docs(17): create plan 17-01 — account storage foundation and list view

RayWangQvQ · RayWangQvQ · commit 296126627496 · 2026-05-06T01:30:39.000+08:00
diff --git a/.planning/phases/17-account-storage-foundation/17-01-PLAN.md b/.planning/phases/17-account-storage-foundation/17-01-PLAN.md
@@ -0,0 +1,292 @@
+---
+phase: 17-account-storage-foundation
+plan: 01
+type: execute
+wave: 1
+depends_on: []
+files_modified:
+  - src/Ray.BiliBiliTool.Web/Program.cs
+  - src/Ray.BiliBiliTool.Web/Services/Pages/BiliAccount/IBiliAccountPageWorkflow.cs
+  - src/Ray.BiliBiliTool.Web/Services/Pages/BiliAccount/BiliAccountPageWorkflow.cs
+  - src/Ray.BiliBiliTool.Web/Services/Pages/BiliAccount/BiliAccountDto.cs
+  - src/Ray.BiliBiliTool.Web/Extensions/ServiceCollectionExtension.cs
+  - src/Ray.BiliBiliTool.Web/Components/Pages/BiliAccount.razor
+  - src/Ray.BiliBiliTool.Web/Components/Layout/NavMenu.razor
+autonomous: true
+requirements:
+  - ACCT-07
+  - ACCT-01
+
+must_haves:
+  truths:
+    - "Web host no longer loads config/cookies.json — SQLite bili_appsettings is the sole cookie config source for Web"
+    - "Maintainer sees a 'Bili Account' top-level nav item in the sidebar"
+    - "Maintainer sees all configured Bili accounts listed with UserId and full cookie string"
+    - "Account list reflects the current state in SQLite bili_appsettings"
+  artifacts:
+    - path: "src/Ray.BiliBiliTool.Web/Program.cs"
+      provides: "cookies.json config source removed"
+      contains: "AddSqlite"
+    - path: "src/Ray.BiliBiliTool.Web/Services/Pages/BiliAccount/IBiliAccountPageWorkflow.cs"
+      provides: "Workflow seam contract for Bili Account page"
+      exports: ["IBiliAccountPageWorkflow"]
+    - path: "src/Ray.BiliBiliTool.Web/Services/Pages/BiliAccount/BiliAccountPageWorkflow.cs"
+      provides: "Workflow implementation reading accounts from IConfiguration"
+    - path: "src/Ray.BiliBiliTool.Web/Components/Pages/BiliAccount.razor"
+      provides: "Account list page with MudTable"
+    - path: "src/Ray.BiliBiliTool.Web/Components/Layout/NavMenu.razor"
+      provides: "Bili Account nav entry"
+  key_links:
+    - from: "src/Ray.BiliBiliTool.Web/Components/Pages/BiliAccount.razor"
+      to: "IBiliAccountPageWorkflow"
+      via: "Inject and call GetAllAccountsAsync on init"
+      pattern: "IBiliAccountPageWorkflow"
+    - from: "src/Ray.BiliBiliTool.Web/Services/Pages/BiliAccount/BiliAccountPageWorkflow.cs"
+      to: "IConfiguration"
+      via: "Read BiliBiliCookies section"
+      pattern: "GetSection.*BiliBiliCookies"
+    - from: "src/Ray.BiliBiliTool.Web/Extensions/ServiceCollectionExtension.cs"
+      to: "IBiliAccountPageWorkflow"
+      via: "DI registration"
+      pattern: "IBiliAccountPageWorkflow"
+---
+
+<objective>
+Remove `cookies.json` from the Web host configuration pipeline and create the Bili Account page with a read-only account list view.
+
+Purpose: Establishes SQLite as the sole cookie config source for Web (ACCT-07) and gives the maintainer visibility into configured accounts (ACCT-01). This is the foundation for CRUD operations in Phase 18.
+
+Output: Modified Program.cs (cookies.json removed), new workflow seam (`IBiliAccountPageWorkflow`), new Bili Account page with MudTable listing all accounts, NavMenu entry.
+</objective>
+
+<execution_context>
+@~/.copilot/get-shit-done/workflows/execute-plan.md
+@~/.copilot/get-shit-done/templates/summary.md
+</execution_context>
+
+<context>
+@.planning/PROJECT.md
+@.planning/ROADMAP.md
+@.planning/STATE.md
+@.planning/REQUIREMENTS.md
+@.planning/research/SUMMARY.md
+
+<interfaces>
+<!-- Key types and contracts the executor needs. -->
+
+From src/Ray.BiliBiliTool.Infrastructure/Cookie/CookieStrFactory.cs:
+```csharp
+// Reads BiliBiliCookies__0, BiliBiliCookies__1, etc. from IConfiguration
+// configuration.GetSection("BiliBiliCookies").Get<List<string>>() returns the cookie strings
+public class CookieStrFactory<TCookieInfo>(IConfiguration configuration) where TCookieInfo : CookieInfo
+{
+    public int Count => CookieDictionary.Count;
+    public TCookieInfo GetCookie(int index);
+}
+```
+
+From src/Ray.BiliBiliTool.Agent/BiliCookie.cs:
+```csharp
+public class BiliCookie(Dictionary<string, string> cookieDic) : CookieInfo(cookieDic)
+{
+    public string UserId => // reads "DedeUserID" from cookie dict
+    public string SessData => // reads "SESSDATA"
+    public string BiliJct => // reads "bili_jct"
+}
+```
+
+From src/Ray.BiliBiliTool.Infrastructure/Cookie/CookieInfo.cs:
+```csharp
+public class CookieInfo(Dictionary<string, string> cookieDic)
+{
+    public string CookieStr => // joins all cookie key=value pairs with "; "
+}
+```
+
+From src/Ray.BiliBiliTool.Web/Services/Pages/Admin/IAdminPageWorkflow.cs (pattern to follow):
+```csharp
+public interface IAdminPageWorkflow
+{
+    Task<AdminPasswordChangeResult> ChangePasswordAsync(AdminPasswordChangeRequest request);
+}
+```
+
+From src/Ray.BiliBiliTool.Web/Extensions/ServiceCollectionExtension.cs:
+```csharp
+public static IServiceCollection AddWebServices(this IServiceCollection services)
+{
+    services.AddScoped<IAuthService, AuthService>();
+    services.AddScoped<ILoginPageStateFactory, LoginPageStateFactory>();
+    services.AddScoped<IAdminPageWorkflow, AdminPageWorkflow>();
+    // ... add IBiliAccountPageWorkflow here
+}
+```
+
+From src/Ray.BiliBiliTool.Web/Program.cs (line 21 — the line to remove):
+```csharp
+builder.Configuration.AddJsonFile("config/cookies.json", optional: true, reloadOnChange: true);
+```
+
+From src/Ray.BiliBiliTool.Web/Components/Layout/NavMenu.razor:
+```razor
+<!-- Add "Bili Account" nav item BEFORE the Configurations submenu -->
+<!-- Pattern: same as other nav items -->
+<div class="nav-item px-3">
+    <NavLink class="nav-link" href="BiliAccount">
+        <span class="bi bi-people-fill" aria-hidden="true"></span> Bili Account
+    </NavLink>
+</div>
+```
+</interfaces>
+</context>
+
+<tasks>
+
+<task type="auto">
+  <name>Task 1: Remove cookies.json source and create workflow seam</name>
+  <files>
+    src/Ray.BiliBiliTool.Web/Program.cs,
+    src/Ray.BiliBiliTool.Web/Services/Pages/BiliAccount/IBiliAccountPageWorkflow.cs,
+    src/Ray.BiliBiliTool.Web/Services/Pages/BiliAccount/BiliAccountPageWorkflow.cs,
+    src/Ray.BiliBiliTool.Web/Services/Pages/BiliAccount/BiliAccountDto.cs,
+    src/Ray.BiliBiliTool.Web/Extensions/ServiceCollectionExtension.cs
+  </files>
+  <action>
+**ACCT-07 — Remove cookies.json from Web host:**
+
+In `src/Ray.BiliBiliTool.Web/Program.cs`, delete line 21:
+```csharp
+builder.Configuration.AddJsonFile("config/cookies.json", optional: true, reloadOnChange: true);
+```
+Keep the `AddSqlite` block (lines 22-30) unchanged. The `AddJsonFile` for `appsettings.json` and `appsettings.Development.json` (if any) must NOT be touched — only the `cookies.json` line.
+
+**Create workflow seam (following v4.0.0.6 IAdminPageWorkflow pattern):**
+
+1. Create `src/Ray.BiliBiliTool.Web/Services/Pages/BiliAccount/BiliAccountDto.cs`:
+```csharp
+namespace Ray.BiliBiliTool.Web.Services.Pages.BiliAccount;
+
+public record BiliAccountDto(int Index, string UserId, string CookieStr);
+```
+
+2. Create `src/Ray.BiliBiliTool.Web/Services/Pages/BiliAccount/IBiliAccountPageWorkflow.cs`:
+```csharp
+namespace Ray.BiliBiliTool.Web.Services.Pages.BiliAccount;
+
+public interface IBiliAccountPageWorkflow
+{
+    Task<List<BiliAccountDto>> GetAllAccountsAsync();
+}
+```
+
+3. Create `src/Ray.BiliBiliTool.Web/Services/Pages/BiliAccount/BiliAccountPageWorkflow.cs`:
+- Inject `IConfiguration` (not `CookieStrFactory` — the workflow reads the raw config section directly to avoid singleton lifetime issues)
+- `GetAllAccountsAsync()` reads `configuration.GetSection("BiliBiliCookies").Get<List<string>>() ?? []`
+- For each cookie string at index N, parse it into a `Dictionary<string, string>` (split on ";", then on "="), extract `DedeUserID` as UserId, and return `new BiliAccountDto(N, userId, cookieStr)`
+- Use the same parsing logic as `CookieStrFactory.CkStrToDictionary` — split on ";", trim, then split on first "=" to get key/value
+- If parsing fails for a cookie, still include it in the list with UserId="(unknown)"
+
+4. Register in `src/Ray.BiliBiliTool.Web/Extensions/ServiceCollectionExtension.cs`:
+Add `services.AddScoped<IBiliAccountPageWorkflow, BiliAccountPageWorkflow>();` in `AddWebServices()`, after the existing workflow registrations.
+  </action>
+  <verify>
+    <automated>cd "d:\Codes\My\Bili\branch\blazor\BiliBiliToolPro" && dotnet build src/Ray.BiliBiliTool.Web/Ray.BiliBiliTool.Web.csproj --no-restore 2>&1 | Select-String -Pattern "error|Error|Build succeeded"</automated>
+  </verify>
+  <done>
+- `cookies.json` AddJsonFile line removed from Program.cs
+- `IBiliAccountPageWorkflow` interface exists with `GetAllAccountsAsync()` method
+- `BiliAccountPageWorkflow` reads cookies from IConfiguration and returns List&lt;BiliAccountDto&gt;
+- `BiliAccountDto` record with Index, UserId, CookieStr
+- DI registration in ServiceCollectionExtension.cs
+- Build succeeds with 0 errors
+  </done>
+</task>
+
+<task type="auto">
+  <name>Task 2: Create Bili Account page and NavMenu entry</name>
+  <files>
+    src/Ray.BiliBiliTool.Web/Components/Pages/BiliAccount.razor,
+    src/Ray.BiliBiliTool.Web/Components/Layout/NavMenu.razor
+  </files>
+  <action>
+**Create Bili Account page:**
+
+Create `src/Ray.BiliBiliTool.Web/Components/Pages/BiliAccount.razor`:
+- `@page "/BiliAccount"`
+- `@using Microsoft.AspNetCore.Authorization`
+- `@using Ray.BiliBiliTool.Web.Services.Pages.BiliAccount`
+- `@rendermode InteractiveServer`
+- `@attribute [Authorize]`
+- Inject `IBiliAccountPageWorkflow`
+- On `OnInitializedAsync`, call `_accounts = await workflow.GetAllAccountsAsync()`
+- Display accounts in a `MudTable<T="BiliAccountDto"` with columns:
+  - **#** — `context.Index` (the BiliBiliCookies__N index)
+  - **UserId** — `context.UserId`
+  - **Cookie** — `context.CookieStr` (truncated display with tooltip for full value, use `MudTooltip` or just show first 80 chars + "...")
+- Show `MudProgressCircular` while loading
+- Show "No accounts configured" message if list is empty
+- Page title: "Bili Account"
+- Use MudBlazor components consistent with existing pages (MudContainer, MudText, MudTable, etc.)
+
+**Add NavMenu entry:**
+
+In `src/Ray.BiliBiliTool.Web/Components/Layout/NavMenu.razor`, add a new nav item BEFORE the Configurations submenu div (before the `<div class="nav-item px-3">` that contains the Configurations toggle). Use the same pattern as other nav items:
+
+```razor
+<div class="nav-item px-3">
+    <NavLink class="nav-link" href="BiliAccount">
+        <span class="bi bi-people-fill" aria-hidden="true"></span> Bili Account
+    </NavLink>
+</div>
+```
+
+Place it after the "Schedules" nav item and before the "Configurations" submenu.
+  </action>
+  <verify>
+    <automated>cd "d:\Codes\My\Bili\branch\blazor\BiliBiliToolPro" && dotnet build src/Ray.BiliBiliTool.Web/Ray.BiliBiliTool.Web.csproj --no-restore 2>&1 | Select-String -Pattern "error|Error|Build succeeded"</automated>
+  </verify>
+  <done>
+- BiliAccount.razor page exists at /BiliAccount route with @attribute [Authorize]
+- Page displays MudTable with columns: #, UserId, Cookie
+- Page shows loading spinner and empty state
+- NavMenu has "Bili Account" entry between Schedules and Configurations
+- Build succeeds with 0 errors
+  </done>
+</task>
+
+</tasks>
+
+<threat_model>
+## Trust Boundaries
+
+| Boundary | Description |
+|----------|-------------|
+| Browser → Blazor Server | Cookie strings displayed in the browser are sensitive session credentials |
+| Blazor Server → SQLite | Configuration writes must be validated before persistence |
+
+## STRIDE Threat Register
+
+| Threat ID | Category | Component | Disposition | Mitigation Plan |
+|-----------|----------|-----------|-------------|-----------------|
+| T-17-01 | Information Disclosure | BiliAccount.razor | accept | Cookie strings shown only to authenticated users (@attribute [Authorize]); page is admin-only by design |
+| T-17-02 | Tampering | Program.cs config pipeline | mitigate | Removing cookies.json eliminates stale/external config tampering; SQLite is the single source of truth |
+</threat_model>
+
+<verification>
+1. `dotnet build src/Ray.BiliBiliTool.Web/Ray.BiliBiliTool.Web.csproj` — 0 errors
+2. `dotnet test test/Ray.BiliBiliTool.ArchitectureTests/` — all pass (no new dependency violations)
+3. `dotnet test test/Ray.BiliBiliTool.Host.IntegrationTests/` — all pass (config pipeline change doesn't break existing tests)
+4. Manual: navigate to /BiliAccount after login — table shows configured accounts
+</verification>
+
+<success_criteria>
+- Web host no longer loads `config/cookies.json` (grep Program.cs confirms line removed)
+- "Bili Account" appears in NavMenu between Schedules and Configurations
+- BiliAccount.razor renders a MudTable with all configured accounts showing Index, UserId, CookieStr
+- `IBiliAccountPageWorkflow` follows the v4.0.0.6 seam pattern (interface + implementation + DI registration)
+- Build 0 errors | architecture tests pass | integration tests pass
+</success_criteria>
+
+<output>
+After completion, create `.planning/phases/17-account-storage-foundation/17-01-SUMMARY.md`
+</output>
