Use typesafe options

- Also use v4

.gitea/workflows/backend-build.yml

@@ -0,0 +1,27 @@
+name: Build Backend
+run-name: ${{ gitea.actor }} is testing out building the Backend
+
+on:
+  workflow_dispatch:
+
+jobs:
+  backend:
+    name: Build & Test .NET Backend
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clone the repository
+        uses: actions/checkout@v4
+
+      - name: Setup .NET SDK
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: '9.0.x'
+
+      - name: Restore dependencies
+        run: dotnet restore
+
+      - name: Build the project
+        run: dotnet build USEntryCoach.sln --no-restore --configuration Release
+
+      - name: Run tests
+        run: dotnet test USEntryCoach.sln --no-build --verbosity normal

.gitea/workflows/frontend-build.yml

@@ -0,0 +1,26 @@
+name: Build Frontend
+run-name: ${{ gitea.actor }} is testing out building the Frontend
+
+on:
+  workflow_dispatch:
+
+jobs:
+  frontend:
+    name: Build Frontend
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clone the repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Install dependencies
+        run: npm install
+        working-directory: ./usentrycoach.client
+
+      - name: Build frontend
+        run: NODE_ENV=production npm run build
+        working-directory: ./usentrycoach.client

.gitea/workflows/pipeline.yml

@@ -0,0 +1,47 @@
+name: Build Backend and Frontend
+run-name: ${{ gitea.actor }} is testing out Building Website
+
+on: [push]
+
+jobs:
+  backend:
+    name: Build & Test .NET Backend
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clone the repository
+        uses: actions/checkout@v4
+
+      - name: Setup .NET SDK
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: '9.0.x'
+
+      - name: Restore dependencies
+        run: dotnet restore
+
+      - name: Build the project
+        run: dotnet build USEntryCoach.sln --no-restore --configuration Release
+
+      - name: Run tests
+        run: dotnet test USEntryCoach.sln --no-build --verbosity normal
+
+  frontend:
+    name: Build Frontend
+    runs-on: ubuntu-latest
+    needs: backend
+    steps:
+      - name: Clone the repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Install dependencies
+        run: npm install
+        working-directory: ./usentrycoach.client
+
+      - name: Build frontend
+        run: npm run build
+        working-directory: ./usentrycoach.client

USEntryCoach.Server/Program.cs

@@ -6,12 +6,21 @@ using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.IdentityModel.Tokens;
 using USEntryCoach.Server.Data;
 using USEntryCoach.Server.Services;
+using USEntryCoach.Server.Settings;
 
 var builder = WebApplication.CreateBuilder(args);
 
-// Add services to the container.
-// Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
 builder.Services.AddOpenApi();
+
+var apiSettingsSection = builder.Configuration.GetSection(ApiSettings.SectionName);
+var authSettingsSection = builder.Configuration.GetSection(AuthenticationSettings.SectionName);
+
+builder.Services.AddOptionsWithValidateOnStart<ApiSettings>().Bind(apiSettingsSection).ValidateDataAnnotations();
+builder.Services.AddOptionsWithValidateOnStart<AuthenticationSettings>().Bind(authSettingsSection).ValidateDataAnnotations();
+
+ApiSettings? apiSettings = apiSettingsSection.Get<ApiSettings>();
+AuthenticationSettings? authSettings = authSettingsSection.Get<AuthenticationSettings>();
+
 builder.Services.AddSingleton<TokenService>();
 
 // Configure JWT token generation.
@@ -21,28 +30,14 @@ builder.Services.AddAuthentication(config =>
     config.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
 }).AddJwtBearer(config =>
 {
-    // TODO: Use Microsoft.Extensions.Options?
-    // var myOptions = new MyOptions(); // Your settings class
-    // builder.Configuration.GetSection("MySection").Bind(myOptions);
-    // myOptions now has the values
-    //
-    // TODO: This is identical in TokenService
-    string? secretToken = builder.Configuration.GetValue<string>("Authentication:Secret");
-
-    if (secretToken == null)
-    {
-        throw new Exception("No Authentication Secret Token set! Please define a value for \"Authentication:SecretToken\" in appsettings.json.");
-    }
-
-    byte[] secretKey = Encoding.ASCII.GetBytes(secretToken);
-
     // TODO: Only for debug!
     config.RequireHttpsMetadata = false;
+
     config.SaveToken = true;
     config.TokenValidationParameters = new TokenValidationParameters()
     {
         ValidateIssuerSigningKey = true,
-        IssuerSigningKey = new SymmetricSecurityKey(secretKey),
+        IssuerSigningKey = new SymmetricSecurityKey(authSettings!.JwtGenerationSecretBytes),
         ValidateIssuer = false,
         ValidateAudience = false
     };
@@ -75,9 +70,9 @@ if (app.Environment.IsDevelopment())
 app.UseHttpsRedirection();
 
 HttpClient client = new();
-string? apiKey = app.Configuration.GetValue<string>("API:OpenAI");
+//string? apiKey = app.Configuration.GetValue<string>("API:OpenAI");
 client.DefaultRequestHeaders.Clear();
-client.DefaultRequestHeaders.Add("Authorization", $"Bearer {apiKey}");
+client.DefaultRequestHeaders.Add("Authorization", $"Bearer {apiSettings.OpenAiToken}");
 
 app.MapPost("/login", Login);
 
@@ -131,8 +126,8 @@ app.MapGet("/user", (ClaimsPrincipal user) =>
 
 app.MapGet("/ephemeral_token", async () =>
 {
-    if (apiKey == null)
+    //if (apiKey == null)
-        throw new Exception("API key not set");
+    //    throw new Exception("API key not set");
 
     var options = new
     {

USEntryCoach.Server/Services/TokenService.cs

@@ -1,39 +1,15 @@
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using System.Text;
+using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
 using USEntryCoach.Server.Data;
+using USEntryCoach.Server.Settings;
 
 namespace USEntryCoach.Server.Services;
 
-public class TokenService
+public class TokenService(IOptions<AuthenticationSettings> authenticationSettings)
 {
-    private byte[] _secretToken;
-    private double _jwtExpiryMinutes;
-    private const double DefaultJwtExpiryMinutes = 15;
-
-    public TokenService(IConfiguration configuration)
-    {
-        string? secretToken = configuration.GetValue<string>("Authentication:Secret");
-
-        if (secretToken == null)
-        {
-            throw new Exception("No Authentication Secret Token set! Please define a value for \"Authentication:SecretToken\" in appsettings.json.");
-        }
-
-        _secretToken = Encoding.ASCII.GetBytes(secretToken);
-
-        double? jwtExpiryMinutes = configuration.GetValue<double?>("Authentication:JwtExpiryMinutes");
-
-        if (jwtExpiryMinutes == null)
-        {
-            // TODO: Use logger
-            Console.WriteLine($"Warning: No expiry time for jwt session tokens defined. Using {DefaultJwtExpiryMinutes} minutes.");
-        }
-
-        _jwtExpiryMinutes = jwtExpiryMinutes ?? DefaultJwtExpiryMinutes;
-    }
-
     public string GenerateToken(User user)
     {
         JwtSecurityTokenHandler tokenHandler = new();
@@ -42,11 +18,12 @@ public class TokenService
         {
             Subject = new ClaimsIdentity([
                 new Claim(ClaimTypes.Name, user.Username),
-                //new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
                 new Claim(ClaimTypes.Role, user.Role.ToString())
             ]),
-            Expires = DateTime.UtcNow.AddMinutes(_jwtExpiryMinutes),
+            Expires = DateTime.UtcNow.Add(authenticationSettings.Value.JwtExpiryTime),
-            SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(_secretToken), SecurityAlgorithms.HmacSha256Signature)
+            SigningCredentials = new SigningCredentials(
+                new SymmetricSecurityKey(authenticationSettings.Value.JwtGenerationSecretBytes),
+                SecurityAlgorithms.HmacSha256Signature)
         };
 
         SecurityToken token = tokenHandler.CreateToken(tokenDescriptor);

USEntryCoach.Server/Settings/APISettings.cs

@@ -0,0 +1,42 @@
+using System.ComponentModel.DataAnnotations;
+using System.Diagnostics.CodeAnalysis;
+using System.Text;
+using Microsoft.Extensions.Options;
+
+namespace USEntryCoach.Server.Settings;
+
+public sealed class ApiSettings
+{
+    public const string SectionName = "API";
+
+    [Required(ErrorMessage = "OpenAI API token is required!", AllowEmptyStrings = false)]
+    public required string OpenAiToken { get; set; }
+}
+
+public sealed class AuthenticationSettings
+{
+    public const string SectionName = "Authentication";
+
+    private string _jwtGenerationSecret = null!;
+
+    [Required(ErrorMessage = "JWT generation secret token is required!", AllowEmptyStrings = false)]
+    public required string JwtGenerationSecret
+    {
+        get => _jwtGenerationSecret;
+        set
+        {
+            _jwtGenerationSecret = value;
+            JwtGenerationSecretBytes = Encoding.UTF8.GetBytes(value);
+        }
+    }
+
+    public byte[] JwtGenerationSecretBytes { get; private set; }
+
+    const string JwtExpiryTimeMin = "00:00:30";
+    const string JwtExpiryTimeMax = "24:00:00";
+
+    [Range(typeof(TimeSpan), JwtExpiryTimeMin, JwtExpiryTimeMax,
+        ErrorMessage = $"JWT expiry time must be in the range from {JwtExpiryTimeMin} to {JwtExpiryTimeMax}.")]
+    public TimeSpan JwtExpiryTime { get; set; } = TimeSpan.FromMinutes(5);
+}
+

USEntryCoach.Server/appsettings.Development.json

@@ -6,9 +6,9 @@
     }
   },
   "API": {
-    "OpenAI": "Please set the key in secrets.json! NEVER HERE!!!"
+    "OpenAiToken": "Please set the key in secrets.json! NEVER HERE!!!"
   },
   "Authentication": {
-    "Secret": "Please provide a GUID (without dashes) as secret."
+    "JwtGenerationSecret": "Please provide a GUID (without dashes) as secret."
   }
 }

USEntryCoach.Server/appsettings.json

@@ -7,6 +7,10 @@
   },
   "AllowedHosts": "*",
   "API": {
-    "OpenAI": "[NO_API_KEY]"
+    "OpenAiToken": "[NO_API_KEY]"
+  },
+  "Authentication": {
+    "JwtGenerationSecret": "Please provide a GUID (without dashes) as secret.",
+    "JwtExpiryTime": "00:15:00"
   }
 }

usentrycoach.client/package.json

@@ -11,7 +11,8 @@
   },
   "dependencies": {
     "react": "^19.1.0",
-    "react-dom": "^19.1.0"
+    "react-dom": "^19.1.0",
+    "zod": "^3.25.23"
   },
   "devDependencies": {
     "@eslint/js": "^9.25.0",

usentrycoach.client/src/ChatClient/ChatControl.tsx

@@ -1,6 +1,6 @@
 import {useState, useRef, useEffect} from 'react';
 import useLoginToken from "../Hooks/useLoginToken.tsx";
-import { z } from 'zod';
+import { z } from 'zod/v4';
 
 function SessionActive({stopSession} : {stopSession: () => void})
 {

usentrycoach.client/src/Components/Login.tsx

@@ -1,5 +1,5 @@
 import { useState, type FormEvent } from 'react';
-import { z } from 'zod';
+import { z } from 'zod/v4';
 
 export default function Login({ setToken } : {setToken: (token: string) => void})
 {

usentrycoach.client/vite.config.ts

@@ -7,6 +7,8 @@ import path from 'path';
 import child_process from 'child_process';
 import { env } from 'process';
 
+const isDevelopment = env.NODE_ENV !== 'production';
+
 const baseFolder =
     env.APPDATA !== undefined && env.APPDATA !== ''
         ? `${env.APPDATA}/ASP.NET/https`
@@ -21,7 +23,8 @@ if (!fs.existsSync(baseFolder))
     fs.mkdirSync(baseFolder, { recursive: true });
 }
 
-if (!fs.existsSync(certFilePath) || !fs.existsSync(keyFilePath)) 
+// Generate dev certificate, if we are in development mode, and it doesn't exist yet.
+if (isDevelopment && (!fs.existsSync(certFilePath) || !fs.existsSync(keyFilePath)))
 {
     if (0 !== child_process.spawnSync('dotnet', [
         'dev-certs',
@@ -32,7 +35,7 @@ if (!fs.existsSync(certFilePath) || !fs.existsSync(keyFilePath))
         'Pem',
         '--no-password',
     ], { stdio: 'inherit', }).status) 
-{
+    {
         throw new Error("Could not create certificate.");
     }
 }
@@ -68,9 +71,10 @@ export default defineConfig({
     server: {
         proxy: proxyConfig,
         port: parseInt(env.DEV_SERVER_PORT ?? '54044'),
-        https: {
+        // This is only relevant for development anyway.
+        https: isDevelopment ? {
             key: fs.readFileSync(keyFilePath),
             cert: fs.readFileSync(certFilePath),
-        }
+        } : undefined
     }
 })