spouliot/PowderCoatingLogix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add token-authenticated catalog import API endpoint

Browse Source 
POST /PowderCatalog/ImportApi accepts the JSON scrape format in the request
body, authenticated by a shared secret in the X-Import-Token header (matched
constant-time against CatalogImport:Token), with the vendor in X-Vendor-Name.
Runs through the same ImportJsonAsync -> shared upsert as the manual upload, so
the offline PrismaticSync tool can push unattended.

ImportJsonAsync refactored to take a Stream (the form upload now passes
file.OpenReadStream()). Endpoint is AllowAnonymous + IgnoreAntiforgeryToken
(it's token-gated, not cookie-auth) and returns 401 until a token is configured,
so it's inert by default. README updated with the route + token wiring.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Scott Pouliot
2026-06-18 11:35:30 -04:00
parent c59d55529f
commit 843d1c3c51
3 changed files with 80 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/Prismatic Data Scraper/README.md
+10 -6
View File
@@ -50,13 +50,17 @@ these conservative — getting blocked is worse than being slow, and Prismatic i
## Pushing into the app
Set `Sync.Import.EndpointUrl` + `Sync.Import.Token` in `appsettings.json`. The tool POSTs the JSON
with an `X-Import-Token` header to the app's token-authenticated import endpoint, which runs it
through the same upsert as the Columbia sync. If the endpoint isn't configured, `push` is skipped and
you upload `prismatic_powders.json` manually via the Powder Catalog admin page.
Set in `appsettings.json`:
- `Sync.Import.EndpointUrl``https://<your-app>/PowderCatalog/ImportApi`
- `Sync.Import.Token` the same secret as the app's `CatalogImport:Token` config
> **App-side dependency:** the token-authenticated import endpoint must exist in the web app for
> unattended push to work. Until then, use the manual upload.
The tool POSTs the JSON with an `X-Import-Token` header (and `X-Vendor-Name: Prismatic Powders`) to
that endpoint, which authenticates the token and runs the records through the same upsert as the
Columbia sync. If the endpoint/token isn't configured here, `push` is skipped and you upload
`prismatic_powders.json` manually via the Powder Catalog admin page instead.
> **App side:** set `CatalogImport:Token` in the web app's config (Azure App Setting in prod). The
> endpoint returns 401 until a token is set, so it's inert by default.
## Scheduling (Windows Task Scheduler)