using DbFirst.API.Dashboards; using DbFirst.API.Hubs; using DbFirst.API.Middleware; using DbFirst.Application; using DbFirst.Infrastructure; using DevExpress.AspNetCore; using DevExpress.DashboardAspNetCore; using DevExpress.DashboardWeb; var builder = WebApplication.CreateBuilder(args); // Add services to the container. builder.Services.AddControllers(); builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(); builder.Services.AddProblemDetails(); // TODO: allow listed origins configured in appsettings.json // In any case, dont let them to free to use without cors. if there is no origin specified, block all. // In development you can keep it easy. builder.Services.AddCors(options => { options.AddDefaultPolicy(policy => { if (builder.Environment.IsDevelopment()) { policy.AllowAnyOrigin() .AllowAnyHeader() .AllowAnyMethod(); } else { var origins = builder.Configuration.GetSection("Cors:AllowedOrigins").Get() ?? []; if (origins.Length > 0) { policy.WithOrigins(origins) .AllowAnyHeader() .AllowAnyMethod(); } // if no origins configured, deny all by leaving policy without allowances } }); }); builder.Services.AddInfrastructure(builder.Configuration); builder.Services.AddApplication(); builder.Services.AddDevExpressControls(); builder.Services.AddSignalR(); builder.Services.AddSingleton(); builder.Services.AddScoped(sp => DashboardConfiguratorFactory.Create(sp, builder.Configuration, builder.Environment)); var app = builder.Build(); // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseSwagger(); app.UseSwaggerUI(); } app.UseMiddleware(); app.UseDevExpressControls(); app.UseHttpsRedirection(); app.UseCors(); app.UseAuthorization(); app.MapDashboardRoute("api/dashboard", "DefaultDashboard"); app.MapHub("/hubs/dashboards"); app.MapControllers(); app.Run();