TekH
163916e330
Updated `DigitalData.Auth.Tests.csproj` to include `Microsoft.EntityFrameworkCore` version `8.0.17`. Refactored `AuthController.cs` to remove unused imports and update to the latest `DigitalData.Core.Abstraction.Application` namespaces. Streamlined `DigitalData.Auth.API.csproj`: - Changed target framework to `net8.0`. - Upgraded `DigitalData.Core.Abstractions` to `4.3.0` and `DigitalData.Core.Application` to `3.4.0`. - Added `EnvelopeGenerator` and `Microsoft.EntityFrameworkCore` dependencies. - Removed outdated `UserManager` dependencies. Enhanced `Program.cs`: - Integrated `EnvelopeGenerator` services with database context and caching configuration. - Removed `AddUserManager` service registration. - Added SQL Server logging and error handling for `DbContext`. These changes improve maintainability, adopt modern frameworks, and introduce new functionality with `EnvelopeGenerator`.
207 lines
7.4 KiB
C#
207 lines
7.4 KiB
C#
using DigitalData.Auth.API.Config;
|
|
using DigitalData.Auth.API.Entities;
|
|
using DigitalData.Auth.API.Hubs;
|
|
using DigitalData.Auth.API.Services;
|
|
using DigitalData.Core.Abstractions.Security.Extensions;
|
|
using DigitalData.Core.Abstractions.Security.Services;
|
|
using DigitalData.Core.Application;
|
|
using DigitalData.Core.Security.Extensions;
|
|
using DigitalData.UserManager.Application;
|
|
using DigitalData.UserManager.Application.DTOs.User;
|
|
using DigitalData.UserManager.DependencyInjection;
|
|
using EnvelopeGenerator.DependencyInjection;
|
|
using EnvelopeGenerator.Infrastructure;
|
|
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
|
using Microsoft.IdentityModel.JsonWebTokens;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using Microsoft.OpenApi.Models;
|
|
using NLog;
|
|
using NLog.Web;
|
|
using System.Security.Claims;
|
|
|
|
var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
|
|
logger.Info("Logging initialized.");
|
|
|
|
try
|
|
{
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
|
|
builder.Logging.SetMinimumLevel(Microsoft.Extensions.Logging.LogLevel.Trace);
|
|
|
|
if (!builder.Environment.IsDevelopment())
|
|
{
|
|
builder.Logging.ClearProviders();
|
|
builder.Host.UseNLog();
|
|
}
|
|
|
|
builder.Configuration.AddJsonFile("consumer-repository.json", true, true);
|
|
|
|
builder.Configuration.AddJsonFile("backdoors.json", true, true);
|
|
|
|
var config = builder.Configuration;
|
|
|
|
var apiParams = config.Get<AuthApiParams>() ?? throw new InvalidOperationException("AuthApiOptions is missing or invalid in appsettings.");
|
|
|
|
// Add services to the container.
|
|
builder.Services.Configure<BackdoorParams>(config.GetSection(nameof(BackdoorParams)));
|
|
builder.Services.Configure<AuthApiParams>(config);
|
|
builder.Services.AddAuthService(config);
|
|
builder.Services.AddRSAPool(config.GetSection("CryptParams"));
|
|
builder.Services.AddJwtSignatureHandler<Consumer>(api => new Dictionary<string, object>
|
|
{
|
|
{ JwtRegisteredClaimNames.Sub, api.Id },
|
|
{ JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds() }
|
|
});
|
|
|
|
var commonUserRoles = config.GetSection("CommonUserRoles").Get<string[]>()?.Where(r => !string.IsNullOrWhiteSpace(r)).ToArray() ?? Array.Empty<string>();
|
|
|
|
builder.Services.AddJwtSignatureHandler<UserReadDto>(user =>
|
|
{
|
|
var claims = new Dictionary<string, object>
|
|
{
|
|
{ JwtRegisteredClaimNames.Sub, user.Id },
|
|
{ JwtRegisteredClaimNames.UniqueName, user.Username },
|
|
{ JwtRegisteredClaimNames.Email, user.Email ?? string.Empty },
|
|
{ JwtRegisteredClaimNames.GivenName, user.Prename ?? string.Empty },
|
|
{ JwtRegisteredClaimNames.FamilyName, user.Name ?? string.Empty },
|
|
{ JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds() }
|
|
};
|
|
|
|
if (commonUserRoles.Length > 0)
|
|
claims.Add(ClaimTypes.Role, commonUserRoles);
|
|
|
|
return claims;
|
|
});
|
|
builder.Services.AddDirectorySearchService(config.GetSection("DirectorySearchOptions"));
|
|
builder.Services.AddSignalR();
|
|
|
|
var cnn_str = builder.Configuration.GetConnectionString("Default") ?? throw new InvalidOperationException("Default connection string is not found.");
|
|
|
|
builder.Services.AddControllers();
|
|
|
|
builder.Services.AddEndpointsApiExplorer();
|
|
builder.Services.AddSwaggerGen(options =>
|
|
{
|
|
options.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
|
|
{
|
|
Name = "Authorization",
|
|
Type = SecuritySchemeType.Http,
|
|
Scheme = "bearer",
|
|
BearerFormat = "JWT",
|
|
In = ParameterLocation.Header,
|
|
Description = "Enter 'Bearer' [space] and then your valid token."
|
|
});
|
|
|
|
options.AddSecurityRequirement(new OpenApiSecurityRequirement
|
|
{
|
|
{
|
|
new OpenApiSecurityScheme
|
|
{
|
|
Reference = new OpenApiReference
|
|
{
|
|
Type = ReferenceType.SecurityScheme,
|
|
Id = "Bearer"
|
|
},
|
|
Scheme = "oauth2",
|
|
Name = "Bearer",
|
|
In = ParameterLocation.Header
|
|
},
|
|
new List<string>()
|
|
}
|
|
});
|
|
});
|
|
|
|
// Add authentication
|
|
Lazy<SecurityKey>? issuerSigningKeyInitiator = null;
|
|
|
|
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
|
.AddJwtBearer(options =>
|
|
{
|
|
options.RequireHttpsMetadata = apiParams!.RequireHttpsMetadata;
|
|
options.ClaimsIssuer = apiParams!.Issuer;
|
|
options.Audience = apiParams.LocalConsumer.Audience;
|
|
options.TokenValidationParameters = new()
|
|
{
|
|
ValidateIssuer = true,
|
|
ValidIssuer = apiParams!.Issuer,
|
|
ValidateAudience = true,
|
|
ValidAudience = apiParams.LocalConsumer.Audience,
|
|
ValidateLifetime = true,
|
|
IssuerSigningKey = issuerSigningKeyInitiator?.Value
|
|
};
|
|
|
|
options.Events = new JwtBearerEvents
|
|
{
|
|
OnMessageReceived = context =>
|
|
{
|
|
// if there is no token read related cookie or query string
|
|
if (context.Token is null) // if there is no token
|
|
{
|
|
if (context.Request.Cookies.TryGetValue(apiParams!.DefaultCookieName, out var cookieToken) && cookieToken is not null)
|
|
context.Token = cookieToken;
|
|
else if (context.Request.Query.TryGetValue(apiParams.DefaultQueryStringKey, out var queryStrToken))
|
|
context.Token = queryStrToken;
|
|
}
|
|
return Task.CompletedTask;
|
|
}
|
|
};
|
|
});
|
|
|
|
// Add envelope generator services
|
|
builder.Services.AddEnvelopeGenerator(config,
|
|
infrastructureOptions: opt =>
|
|
{
|
|
opt.AddDbTriggerParams(config);
|
|
opt.AddDbContext((provider, options) =>
|
|
{
|
|
var logger = provider.GetRequiredService<ILogger<EGDbContext>>();
|
|
options.UseSqlServer(cnn_str)
|
|
.LogTo(log => logger.LogInformation("{log}", log), Microsoft.Extensions.Logging.LogLevel.Trace)
|
|
.EnableSensitiveDataLogging()
|
|
.EnableDetailedErrors();
|
|
});
|
|
},
|
|
options: opt =>
|
|
{
|
|
opt.SqlCacheOptions = new()
|
|
{
|
|
ConnectionString = cnn_str,
|
|
SchemaName = "dbo",
|
|
TableName = "TBDD_CACHE"
|
|
};
|
|
});
|
|
|
|
var app = builder.Build();
|
|
|
|
issuerSigningKeyInitiator = new Lazy<SecurityKey>(() =>
|
|
{
|
|
var factory = app.Services.GetRequiredService<IAsymmetricKeyPool>();
|
|
var desc = factory.TokenDescriptors.Get(apiParams.Issuer, apiParams.LocalConsumer.Audience);
|
|
return desc.Validator.SecurityKey;
|
|
});
|
|
|
|
// Configure the HTTP request pipeline.
|
|
var use_swagger = config.GetValue<bool>("UseSwagger");
|
|
if (app.Environment.IsDevelopment() || use_swagger)
|
|
{
|
|
app.UseSwagger();
|
|
app.UseSwaggerUI();
|
|
}
|
|
|
|
app.UseHttpsRedirection();
|
|
|
|
app.UseAuthentication();
|
|
|
|
app.UseAuthorization();
|
|
|
|
app.MapControllers();
|
|
|
|
app.MapHub<AuthHub>("/auth-hub");
|
|
|
|
app.Run();
|
|
}
|
|
catch(Exception ex)
|
|
{
|
|
logger.Error(ex, "Stopped program because of exception.");
|
|
throw;
|
|
} |