Store non-sensitive UI state without protection (#5434)

src/Aspire.Dashboard/Components/Controls/SummaryDetailsView.razor.cs

@@ -4,7 +4,6 @@
 using System.Globalization;
 using Aspire.Dashboard.Components.Resize;
 using Aspire.Dashboard.Model;
-using Aspire.Dashboard.Utils;
 using Microsoft.AspNetCore.Components;
 using Microsoft.FluentUI.AspNetCore.Components;
 using Microsoft.JSInterop;
@@ -86,7 +85,7 @@ protected override async Task OnParametersSetAsync()
         {
             if (RememberOrientation)
             {
-                var orientationResult = await LocalStore.SafeGetAsync<Orientation>(GetOrientationStorageKey());
+                var orientationResult = await LocalStore.GetUnprotectedAsync<Orientation>(GetOrientationStorageKey());
                 if (orientationResult.Success)
                 {
                     Orientation = orientationResult.Value;
@@ -95,10 +94,11 @@ protected override async Task OnParametersSetAsync()
 
             if (RememberSize)
             {
-                var panel1FractionResult = await LocalStore.SafeGetAsync<float>(GetSizeStorageKey());
+                var panel1FractionResult = await LocalStore.GetUnprotectedAsync<float>(GetSizeStorageKey());
                 if (panel1FractionResult.Success)
                 {
-                    SetPanelSizes(panel1FractionResult.Value);
+                    var fraction = Math.Clamp(panel1FractionResult.Value, 0, 1);
+                    SetPanelSizes(fraction);
                 }
             }
         }
@@ -128,16 +128,16 @@ private async Task HandleToggleOrientation()
 
         if (RememberOrientation)
         {
-            await LocalStore.SetAsync(GetOrientationStorageKey(), Orientation);
+            await LocalStore.SetUnprotectedAsync(GetOrientationStorageKey(), Orientation);
         }
 
         if (RememberSize)
         {
-            var panel1FractionResult = await LocalStore.SafeGetAsync<float>(GetSizeStorageKey());
+            var panel1FractionResult = await LocalStore.GetUnprotectedAsync<float>(GetSizeStorageKey());
             if (panel1FractionResult.Success)
             {
-                SetPanelSizes(panel1FractionResult.Value);
-
+                var fraction = Math.Clamp(panel1FractionResult.Value, 0, 1);
+                SetPanelSizes(fraction);
             }
             else
             {
@@ -170,7 +170,7 @@ private async Task HandleSplitterResize(SplitterResizedEventArgs args)
 
     private async Task SaveSizeToStorage(float panel1Fraction)
     {
-        await LocalStore.SetAsync(GetSizeStorageKey(), panel1Fraction);
+        await LocalStore.SetUnprotectedAsync(GetSizeStorageKey(), panel1Fraction);
     }
 
     private void ResetPanelSizes()
@@ -293,13 +293,13 @@ static void GetPanelSizes(
     private string GetSizeStorageKey()
     {
         var viewKey = ViewKey ?? NavigationManager.ToBaseRelativePath(NavigationManager.Uri);
-        return $"SplitterSize_{Orientation}_{viewKey}";
+        return $"Aspire_SplitterSize_{Orientation}_{viewKey}";
     }
 
     private string GetOrientationStorageKey()
     {
         var viewKey = ViewKey ?? NavigationManager.ToBaseRelativePath(NavigationManager.Uri);
-        return $"SplitterOrientation_{viewKey}";
+        return $"Aspire_SplitterOrientation_{viewKey}";
     }
 
     public void Dispose()

src/Aspire.Dashboard/Components/Pages/ConsoleLogs.razor.cs

@@ -57,7 +57,7 @@ public sealed partial class ConsoleLogs : ComponentBase, IAsyncDisposable, IPage
     public ConsoleLogsViewModel PageViewModel { get; set; } = null!;
 
     public string BasePath => DashboardUrls.ConsoleLogBasePath;
-    public string SessionStorageKey => "ConsoleLogs_PageState";
+    public string SessionStorageKey => "Aspire_ConsoleLogs_PageState";
 
     protected override async Task OnInitializedAsync()
     {

src/Aspire.Dashboard/Components/Pages/Metrics.razor.cs

@@ -27,7 +27,7 @@ public partial class Metrics : IDisposable, IPageWithSessionAndUrlState<Metrics.
     private Subscription? _metricsSubscription;
 
     public string BasePath => DashboardUrls.MetricsBasePath;
-    public string SessionStorageKey => "Metrics_PageState";
+    public string SessionStorageKey => "Aspire_Metrics_PageState";
     public MetricsViewModel PageViewModel { get; set; } = null!;
 
     [Parameter]

src/Aspire.Dashboard/Components/Pages/StructuredLogs.razor.cs

@@ -44,7 +44,7 @@ public partial class StructuredLogs : IPageWithSessionAndUrlState<StructuredLogs
     private GridColumnManager _manager = null!;
 
     public string BasePath => DashboardUrls.StructuredLogsBasePath;
-    public string SessionStorageKey => "StructuredLogs_PageState";
+    public string SessionStorageKey => "Aspire_StructuredLogs_PageState";
     public StructuredLogsPageViewModel PageViewModel { get; set; } = null!;
 
     [Inject]

src/Aspire.Dashboard/Components/Pages/Traces.razor.cs

@@ -40,7 +40,7 @@ public partial class Traces : IPageWithSessionAndUrlState<TracesPageViewModel, T
     private AspirePageContentLayout? _contentLayout;
     private GridColumnManager _manager = null!;
 
-    public string SessionStorageKey => "Traces_PageState";
+    public string SessionStorageKey => "Aspire_Traces_PageState";
     public string BasePath => DashboardUrls.TracesBasePath;
     public TracesPageViewModel PageViewModel { get; set; } = null!;
 

src/Aspire.Dashboard/Model/BrowserStorage/ILocalStorage.cs

@@ -1,8 +1,17 @@
-// Licensed to the .NET Foundation under one or more agreements.
+// Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
 namespace Aspire.Dashboard.Model.BrowserStorage;
 
 public interface ILocalStorage : IBrowserStorage
 {
+    /// <summary>
+    /// Get unprotected data from local storage. This must only be used with non-sensitive data.
+    /// </summary>
+    Task<StorageResult<T>> GetUnprotectedAsync<T>(string key);
+
+    /// <summary>
+    /// Set unprotected data to local storage. This must only be used with non-sensitive data.
+    /// </summary>
+    Task SetUnprotectedAsync<T>(string key, T value);
 }

src/Aspire.Dashboard/Model/BrowserStorage/LocalBrowserStorage.cs

@@ -1,13 +1,60 @@
-// Licensed to the .NET Foundation under one or more agreements.
+// Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Text.Json;
 using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage;
+using Microsoft.JSInterop;
 
 namespace Aspire.Dashboard.Model.BrowserStorage;
 
 public class LocalBrowserStorage : BrowserStorageBase, ILocalStorage
 {
-    public LocalBrowserStorage(ProtectedLocalStorage protectedLocalStorage) : base(protectedLocalStorage)
+    private static readonly JsonSerializerOptions s_options = new()
     {
+        PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
+        PropertyNameCaseInsensitive = true,
+    };
+
+    private readonly IJSRuntime _jsRuntime;
+    private readonly ILogger<LocalBrowserStorage> _logger;
+
+    public LocalBrowserStorage(IJSRuntime jsRuntime, ProtectedLocalStorage protectedLocalStorage, ILogger<LocalBrowserStorage> logger) : base(protectedLocalStorage)
+    {
+        _jsRuntime = jsRuntime;
+        _logger = logger;
     }
+
+    public async Task<StorageResult<T>> GetUnprotectedAsync<T>(string key)
+    {
+        var json = await GetJsonAsync(key).ConfigureAwait(false);
+
+        if (json == null)
+        {
+            return new StorageResult<T>(false, default);
+        }
+
+        try
+        {
+            return new StorageResult<T>(true, JsonSerializer.Deserialize<T>(json, s_options));
+        }
+        catch (Exception ex)
+        {
+            _logger.LogWarning(ex, $"Error when reading '{key}' as {typeof(T).Name} from local browser storage.");
+
+            return new StorageResult<T>(false, default);
+        }
+    }
+
+    public async Task SetUnprotectedAsync<T>(string key, T value)
+    {
+        var json = JsonSerializer.Serialize(value, s_options);
+
+        await SetJsonAsync(key, json).ConfigureAwait(false);
+    }
+
+    private ValueTask SetJsonAsync(string key, string json)
+        => _jsRuntime.InvokeVoidAsync("localStorage.setItem", key, json);
+
+    private ValueTask<string?> GetJsonAsync(string key)
+        => _jsRuntime.InvokeAsync<string?>("localStorage.getItem", key);
 }

src/Aspire.Dashboard/Model/BrowserStorage/SessionBrowserStorage.cs

@@ -1,4 +1,4 @@
-// Licensed to the .NET Foundation under one or more agreements.
+// Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage;

tests/Aspire.Dashboard.Components.Tests/Shared/TestLocalStorage.cs

@@ -9,11 +9,21 @@ public sealed class TestLocalStorage : ILocalStorage
 {
     public Task<StorageResult<T>> GetAsync<T>(string key)
     {
-        return Task.FromResult<StorageResult<T>>(new StorageResult<T>(Success: false, Value: default));
+        return Task.FromResult(new StorageResult<T>(Success: false, Value: default));
+    }
+
+    public Task<StorageResult<T>> GetUnprotectedAsync<T>(string key)
+    {
+        return Task.FromResult(new StorageResult<T>(Success: false, Value: default));
     }
 
     public Task SetAsync<T>(string key, T value)
     {
         return Task.CompletedTask;
     }
+
+    public Task SetUnprotectedAsync<T>(string key, T value)
+    {
+        return Task.CompletedTask;
+    }
 }