diff --git a/README.md b/README.md index 7abdb9e..b74b096 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,108 @@ -# SharepointToolbox-Web +# SharePoint Toolbox +A web admin toolbox for Microsoft 365 / SharePoint Online, built with Blazor Server (.NET 10) and Microsoft Graph. + +## Features + +- **Site management** — bulk site creation, folder-structure provisioning, templates +- **Members & permissions** — bulk member add, permission inspection +- **Content tools** — search, duplicate finder, file transfer, storage usage, version cleanup +- **Reporting** — on-demand reports, scheduled reports (unattended via app-only cert auth) +- **Auditing** — tenant-wide user-access audit (SP + M365/AAD group expansion) +- **Directory** — user directory browsing +- Multi-tenant via connection profiles. EN / FR localization. + +## Requirements + +- An Entra ID (Azure AD) app registration — see [Configuration](#configuration) +- Docker, **or** the .NET 10 SDK for bare-metal + +## Configuration + +Authentication uses Microsoft OIDC (interactive sign-in) and, for scheduled reports, app-only certificate auth. + +Set these as environment variables (or in `appsettings.json` under the `Oidc` section). .NET maps `Section__Key` to `Section:Key`. + +| Variable | Description | +|----------|-------------| +| `Oidc__TenantId` | Entra tenant GUID | +| `Oidc__ClientId` | App registration client ID | +| `Oidc__ClientSecret` | App registration client secret | +| `ClientConnect__RedirectUri` | Public callback URL, e.g. `https://your-host/connect/callback` | +| `DataFolder` | Persistent data path (default `/data`) | +| `ASPNETCORE_ENVIRONMENT` | Must be `Production` to enable OIDC | + +> In `Development`, OIDC is disabled — the app uses a cookie-only auto-login (hardcoded Admin) for local work. + +**Entra app registration** must include redirect URI `https://your-host/signin-oidc` and the Graph permissions required by the audit/reporting features (`GroupMember.Read.All`, `Group.Read.All`, `User.Read.All`). + +Persistent state (profiles, settings, templates, logs, exports, certs) lives in `DataFolder`. + +## Installation — Docker + +```bash +docker compose up -d --build +``` + +App listens on **http://localhost:8080**. Data persists in the `sptb-data` volume. + +Set your OIDC values in `docker-compose.yml` under `environment:`, or pass an env file: + +```yaml + environment: + - ASPNETCORE_ENVIRONMENT=Production + - DataFolder=/data + - Oidc__TenantId=... + - Oidc__ClientId=... + - Oidc__ClientSecret=... + - ClientConnect__RedirectUri=https://your-host/connect/callback +``` + +Plain Docker (no compose): + +```bash +docker build -t sptb-web . +docker run -d -p 8080:8080 \ + -v sptb-data:/data \ + -e ASPNETCORE_ENVIRONMENT=Production \ + -e Oidc__TenantId=... \ + -e Oidc__ClientId=... \ + -e Oidc__ClientSecret=... \ + -e ClientConnect__RedirectUri=https://your-host/connect/callback \ + sptb-web +``` + +## Installation — Bare metal + +Requires the [.NET 10 SDK](https://dotnet.microsoft.com/download). + +```bash +# Restore + build +dotnet restore +dotnet publish -c Release -o ./publish + +# Configure (PowerShell example) +$env:ASPNETCORE_ENVIRONMENT = "Production" +$env:DataFolder = "C:\sptb-data" +$env:Oidc__TenantId = "..." +$env:Oidc__ClientId = "..." +$env:Oidc__ClientSecret = "..." +$env:ClientConnect__RedirectUri = "https://your-host/connect/callback" + +# Run +dotnet ./publish/SharepointToolbox.Web.dll +``` + +By default it listens on the Kestrel port (`http://localhost:5000`). Override with `ASPNETCORE_URLS`, e.g. `http://+:8080`. + +### Local development + +```bash +dotnet run +``` + +Runs in `Development` mode — OIDC off, auto-login as Admin. No Entra config needed. + +## Tech stack + +.NET 10 · Blazor Server · Microsoft Graph SDK · PnP.Framework · Serilog · CsvHelper