vietreport-admin/solution-erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
11e61c9c39a0b1e2706fb2c35d19ccd0c30696d3
solution-erp/fe-admin/src/lib/api.ts
pqhuy1987 f3fb3fd565 [CLAUDE] Phase5 prep: production infra + deploy scripts + 4 guides + FE refresh token 
Backend production infra:
- Packages: Serilog.Sinks.File, HealthChecks.EntityFrameworkCore (RateLimiting built-in .NET 10)
- appsettings.Production.json MOI: placeholder __SET_VIA_SECRETS__, AllowedOrigins, Serilog File sink rolling daily retention 30d, RateLimit config
- appsettings.json + Development.json: them Serilog WriteTo Console
- Program.cs REWRITE:
  - Serilog ReadFrom.Configuration (prod file / dev console)
  - Rate limiter: policy auth-login 5/min/IP (AuthController.Login) + GlobalLimiter 300/min/IP
  - Health checks: /health/live liveness (empty predicate) + /health/ready DB probe (AddDbContextCheck)
  - HSTS production 1 year
  - CORS origins from config AllowedOrigins (default dev 2 localhost)
- AuthController.Login gắn [EnableRateLimiting("auth-login")]

Deploy scripts:
- scripts/deploy-iis.ps1: stop pool → backup current → clean+extract artifact → start pool → health check loop 30s timeout → rollback instruction if fail
- scripts/backup-sql.ps1: BACKUP DATABASE voi INIT+COMPRESSION+CHECKSUM + retention 30d auto cleanup
- .gitea/workflows/deploy.yml MOI: 4 job build BE (Windows) + build 2 FE (Ubuntu, pin .nvmrc 20) + deploy-iis qua WinRM PSSession (secrets IIS_HOST/USER/PASSWORD/JWT_SECRET/DB_CONNECTION)

Docs guides MOI (4 file):
- deployment-iis.md: prereqs (IIS features, Hosting Bundle, SQL, WinRM) + setup lan dau (app pool, 3 site, HTTPS win-acme, user-secrets) + deploy hang ngay (CI/CD + manual) + rollback + monitoring + troubleshooting + SPA web.config sample
- cicd.md: pipeline overview 4 job, secrets setup, runner Windows+Ubuntu, branch strategy, build optimizations, common CI/CD issues
- security-checklist.md: OWASP top 10 2021 mapping voi status + pre go-live checklist + incident response
- runbook.md: daily ops (health/logs), restart/rollback, DB backup/restore/migration revert, user management (reset password, unlock, disable), monitoring (CPU/disk/connection pool), deployment checklist, common gotcha

Frontend refresh token (ca 2 app fe-admin + fe-user):
- lib/api.ts REWRITE: them REFRESH_KEY, axios response interceptor 401 → POST /auth/refresh → retry request goc. Queue pattern cho nhieu request song song chi 1 refresh call chay. Skip retry /auth/login + /auth/refresh tranh infinite loop. _retry flag tren original config.
- contexts/AuthContext.tsx: luu+xoa REFRESH_KEY trong login/logout

E2E verified:
- GET /health/live → 200 Healthy
- GET /health/ready → 200 Healthy (DB probe)
- Rate limit flood 7 POST /auth/login → #1-5 HTTP 400 (cred sai) + #6-7 HTTP 429 Too Many Requests 
- TS check fe-admin + fe-user → pass
- dotnet build → 0 errors

Docs updates:
- docs/STATUS.md: Phase 5 prep done, next Phase 5 deploy production + Phase 5.1 security hardening, cumulative stats 8 commits
- docs/HANDOFF.md: phase table them Phase 5 prep row, file tree update voi guides + scripts + workflows, git state commit 8
- docs/changelog/migration-todos.md: tick Phase 5 prep items (12 items done) + Phase 5 deploy items remaining + Phase 5.1 security hardening list
- docs/changelog/sessions/2026-04-21-1530-phase5-prep.md: session log chi tiet

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 12:57:12 +07:00

99 lines
2.8 KiB
TypeScript
Raw Blame History

import axios, { AxiosError, type InternalAxiosRequestConfig } from 'axios'
export const TOKEN_KEY = 'solution-erp-admin-token'
export const REFRESH_KEY = 'solution-erp-admin-refresh'
export const USER_KEY = 'solution-erp-admin-user'
export const api = axios.create({
baseURL: '/api',
timeout: 30000,
})
api.interceptors.request.use(config => {
const token = localStorage.getItem(TOKEN_KEY)
if (token) config.headers.Authorization = `Bearer ${token}`
return config
})
// Refresh token flow: khi 401 → thử refresh → retry request gốc. Queue các request song song
// để chỉ 1 refresh call chạy, các request khác chờ token mới.
type QueueItem = {
resolve: (value: unknown) => void
reject: (reason?: unknown) => void
config: InternalAxiosRequestConfig
}
let isRefreshing = false
let queue: QueueItem[] = []
function processQueue(error: unknown, token: string | null) {
queue.forEach(({ resolve, reject, config }) => {
if (error || !token) {
reject(error)
} else {
config.headers.Authorization = `Bearer ${token}`
resolve(api(config))
}
})
queue = []
}
function redirectLogin() {
localStorage.removeItem(TOKEN_KEY)
localStorage.removeItem(REFRESH_KEY)
localStorage.removeItem(USER_KEY)
if (!window.location.pathname.startsWith('/login')) {
window.location.href = '/login'
}
}
api.interceptors.response.use(
response => response,
async (error: AxiosError) => {
const original = error.config as InternalAxiosRequestConfig & { _retry?: boolean }
if (error.response?.status !== 401 || !original || original._retry) {
return Promise.reject(error)
}
// Login/refresh endpoint 401 → không retry (tránh infinite loop)
if (original.url?.includes('/auth/login') || original.url?.includes('/auth/refresh')) {
redirectLogin()
return Promise.reject(error)
}
original._retry = true
const refreshToken = localStorage.getItem(REFRESH_KEY)
if (!refreshToken) {
redirectLogin()
return Promise.reject(error)
}
if (isRefreshing) {
return new Promise((resolve, reject) => {
queue.push({ resolve, reject, config: original })
})
}
isRefreshing = true
try {
const res = await axios.post<{ accessToken: string; refreshToken: string }>(
'/api/auth/refresh',
{ refreshToken },
)
const newToken = res.data.accessToken
localStorage.setItem(TOKEN_KEY, newToken)
localStorage.setItem(REFRESH_KEY, res.data.refreshToken)
processQueue(null, newToken)
original.headers.Authorization = `Bearer ${newToken}`
return api(original)
} catch (refreshErr) {
processQueue(refreshErr, null)
redirectLogin()
return Promise.reject(refreshErr)
} finally {
isRefreshing = false
}
},
)
Reference in New Issue View Git Blame Copy Permalink