feat: Implement provisioning pipelines for subscription management

- Add ReactivatePipeline to handle subscription reactivation, including scaling Docker services, health verification, status updates, audit logging, and broadcasting status changes. - Introduce RotateCredentialsPipeline for OAuth2 credential rotation, managing the deletion of old apps, creation of new ones, credential storage, access verification, and audit logging. - Create StepRunner to manage job step execution, including lifecycle management and progress broadcasting via SignalR. - Implement SuspendPipeline for subscription suspension, scaling down services, updating statuses, logging audits, and broadcasting changes. - Add UpdateScreenLimitPipeline to update Xibo CMS screen limits and record snapshots. - Introduce XiboFeatureManifests for hardcoded feature ACLs per role. - Add docker-compose.dev.yml for local development with PostgreSQL setup.
2026-03-18 10:27:26 -04:00
parent c2e03de8bb
commit c6d46098dd
77 changed files with 9412 additions and 29 deletions
--- a/OTSSignsOrchestrator.Server/Health/Checks/ThemeHealthCheck.cs
+++ b/OTSSignsOrchestrator.Server/Health/Checks/ThemeHealthCheck.cs
@@ -0,0 +1,145 @@
+using OTSSignsOrchestrator.Server.Clients;
+using OTSSignsOrchestrator.Server.Data;
+using OTSSignsOrchestrator.Server.Data.Entities;
+
+namespace OTSSignsOrchestrator.Server.Health.Checks;
+
+/// <summary>
+/// Verifies the Xibo CMS theme is set to <c>otssigns</c> by calling <c>GET /api/settings</c>.
+/// Auto-remediates by calling <c>PUT /api/settings</c> if the theme is incorrect.
+/// </summary>
+public sealed class ThemeHealthCheck : IHealthCheck
+{
+    private readonly XiboClientFactory _clientFactory;
+    private readonly IServiceProvider _services;
+    private readonly ILogger<ThemeHealthCheck> _logger;
+
+    private const string ExpectedTheme = "otssigns";
+
+    public string CheckName => "Theme";
+    public bool AutoRemediate => true;
+
+    public ThemeHealthCheck(
+        XiboClientFactory clientFactory,
+        IServiceProvider services,
+        ILogger<ThemeHealthCheck> logger)
+    {
+        _clientFactory = clientFactory;
+        _services = services;
+        _logger = logger;
+    }
+
+    public async Task<HealthCheckResult> RunAsync(Instance instance, CancellationToken ct)
+    {
+        var (client, _) = await ResolveAsync(instance);
+        if (client is null)
+            return new HealthCheckResult(HealthStatus.Critical, "No OAuth app — cannot check theme");
+
+        try
+        {
+            var settingsResp = await client.GetSettingsAsync();
+            if (!settingsResp.IsSuccessStatusCode)
+                return new HealthCheckResult(HealthStatus.Critical,
+                    $"GET /settings returned {settingsResp.StatusCode}");
+
+            var settings = settingsResp.Content;
+            if (settings is null)
+                return new HealthCheckResult(HealthStatus.Critical, "Settings response was null");
+
+            // Xibo returns settings as a list of { setting, value } objects or a dictionary
+            var themeName = ExtractSetting(settings, "THEME_NAME");
+            if (string.Equals(themeName, ExpectedTheme, StringComparison.OrdinalIgnoreCase))
+                return new HealthCheckResult(HealthStatus.Healthy, $"Theme is {ExpectedTheme}");
+
+            return new HealthCheckResult(HealthStatus.Critical,
+                $"Theme is '{themeName}', expected '{ExpectedTheme}'");
+        }
+        catch (Exception ex)
+        {
+            return new HealthCheckResult(HealthStatus.Critical,
+                $"Theme check failed: {ex.Message}");
+        }
+    }
+
+    public async Task<bool> RemediateAsync(Instance instance, CancellationToken ct)
+    {
+        var (client, _) = await ResolveAsync(instance);
+        if (client is null) return false;
+
+        try
+        {
+            var resp = await client.UpdateSettingsAsync(
+                new UpdateSettingsRequest(new Dictionary<string, string>
+                {
+                    ["THEME_NAME"] = ExpectedTheme,
+                }));
+
+            if (resp.IsSuccessStatusCode)
+            {
+                await using var scope = _services.CreateAsyncScope();
+                var db = scope.ServiceProvider.GetRequiredService<OrchestratorDbContext>();
+                db.AuditLogs.Add(new AuditLog
+                {
+                    Id = Guid.NewGuid(),
+                    InstanceId = instance.Id,
+                    Actor = "HealthCheckEngine:Theme",
+                    Action = "FixTheme",
+                    Target = instance.Customer.Abbreviation,
+                    Outcome = "Success",
+                    Detail = $"Reset THEME_NAME to {ExpectedTheme}",
+                    OccurredAt = DateTime.UtcNow,
+                });
+                await db.SaveChangesAsync(ct);
+                return true;
+            }
+
+            _logger.LogError("Failed to fix theme: {Err}", resp.Error?.Content);
+            return false;
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "Theme remediation failed");
+            return false;
+        }
+    }
+
+    private static string? ExtractSetting(object settingsObj, string key)
+    {
+        // Settings may come back as a dictionary or a list of objects
+        if (settingsObj is System.Text.Json.JsonElement je)
+        {
+            if (je.ValueKind == System.Text.Json.JsonValueKind.Object &&
+                je.TryGetProperty(key, out var val))
+                return val.GetString();
+
+            if (je.ValueKind == System.Text.Json.JsonValueKind.Array)
+            {
+                foreach (var item in je.EnumerateArray())
+                {
+                    if (item.TryGetProperty("setting", out var settingProp) &&
+                        string.Equals(settingProp.GetString(), key, StringComparison.OrdinalIgnoreCase) &&
+                        item.TryGetProperty("value", out var valueProp))
+                    {
+                        return valueProp.GetString();
+                    }
+                }
+            }
+        }
+
+        return null;
+    }
+
+    private async Task<(IXiboApiClient? Client, string Abbrev)> ResolveAsync(Instance instance)
+    {
+        var abbrev = instance.Customer.Abbreviation;
+        var oauthApp = instance.OauthAppRegistries.FirstOrDefault();
+        if (oauthApp is null) return (null, abbrev);
+
+        var settings = _services.GetRequiredService<Core.Services.SettingsService>();
+        var secret = await settings.GetAsync(Core.Services.SettingsService.InstanceOAuthSecretId(abbrev));
+        if (string.IsNullOrEmpty(secret)) return (null, abbrev);
+
+        var client = await _clientFactory.CreateAsync(instance.XiboUrl, oauthApp.ClientId, secret);
+        return (client, abbrev);
+    }
+}