Stefan
cc2abc91d6
Playwright Tests / test (push) Waiting to run
Integrate OCORE/OCORE_web-based secret management using Azure Key Vault and DPAPI cache. Update appsettings.json to remove plaintext secrets and list managed keys. Register secret management in Program.cs. Update .gitignore for secret files. Add documentation for naming conventions and migration, plus a PowerShell script for initial secret upload. Centralizes and secures secret handling across the app.
46 lines
3.3 KiB
Markdown
46 lines
3.3 KiB
Markdown
# Copilot Instructions
|
|
|
|
|
|
## Project Overview
|
|
- **Fuchs Intranet** is an ASP.NET Core (.NET 10) web application — the intranet IS the entire website, served from `/`.
|
|
- Routes: `/{fn?}/{id?}/{code?}` → `IntranetController.Index`; `/do/{fn?}/{id?}/{code?}` → `IntranetController.Do`.
|
|
- Project structure (relative to `Fuchs/`):
|
|
- `Controllers/` — `IntranetController` partials (no area)
|
|
- `code/` — business logic, PDF, email, widgets, data models
|
|
- `css/intranet/` — intranet SCSS source files
|
|
- `js/intranet/` — intranet JS source files (modules in `js/intranet/modules/`)
|
|
- `Data/` — static data assets (images for PDF, HTML files)
|
|
- `Views/Intranet/` — Razor views; `Views/Shared/_Layout.cshtml`; `Views/Partials/`
|
|
|
|
## Coding Standards
|
|
- All code must be written in C#.
|
|
- Keep files to a limit of 400 (max 600) lines of code to ensure maintainability and readability. Proactively refactor larger files into smaller, focused classes or components as needed.
|
|
- Follow standard C# naming conventions (PascalCase for classes and methods, camelCase for variables and parameters).
|
|
- Use modern, performance-oriented C# .NET 10 features and best practices, such as async/await for asynchronous programming, LINQ for data manipulation, and dependency injection for better testability and maintainability.
|
|
|
|
## Configuration
|
|
- All application settings live in `Fuchs/appsettings.json` — **do not use `Web.config` or `System.Configuration.ConfigurationManager`**.
|
|
- App-specific settings are nested under the `"Fuchs"` key (e.g., `_config["Fuchs:SMS_APIKey"]`).
|
|
- Connection strings are stored under the standard `"ConnectionStrings"` key and read via `IConfiguration.GetConnectionString(...)`.
|
|
- `FuchsOcmsIntranet.Initialize(configuration)` must be called at app start (in `Program.cs`) before DI registration; `Fuchs_intranet` receives `IConfiguration` via its constructor.
|
|
- `appsettings.Development.json` (git-ignored) can override secrets for local development.
|
|
|
|
## Libraries
|
|
- Do not upgrade Spire.PDF beyond version 8.10.5.
|
|
- Make use of OCORE libraries where possible, especially for common tasks such as logging, configuration management, and data access.
|
|
- Whenever possible, prefer OCORE_web_pdf / OCORE PDF functions for PDF-related tasks over rewriting.
|
|
- Do not use OCMS or OCMS_sharp; use only OCORE or OCORE_web.
|
|
|
|
## Azure Key Vault — Secret Naming
|
|
- Secret names must satisfy the pattern `^[0-9a-zA-Z-]+$` (alphanumerics and hyphens only; no underscores, dots, or spaces).
|
|
- Hierarchy levels are separated by `--` (double hyphen), which maps to `:` in `IConfiguration`.
|
|
- Underscores within a name segment are encoded as a single `-` in Key Vault and decoded back to `_` when the key is reconstructed.
|
|
- The app prefix `fuchs` is prepended to every secret name.
|
|
- Format: `{appname}--{Section}--{key-with-hyphens-for-underscores}`
|
|
- Examples:
|
|
- `fuchs--ConnectionStrings--ocms-ConnectionString` → `ConnectionStrings:ocms_ConnectionString`
|
|
- `fuchs--Fuchs--SMS-APIKey` → `Fuchs:SMS_APIKey`
|
|
- `fuchs--Fuchs--Email--Main--password` → `Fuchs:Email:Main:password`
|
|
- When adding new secrets: replace every `_` in the original config key with `-` for the Key Vault name, and add the entry to `ManagedSecretKeys` in `appsettings.json` (using the same hyphenated form without the `fuchs--` prefix).
|
|
|