149 lines
7.3 KiB
Plaintext
149 lines
7.3 KiB
Plaintext
{"login": "superuser","password": "l3tm3in"}
|
|
|
|
{"login": "OpsAdminLimited","password": "OpsAdminLimited"}
|
|
|
|
|
|
|
|
|
|
todo: 2020-09-24 09:24:37.5792|WARN|Microsoft.EntityFrameworkCore.Infrastructure|'AddEntityFramework*' was called on the service provider, but 'UseInternalServiceProvider' wasn't called in the DbContext options configuration. Remove the 'AddEntityFramework*' call as in most cases it's not needed and might cause conflicts with other products and services registered in the same service provider.
|
|
|
|
|
|
Created
|
|
await NotifyEventProcessor.HandlePotentialNotificationEvent(AyaEvent.Created, newObject);
|
|
|
|
Modified PUT update
|
|
await NotifyEventProcessor.HandlePotentialNotificationEvent(AyaEvent.Modified, dbObject, SnapshotOfOriginalDBObj);
|
|
|
|
Deleted
|
|
await NotifyEventProcessor.HandlePotentialNotificationEvent(AyaEvent.Deleted, dbObject);
|
|
|
|
|
|
|
|
todo: ip address logged in container mode is the local server as I guess it comes from NGINX
|
|
is there a way to capture this or...?
|
|
|
|
todo: AYANOVA_SERVER_TEST_MODE Is this a thing anymore? I think I need to remove it as an environment variable and all the startup code to go with it
|
|
todo: AYANOVA_PERMANENTLY_ERASE_DATABASE does more than that, also resets dbid, should this option name be changed to something more dire
|
|
it sounds just like the option in ayaNova to erase all data but those are two different things
|
|
"permanently" is redundant as well.
|
|
todo: permanently erase db startup thing, should it really exist?
|
|
It will zap the dbid so a user might expect to just use their old license but it wont' fetch again
|
|
we could issue a new key to replace with the new dbid and also issue a revoke key for the old dbid so that
|
|
there can be no fraudulent use this way.
|
|
I guess it's a rare situation and if the option to delete is there people will surely fuck up and use it unintentionally?
|
|
or maybe not
|
|
todo: could be a presentation issue but erasing the database and "permanently" erasing the db do two different things completely
|
|
Maybe change the biz object erase to empty or remove all data or something along those lines
|
|
If it requires too much explanation then it's probably mis-identified as to what it does
|
|
|
|
|
|
todo: docs, change all named references to the Manager / manager / admin / adminstrator account to "SuperUser"
|
|
|
|
todo: add alternate, backup domain to be checked for license key if primary can't be reached
|
|
maybe even a tertiary last resort?
|
|
|
|
TODO: restrict server so randos can't login since the client now has all the logins helpfully pre-loaded on it
|
|
not sure how to do that and still support phone via cellular network or other people's wifi from logging in
|
|
Firewall settings I guess of some kind or maybe require a manual edit to the password, like add a 1 to the end of all of them or something?
|
|
|
|
|
|
todo: OPS notification created for failed jobs
|
|
also maybe direct immediate email bypassing generator?
|
|
Add backup fail to this will stub out for now
|
|
|
|
todo: Look for the comment //todo in the server source code and in each case turn into a todo here instead or in addition or remove if no longer an isue
|
|
|
|
todo: (BREAK THIS OUT INTO LATER/NOW/CASES) there are several outstanding AUTHENTICATION related cases in rockfish for RAVEN
|
|
e.g. https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1924
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1835
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1998 <---this is an important case for consideration
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3367 <--time limited accounts for support or temporary access?
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/2059 <--- time restricted accounts so user can only login during business hours (still to be considered)
|
|
2fa stuff, some logging and lockout stuff
|
|
Go through the auth related cases and notes in client side and implement or close
|
|
todo: 2fa? (if not in first release, is there something needed to support it in future dbwise?)
|
|
todo: Auth Backdoor reset password feature
|
|
how to code it here, pretty easy to do:
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3250
|
|
todo: Look into 2fa
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3395
|
|
todo: look into how to use an SSL certificate with the RAVEN server directly when not behind nginx
|
|
https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-3.1
|
|
- this should be supported by default out of the box working with Let's encrypt ideally
|
|
- is it now considered ok to host .net core web api directly internet facing?
|
|
todo: onboarding and default manager account password
|
|
- Need to come up with a safety plan for this so people don't leave it at default
|
|
- Maybe the very first thing required of a user is to change the password before any tasks can be performed
|
|
- Server stays in safety lock until they set a password?
|
|
- Or maybe a random password is generated on seeding and somehow provided to user through console or something?
|
|
- Maybe an empty db if no other users can be set password only so no one has made a hidden backdoor user account before ops changes it?
|
|
- maybe tied to license if licensed so they bring some info they have from rockfish / their license purchase or something?
|
|
- don't want it to be onerous too much and have some very inexperienced users so...
|
|
- see what other programs do, like our forum software
|
|
|
|
todo: API docs, make separate page for datalists and remove from api-response-format.md doc but put a reference link to it there.
|
|
|
|
todo: https, hosting production etc
|
|
https://docs.microsoft.com/en-us/aspnet/core/security/docker-https?view=aspnetcore-3.1
|
|
|
|
TODO: BETA TRIAL AUTH ISSUE
|
|
When go to full beta trial for people to look at, can't have two people logging into the same exact instance
|
|
Potential solutions:
|
|
Unique instance spun up on demand
|
|
Ultimately this will be the actual ongoing solution to this issue
|
|
Kubernetes?
|
|
Makes a unique user on the fly for them to login with
|
|
with random unique password
|
|
i.e. EvalUser42 pw:234089234023498
|
|
and resets each day on a loop
|
|
|
|
|
|
|
|
|
|
MAYBE
|
|
|
|
todo: authentication login from IP address, it should really be an option or kept where it can be viewed but not overwhelm the log file
|
|
Maybe a switch to disable or mask it or fully enable so "AY_LOG_LOGIN" values "FULL" or "MASK" or "DEBUG_FULL" or "DEBUG_MASK" or "NONE"
|
|
Defaults to FULL
|
|
LET"S CALL THIS A CADILLAC PROBLEM AND BUMP TO BOTTOM
|
|
|
|
todo: tag refcount
|
|
Move this into a procedure, it's apparently quite slow now that I can see the metrics
|
|
|
|
todo: add backup master time out setting
|
|
environment variable
|
|
|
|
todo: add switch somewhere to "automatic backup" so can turn off in event of externally done backup
|
|
this will take backup processing out of the generator loop
|
|
but keep the backup ui so even if external, can download the backup files
|
|
|
|
c#, JSON, Markdown, xml, yaml, batch, html, linux shell, CSS, Javascript, SQL
|
|
|
|
LOC 2020-06-12 13:08:43
|
|
language files code comment blank total
|
|
C# 236 22,232 7,995 6,288 36,515
|
|
JSON 6 7,257 0 6 7,263
|
|
Markdown 98 1,818 0 920 2,738
|
|
XML 7 1,040 2 10 1,052
|
|
YAML 1 131 1 1 133
|
|
Batch 6 18 3 4 25
|
|
HTML 1 5 0 0 5
|
|
Shell Script 2 3 2 1 6
|
|
|
|
Vue 83 12,255 1,418 785 14,458
|
|
JavaScript 44 4,472 1,894 719 7,085
|
|
XML 5 243 1 6 250
|
|
JSON 3 174 0 2 176
|
|
Markdown 1 29 0 8 37
|
|
HTML 1 19 8 2 29
|
|
Batch 3 13 0 0 13
|
|
CSS 1 3 8 2 13
|
|
Ignore 1 1 0 0 1
|
|
|
|
C# 62 6,189 1,530 1,593 9,312
|
|
JSON 2 24 1 1 26
|
|
XML 1 18 0 2 20
|
|
|
|
C# 35 5,515 2,109 2,269 9,893
|
|
Batch 1 13 0 2 15
|
|
XML 1 13 0 4 17 |