huanld
2fb067ecbf
checklocks / checklocks (push) Has been cancelled
CodeQL / Analyze (go) (push) Has been cancelled
natlab-integrationtest / natlab-integrationtest (push) Has been cancelled
CI / gomod-cache (push) Has been cancelled
CI / race-root-integration (1/4) (push) Has been cancelled
CI / race-root-integration (2/4) (push) Has been cancelled
CI / race-root-integration (3/4) (push) Has been cancelled
CI / race-root-integration (4/4) (push) Has been cancelled
CI / test (-race, amd64, 1/3) (push) Has been cancelled
CI / test (-race, amd64, 2/3) (push) Has been cancelled
CI / test (-race, amd64, 3/3) (push) Has been cancelled
CI / test (386) (push) Has been cancelled
CI / test (amd64) (push) Has been cancelled
CI / Windows (benchmarks) (push) Has been cancelled
CI / Windows (1/2) (push) Has been cancelled
CI / Windows (2/2) (push) Has been cancelled
CI / macos (push) Has been cancelled
CI / privileged (push) Has been cancelled
CI / vm (push) Has been cancelled
CI / cross (386, linux) (push) Has been cancelled
CI / cross (amd64, darwin) (push) Has been cancelled
CI / cross (amd64, freebsd) (push) Has been cancelled
CI / cross (amd64, openbsd) (push) Has been cancelled
CI / cross (amd64, windows) (push) Has been cancelled
CI / cross (arm, 5, linux) (push) Has been cancelled
CI / cross (arm, 7, linux) (push) Has been cancelled
CI / cross (arm64, darwin) (push) Has been cancelled
CI / cross (arm64, linux) (push) Has been cancelled
CI / cross (arm64, windows) (push) Has been cancelled
CI / cross (loong64, linux) (push) Has been cancelled
CI / ios (push) Has been cancelled
CI / crossmin (amd64, illumos) (push) Has been cancelled
CI / crossmin (amd64, plan9) (push) Has been cancelled
CI / crossmin (amd64, solaris) (push) Has been cancelled
CI / crossmin (ppc64, aix) (push) Has been cancelled
CI / android (push) Has been cancelled
CI / wasm (push) Has been cancelled
CI / tailscale_go (push) Has been cancelled
CI / fuzz (push) Has been cancelled
CI / depaware (push) Has been cancelled
CI / go_generate (push) Has been cancelled
CI / make_tidy (push) Has been cancelled
CI / licenses (push) Has been cancelled
CI / staticcheck (macOS) (push) Has been cancelled
CI / staticcheck (Linux) (push) Has been cancelled
CI / staticcheck (Windows) (push) Has been cancelled
CI / staticcheck (Portable (1/4)) (push) Has been cancelled
CI / staticcheck (Portable (2/4)) (push) Has been cancelled
CI / staticcheck (Portable (3/4)) (push) Has been cancelled
CI / staticcheck (Portable (4/4)) (push) Has been cancelled
CI / notify_slack (push) Has been cancelled
CI / merge_blocker (push) Has been cancelled
CI / check_mergeability_strict (push) Has been cancelled
CI / check_mergeability (push) Has been cancelled
Dockerfile build / deploy (push) Has been cancelled
test installer.sh / test (curl, alpine:3.21) (push) Has been cancelled
test installer.sh / test (curl, alpine:edge) (push) Has been cancelled
test installer.sh / test (curl, alpine:latest) (push) Has been cancelled
test installer.sh / test (curl, amazonlinux:latest) (push) Has been cancelled
test installer.sh / test (curl, archlinux:latest) (push) Has been cancelled
test installer.sh / test (curl, debian:oldstable-slim) (push) Has been cancelled
test installer.sh / test (curl, debian:sid-slim) (push) Has been cancelled
test installer.sh / test (curl, debian:stable-slim, 1.80.0) (push) Has been cancelled
test installer.sh / test (curl, debian:testing-slim) (push) Has been cancelled
test installer.sh / test (curl, elementary/docker:stable) (push) Has been cancelled
test installer.sh / test (curl, elementary/docker:unstable) (push) Has been cancelled
test installer.sh / test (curl, fedora:latest, 1.80.0) (push) Has been cancelled
test installer.sh / test (curl, kalilinux/kali-dev) (push) Has been cancelled
test installer.sh / test (curl, kalilinux/kali-rolling) (push) Has been cancelled
test installer.sh / test (curl, opensuse/leap:latest) (push) Has been cancelled
test installer.sh / test (curl, opensuse/tumbleweed:latest) (push) Has been cancelled
test installer.sh / test (curl, oraclelinux:8) (push) Has been cancelled
test installer.sh / test (curl, oraclelinux:9) (push) Has been cancelled
test installer.sh / test (curl, parrotsec/core:latest) (push) Has been cancelled
test installer.sh / test (curl, rockylinux:8.7) (push) Has been cancelled
test installer.sh / test (curl, rockylinux:9) (push) Has been cancelled
test installer.sh / test (curl, ubuntu:20.04) (push) Has been cancelled
test installer.sh / test (curl, ubuntu:22.04) (push) Has been cancelled
test installer.sh / test (curl, ubuntu:24.04, 1.80.0) (push) Has been cancelled
test installer.sh / test (wget, debian:oldstable-slim) (push) Has been cancelled
test installer.sh / test (wget, debian:sid-slim) (push) Has been cancelled
update-flake / update-flake (push) Has been cancelled
tailscale.com/cmd/vet / vet (push) Has been cancelled
test installer.sh / notify-slack (push) Has been cancelled
Client security fixes (cmd/tailscale-tray/main.go): - SSRF protection in Add Server dialog (validateControlURL): reject private/loopback/link-local/cloud-metadata IPs via DNS resolution - RCE gate on AuthURL/BrowseToURL exec paths (validateAuthURL) - Sanitized URL logging (sanitizeURLForLog drops query auth tokens) - Error handling on exec.Command with user-facing showError() Admin panel security (web-admin): - Bcrypt password hashing (replaces SHA256) - Rate limiting: 5 failed logins → 15-min lockout - Session + login attempt cleanup goroutine (hourly) - url.QueryEscape / encodeURIComponent for all API params - Fail-hard startup when no TLS and non-loopback bind - ADMIN_PASSWORD required (no default), password min 12 chars - Username regex whitelist Installer hardening (Setup.wxs): - util:PermissionEx restricts SCM access: only Administrators + SYSTEM can start/stop/reconfigure service. Authenticated Users limited to QueryStatus/QueryConfig/Interrogate - Vital="yes" on ServiceInstall Docs & roadmap: - PRODUCTION_ROADMAP.md: 5-milestone plan (security + features + distribution + ops) with granular tasks, effort, done-when - CLIENT_SECURITY_AUDIT.md, SECURITY_FIXES.md, DEPLOYMENT.md - AI assistant rules (.cursorrules, .antigravityrules, etc.) Build & distribution: - build-msi.ps1, deploy-and-sign.ps1, sign-release.ps1 - redeploy.ps1, tray-deploy.ps1, test-msi.ps1 - installer/msi/ alternative WXS setup - Restored .github/workflows/ removed in mirror cleanup .gitignore hardened: *.pfx, *.p12, *.key, *.pem, .env*
3.7 KiB
3.7 KiB
description
| description |
|---|
| Pipeline and Template for deploying IFC 3D Viewer Converter into a new ATAD application |
Workflow: Deploy IFC Converter Template to New Project
This workflow establishes the procedures to transfer and configure the standalone .NET Worker IFC Converter Service and Backend API endpoints to any new module.
- Khởi tạo và Extract Code Template
Bung nén file
IFC_Template.zip(được đính kèm ngay cùng thư mục chứa file hướng dẫn này - linh hoạt di chuyển qua mọi máy / server mà không phụ thuộc đường dẫn tuyệt đối). Chiết xuất bộ code mẫu này sẽ ra 2 cấu phần chính:
- Thư mục
IFC.ConverterServicebao gồm Background Service và bộ lõi Xbim (DLLs). - Thư mục
API_Samplechứa tất cả Controller, Service và Razor Pages UI cho việc Upload File.
- Web API / DataBase
- Chỉnh sửa Context DB của Web ứng dụng mới. Merge các thuộc tính của
IFCConvertJobEntityvào. Tạo Migration Add bảngIFCConvertJobvào Database. - Copy thư mục
API_Sample/Contracts,API_Sample/ControllersvàAPI_Sample/Servicesvào Source Code Web của bạn. - Cấu hình Dependency Injection ở Program.cs:
services.AddScoped<IIfcModelService, IfcModelService>(); services.AddSingleton<IfcConverterPipeClient>(); - Cấu hình Named Pipe ở
appsettings.jsoncủa Web:"IfcConverter": { "PipeName": "ProjectPipeName_Unique", "ConnectTimeoutMs": 10000 }
- Gắn Giao Điện (Frontend Blazor/Razor)
- Copy
UploadIFC.razorvào thư mục Pages. - Cân chỉnh lại CSS hoặc biến ngôn ngữ dịch hóa (i18n) cho phù hợp với UI của Module Web bạn đang build.
- Cài đặt Cấu hình IFC Worker
- Đổi tên thư mục
IFC.ConverterServicethành tên phù hợp nếu muốn (VD:MyApp.IFCWorker). - Mở Server, vào file cấu hình của Worker, đặt
PipeNameđúng bằng chữ"ProjectPipeName_Unique". - Đảm bảo File System Path lưu file giữa Web (upload) và Worker (đọc ifc để convert) là trỏ đến cùng 1 Ổ đĩa / Folder thư mục vật lý.
- Cài đặt Windows Services (Triển khai Server Cuối)
- Sử dụng lệnh SC Create để đóng gói chạy Background:
# Lưu ý: Thay thế đường dẫn D:\Apps\MyApp_IFCWorker bằng thư mục vật lý thực tế bạn vừa bung nén ra. sc.exe create "MyApp_IFCConverter" binpath= "D:\Apps\MyApp_IFCWorker\IFC.ConverterService.exe" start= auto sc.exe start "MyApp_IFCConverter"
- Nâng cấp Core Conversion Workflow (Future Updates) Khi triển khai lại, cần bổ sung hoặc rà soát các tính năng mở rộng sau cho hệ thống:
- Fallback Convert: Xây dựng cơ chế fallback (chuyển phòng bị). Nếu thuật toán convert IFC chính (Xbim) gặp lỗi hoặc bị crash do file quá phức tạp, hệ thống nên tự động gọi một bộ parser/converter thứ cấp (công cụ khác hoặc API thứ ba) để đảm bảo mô hình vẫn được render.
- Check DB Tránh Trùng Lặp: Trước khi đẩy job convert vào Pipeline/Queue, bắt buộc thêm bước check Database xem mô hình này (theo ModelID hoặc FileHash) đã được convert thành công trước đó hay chưa, tránh tình trạng convert đi convert lại gây tốn tài nguyên Server.
- Đánh dấu IsModelReady: Sau khi event thông báo pipe convert xong (hoặc Worker update Job), cần cập nhật field
IsModelReady = true(hoặc các trạng thái render tương đương) ở bảng quản lý Model/Document của DB để báo hiệu cho Web Client có thể truy cập/hiển thịeviewhoặc preview nội dung 3D.