Add authentication for secure document access

Introduced a new login page (`Login.razor`) to handle user authentication via access codes. Implemented `AuthService` to validate access codes through an API. Updated `ReportViewer.razor` to check user access and redirect unauthorized users to the login page. Modified `Program.cs` to register `AuthService` for dependency injection. Enhanced document fetching in `ReportViewer.razor` to ensure secure access control.
2026-05-31 09:01:02 +02:00
parent 390f2d2cae
commit de8d363c27
4 changed files with 102 additions and 0 deletions
--- a/EnvelopeGenerator.ReceiverUI/Pages/ReportViewer.razor
+++ b/EnvelopeGenerator.ReceiverUI/Pages/ReportViewer.razor
@@ -19,8 +19,10 @@
@using EnvelopeGenerator.ReceiverUI.Options
@inject IJSRuntime JSRuntime
@inject IOptions<ApiOptions> AppOptions
+@inject NavigationManager Navigation
@inject InMemoryReportStorageWebExtension ReportStorage
@inject EnvelopeGenerator.ReceiverUI.Services.DocumentService DocumentService
+@inject EnvelopeGenerator.ReceiverUI.Services.AuthService AuthService

 <link href="_content/DevExpress.Blazor.Themes/blazing-berry.bs5.min.css" rel="stylesheet" />
 <link href="_content/DevExpress.Blazor.Reporting.Viewer/css/dx-blazor-reporting-components.bs5.css" rel="stylesheet" />
@@ -170,6 +172,14 @@

    protected override async Task OnInitializedAsync() {

+        if (!string.IsNullOrWhiteSpace(EnvelopeKey)) {
+            var hasAccess = await AuthService.CheckEnvelopeAccessAsync(EnvelopeKey);
+            if (!hasAccess) {
+                Navigation.NavigateTo($"/login/{Uri.EscapeDataString(EnvelopeKey)}");
+                return;
+            }
+        }
+
        if (!AppOptions.Value.ForceToUseFakeDocument && !string.IsNullOrWhiteSpace(EnvelopeKey)) {
            var (pdfBytes, _) = await DocumentService.GetDocumentAsync(EnvelopeKey);
            if (pdfBytes is { Length: > 0 }) {