {
margin: 0;
font-size: 1.4rem;
font-weight: 600;
color: #111;
}
.subtitle {
margin: 0;
font-size: 0.85rem;
color: #6b7280;
}
.badge {
display: inline-flex;
align-items: center;
gap: 0.35rem;
padding: 0.2rem 0.65rem;
border-radius: 999px;
font-size: 0.78rem;
font-weight: 500;
background: #dcfce7;
color: #15803d;
width: fit-content;
}
.dot {
width: 7px;
height: 7px;
border-radius: 50%;
background: #16a34a;
}
.fields {
display: flex;
flex-direction: column;
gap: 1rem;
}
.field {
display: flex;
flex-direction: column;
gap: 0.2rem;
}
.label {
font-size: 0.75rem;
font-weight: 600;
text-transform: uppercase;
letter-spacing: 0.05em;
color: #9ca3af;
}
.value {
font-size: 1rem;
color: #111;
padding: 0.55rem 0.75rem;
border: 1px solid #e5e7eb;
border-radius: 6px;
background: #f9fafb;
font-family: monospace;
}
.divider {
border: none;
border-top: 1px solid #e5e7eb;
margin: 0;
}
.meta {
font-size: 0.8rem;
color: #9ca3af;
display: flex;
flex-direction: column;
gap: 0.25rem;
}
.actions {
display: flex;
justify-content: flex-end;
}
.logout {
padding: 0.55rem 1.25rem;
border: 1px solid #ccc;
border-radius: 6px;
background: transparent;
font-size: 0.9rem;
cursor: pointer;
color: #374151;
}
.logout:hover {
background: #f3f4f6;
}
.error {
color: #dc2626;
font-size: 0.9rem;
}
frontend/src/Profile/ProfilePreview.tsx
+113
View File
@@ -0,0 +1,113 @@
import { useEffect, useState } from 'react'
import { getKeycloak } from '../keycloak'
import styles from './ProfilePreview.module.css'
interface Profile {
id: string
keycloakSubject: string
firstName: string
middleName: string
lastName: string
onboardingComplete: boolean
createdAt: string
tenant: string
}
interface Props {
onLogout: () => void
}
export function ProfilePreview({ onLogout }: Props) {
const [profile, setProfile] = useState<Profile | null>(null)
const [error, setError] = useState<string | null>(null)
useEffect(() => {
async function load() {
try {
const keycloak = getKeycloak()
await keycloak.updateToken(30)
const res = await fetch('/api/profile', {
headers: { Authorization: `Bearer ${keycloak.token}` },
})
if (!res.ok) throw new Error(`Status ${res.status}`)
setProfile(await res.json())
} catch (e) {
setError(e instanceof Error ? e.message : 'Failed to load profile')
}
}
load()
}, [])
if (error) {
return (
<div className={styles.container}>
<div className={styles.card}>
<p className={styles.error}>Error: {error}</p>
</div>
</div>
)
}
if (!profile) {
return (
<div className={styles.container}>
<div className={styles.card}>
<p>Loading profile</p>
</div>
</div>
)
}
return (
<div className={styles.container}>
<div className={styles.card}>
<div className={styles.header}>
<h1 className={styles.title}>Profile Preview</h1>
<p className={styles.subtitle}>
Decrypted PII read back from the database via the API
</p>
</div>
<div className={styles.badge}>
<span className={styles.dot} />
Decryption successful
</div>
<div className={styles.fields}>
<div className={styles.field}>
<span className={styles.label}>First Name</span>
<span className={styles.value}>{profile.firstName}</span>
</div>
{profile.middleName && (
<div className={styles.field}>
<span className={styles.label}>Middle Name</span>
<span className={styles.value}>{profile.middleName}</span>
</div>
)}
<div className={styles.field}>
<span className={styles.label}>Last Name</span>
<span className={styles.value}>{profile.lastName}</span>
</div>
</div>
<hr className={styles.divider} />
<div className={styles.meta}>
<span>Profile ID: {profile.id}</span>
<span>Subject: {profile.keycloakSubject}</span>
<span>Tenant: {profile.tenant || '(none)'}</span>
<span>Created: {new Date(profile.createdAt).toLocaleString()}</span>
<span>
Onboarding complete: {profile.onboardingComplete ? 'Yes' : 'No'}
</span>
</div>
<div className={styles.actions}>
<button className={styles.logout} onClick={onLogout}>
Logout
</button>
</div>
</div>
</div>
)
}
frontend/src/index.css
+55
View File
@@ -0,0 +1,55 @@
:root {
font-family: system-ui, Avenir, Helvetica, Arial, sans-serif;
line-height: 1.5;
font-weight: 400;
color-scheme: light dark;
font-synthesis: none;
text-rendering: optimizeLegibility;
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;
}
/* Reset and base styles */
*,
*::before,
*::after {
box-sizing: border-box;
}
html {
margin: 0;
padding: 0;
width: 100%;
height: 100%;
overflow-x: hidden;
}
body {
margin: 0;
padding: 0;
width: 100%;
min-height: 100vh;
overflow-x: hidden;
}
/* Remove default Vite styles that conflict with our design */
h1 {
margin: 0;
}
button {
font-family: inherit;
cursor: pointer;
}
@media (prefers-reduced-motion: reduce) {
*,
*::before,
*::after {
animation-duration: 0.01ms !important;
animation-iteration-count: 1 !important;
transition-duration: 0.01ms !important;
}
}
frontend/src/keycloak.ts
+33
View File
@@ -0,0 +1,33 @@
import Keycloak from 'keycloak-js'
// Keycloak instance is created dynamically after fetching /api/config from the server.
// This is necessary because the realm is per-tenant and unknown at build time.
let _keycloak: Keycloak | null = null
export interface TenantConfig {
keycloakUrl: string
realm: string
clientId: string
}
export async function loadTenantConfig(): Promise<TenantConfig> {
const res = await fetch('/api/config')
if (!res.ok) throw new Error(`Failed to load tenant config: ${res.status}`)
return res.json()
}
export function createKeycloak(cfg: TenantConfig): Keycloak {
_keycloak = new Keycloak({
url: cfg.keycloakUrl,
realm: cfg.realm,
clientId: cfg.clientId,
})
return _keycloak
}
// Use this everywhere instead of the default import.
// Guaranteed non-null after main.tsx calls createKeycloak().
export function getKeycloak(): Keycloak {
if (!_keycloak) throw new Error('Keycloak not initialised yet')
return _keycloak
}
frontend/src/main.tsx
+26
View File
@@ -0,0 +1,26 @@
import { StrictMode } from 'react'
import { createRoot } from 'react-dom/client'
import '@blueprintjs/core/lib/css/blueprint.css'
import '@blueprintjs/icons/lib/css/blueprint-icons.css'
import './index.css'
import App from './App.tsx'
import { loadTenantConfig, createKeycloak } from './keycloak.ts'
loadTenantConfig()
.then(cfg => {
const keycloak = createKeycloak(cfg)
return keycloak.init({ onLoad: 'login-required', pkceMethod: 'S256', checkLoginIframe: false })
})
.then(() => {
createRoot(document.getElementById('root')!).render(
<StrictMode>
<App />
</StrictMode>,
)
})
.catch(err => {
console.error('Failed to initialise app:', err)
document.getElementById('root')!.innerHTML =
`<pre style="color:red;padding:2rem">Failed to initialise: ${err}</pre>`
})
frontend/src/vite-env.d.ts
Vendored
+1
View File
@@ -0,0 +1 @@
/// <reference types="vite/client" />
frontend/tsconfig.app.json
+27
View File
@@ -0,0 +1,27 @@
{
"compilerOptions": {
"tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",
"target": "ES2020",
"useDefineForClassFields": true,
"lib": ["ES2020", "DOM", "DOM.Iterable"],
"module": "ESNext",
"skipLibCheck": true,
/* Bundler mode */
"moduleResolution": "bundler",
"allowImportingTsExtensions": true,
"verbatimModuleSyntax": true,
"moduleDetection": "force",
"noEmit": true,
"jsx": "react-jsx",
/* Linting */
"strict": true,
"noUnusedLocals": true,
"noUnusedParameters": true,
"erasableSyntaxOnly": true,
"noFallthroughCasesInSwitch": true,
"noUncheckedSideEffectImports": true
},
"include": ["src"]
}
frontend/tsconfig.json
+7
View File
@@ -0,0 +1,7 @@
{
"files": [],
"references": [
{ "path": "./tsconfig.app.json" },
{ "path": "./tsconfig.node.json" }
]
}
frontend/tsconfig.node.json
+25
View File
@@ -0,0 +1,25 @@
{
"compilerOptions": {
"tsBuildInfoFile": "./node_modules/.tmp/tsconfig.node.tsbuildinfo",
"target": "ES2022",
"lib": ["ES2023"],
"module": "ESNext",
"skipLibCheck": true,
/* Bundler mode */
"moduleResolution": "bundler",
"allowImportingTsExtensions": true,
"verbatimModuleSyntax": true,
"moduleDetection": "force",
"noEmit": true,
/* Linting */
"strict": true,
"noUnusedLocals": true,
"noUnusedParameters": true,
"erasableSyntaxOnly": true,
"noFallthroughCasesInSwitch": true,
"noUncheckedSideEffectImports": true
},
"include": ["vite.config.ts"]
}
frontend/vite.config.ts
+22
View File
@@ -0,0 +1,22 @@
import { defineConfig } from 'vite'
import react from '@vitejs/plugin-react'
// https://vite.dev/config/
export default defineConfig({
plugins: [react()],
resolve: {
dedupe: ['react', 'react-dom'],
},
optimizeDeps: {
include: ['react-multistep'],
},
server: {
proxy: {
// Proxy API calls to the app service
'/api': {
target: process.env.SERVER_HTTPS || process.env.SERVER_HTTP,
changeOrigin: true
}
}
}
})