stabilizaiton work - projects rework for maintenanceability and ui livening

src/__Libraries/StellaOps.AspNet.Extensions/StellaOps.AspNet.Extensions.csproj

@@ -0,0 +1,22 @@
+<?xml version='1.0' encoding='utf-8'?>
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\StellaOps.Settings\StellaOps.Settings.csproj" />
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <AssemblyAttribute Include="System.Runtime.CompilerServices.InternalsVisibleTo">
+      <_Parameter1>StellaOps.AspNet.Extensions.Tests</_Parameter1>
+    </AssemblyAttribute>
+  </ItemGroup>
+
+</Project>

src/__Libraries/StellaOps.AspNet.Extensions/StellaOpsCorsExtensions.cs

@@ -0,0 +1,79 @@
+// Copyright (c) StellaOps. All rights reserved.
+// Licensed under BUSL-1.1. See LICENSE in the project root.
+
+using Microsoft.AspNetCore.Builder;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Hosting;
+using StellaOps.Settings;
+
+namespace StellaOps.Auth.ServerIntegration;
+
+/// <summary>
+/// Provides a standard CORS configuration for all Stella Ops web services.
+/// <para>
+/// <strong>Development:</strong> CORS is enabled with specific origins
+/// (<see cref="StellaOpsCorsSettings.DefaultDevOrigins"/>), <c>AllowAnyHeader</c>,
+/// <c>AllowAnyMethod</c>, and <c>AllowCredentials</c>.
+/// </para>
+/// <para>
+/// <strong>Non-development:</strong> CORS is disabled by default. To enable, set:
+/// <list type="bullet">
+///   <item><c>STELLAOPS_WEBSERVICES_CORS=true</c> (env var or config <c>StellaOps:WebServices:Cors:Enabled</c>)</item>
+///   <item><c>STELLAOPS_WEBSERVICES_CORS_ORIGIN=https://app.example.com</c> (env var or config <c>StellaOps:WebServices:Cors:Origin</c>)</item>
+/// </list>
+/// Legacy env vars (<c>STELLAOPS_CORS_ENABLED</c> / <c>STELLAOPS_CORS_ALLOWED_ORIGIN</c>) are
+/// supported as fallbacks.
+/// Multiple origins can be separated with commas.
+/// </para>
+/// </summary>
+public static class StellaOpsCorsExtensions
+{
+    internal const string PolicyName = "StellaOpsCors";
+
+    /// <summary>
+    /// Registers the Stella Ops CORS policy on the service collection.
+    /// Call <see cref="UseStellaOpsCors"/> on the <see cref="IApplicationBuilder"/> to activate the middleware.
+    /// </summary>
+    public static IServiceCollection AddStellaOpsCors(
+        this IServiceCollection services,
+        IHostEnvironment environment,
+        IConfiguration configuration)
+    {
+        ArgumentNullException.ThrowIfNull(services);
+        ArgumentNullException.ThrowIfNull(environment);
+        ArgumentNullException.ThrowIfNull(configuration);
+
+        var settings = StellaOpsCorsSettings.Resolve(configuration, environment.IsDevelopment());
+
+        if (!settings.Enabled || settings.Origins.Length == 0)
+        {
+            // Register an empty CORS service so UseCors() doesn't throw, but no origins are allowed.
+            services.AddCors();
+            return services;
+        }
+
+        services.AddCors(options =>
+        {
+            options.AddPolicy(PolicyName, policy =>
+            {
+                policy.WithOrigins(settings.Origins)
+                      .AllowAnyHeader()
+                      .AllowAnyMethod()
+                      .AllowCredentials();
+            });
+        });
+
+        return services;
+    }
+
+    /// <summary>
+    /// Activates the Stella Ops CORS middleware. Must be called before
+    /// <c>UseAuthentication</c> / <c>UseAuthorization</c>.
+    /// </summary>
+    public static IApplicationBuilder UseStellaOpsCors(this IApplicationBuilder app)
+    {
+        ArgumentNullException.ThrowIfNull(app);
+        return app.UseCors(PolicyName);
+    }
+}