ed3e7d4043
Introduce a new authentication mechanism using JWT tokens stored in cookies, with a custom CookieAuthHandler for API request authentication. Add AuthServiceSettings for configuration and UserHeaderHandler to propagate user context in outgoing HTTP requests. Update service registrations and configuration files to support the new authentication flow. Refactor CurrentUserService for simplicity. This enables stateless, cookie-based authentication and consistent user context across API calls.
86 lines
2.6 KiB
C#
86 lines
2.6 KiB
C#
using DbFirst.API.Dashboards;
|
|
using DbFirst.API.Hubs;
|
|
using DbFirst.API.Middleware;
|
|
using DbFirst.API.Services;
|
|
using DbFirst.Application;
|
|
using DbFirst.Application.Abstractions;
|
|
using DbFirst.Infrastructure;
|
|
using DevExpress.AspNetCore;
|
|
using DevExpress.DashboardAspNetCore;
|
|
using DevExpress.DashboardWeb;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
|
|
// Add services to the container.
|
|
builder.Services.AddControllers();
|
|
builder.Services.AddEndpointsApiExplorer();
|
|
builder.Services.AddSwaggerGen();
|
|
builder.Services.AddProblemDetails();
|
|
|
|
// TODO: allow listed origins configured in appsettings.json
|
|
// In any case, dont let them to free to use without cors. if there is no origin specified, block all.
|
|
// In development you can keep it easy.
|
|
builder.Services.AddCors(options =>
|
|
{
|
|
options.AddDefaultPolicy(policy =>
|
|
{
|
|
if (builder.Environment.IsDevelopment())
|
|
{
|
|
policy.AllowAnyOrigin()
|
|
.AllowAnyHeader()
|
|
.AllowAnyMethod();
|
|
}
|
|
else
|
|
{
|
|
var origins = builder.Configuration.GetSection("Cors:AllowedOrigins").Get<string[]>() ?? [];
|
|
if (origins.Length > 0)
|
|
{
|
|
policy.WithOrigins(origins)
|
|
.AllowAnyHeader()
|
|
.AllowAnyMethod();
|
|
}
|
|
// if no origins configured, deny all by leaving policy without allowances
|
|
}
|
|
});
|
|
});
|
|
|
|
builder.Services.AddInfrastructure(builder.Configuration);
|
|
builder.Services.AddApplication();
|
|
|
|
builder.Services.Configure<AuthServiceSettings>(
|
|
builder.Configuration.GetSection("AuthService"));
|
|
builder.Services.AddAuthentication("CookieAuth")
|
|
.AddScheme<AuthenticationSchemeOptions, CookieAuthHandler>("CookieAuth", _ => { });
|
|
|
|
builder.Services.AddDevExpressControls();
|
|
builder.Services.AddSignalR();
|
|
builder.Services.AddSingleton<IDashboardChangeNotifier, DashboardChangeNotifier>();
|
|
builder.Services.AddScoped<DashboardConfigurator>(sp =>
|
|
DashboardConfiguratorFactory.Create(sp, builder.Configuration, builder.Environment));
|
|
|
|
builder.Services.AddHttpContextAccessor();
|
|
builder.Services.AddScoped<ICurrentUserService, CurrentUserService>();
|
|
|
|
var app = builder.Build();
|
|
|
|
// Configure the HTTP request pipeline.
|
|
if (app.Environment.IsDevelopment())
|
|
{
|
|
app.UseSwagger();
|
|
app.UseSwaggerUI();
|
|
}
|
|
|
|
app.UseMiddleware<ExceptionHandlingMiddleware>();
|
|
|
|
app.UseDevExpressControls();
|
|
app.UseHttpsRedirection();
|
|
app.UseCors();
|
|
app.UseAuthentication();
|
|
app.UseAuthorization();
|
|
|
|
app.MapDashboardRoute("api/dashboard", "DefaultDashboard");
|
|
app.MapHub<DashboardsHub>("/hubs/dashboards");
|
|
app.MapControllers();
|
|
|
|
app.Run(); |