AppStd/DigitalData.Core
Template
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Deprecate controllers/services; simplify generics

Browse Source 
Added `[Obsolete("Use MediatR")]` attributes to various controller and service classes to indicate deprecation in favor of MediatR. Simplified generic type constraints in `CRUDControllerBase` and related files by removing `IUnique<TId>`. Improved structure and documentation in `CSPMiddleware.cs`. Introduced new extension methods in `EntityExtensions.cs` for safer retrieval of 'Id' properties. Removed `IUnique.cs` interface and updated project dependencies in `DigitalData.Core.Application.csproj` for caching. Overall, these changes enhance code maintainability and clarity.
This commit is contained in:
Developer 02
2025-05-16 14:54:31 +02:00
parent e0c1b856ad
commit 55eb250d7e
18 changed files with 298 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
DigitalData.Core.API/CSPMiddleware.cs
View File

@@ -1,47 +1,46 @@
namespace DigitalData.Core.API
namespace DigitalData.Core.API;
/// <summary>
/// Middleware to add Content Security Policy (CSP) headers to the HTTP response.
/// </summary>
public class CSPMiddleware
{
private readonly RequestDelegate _next;
private readonly string _policy;
/// <summary>
/// Middleware to add Content Security Policy (CSP) headers to the HTTP response.
/// Initializes a new instance of the <see cref="CSPMiddleware"/> class.
/// </summary>
public class CSPMiddleware
/// <param name="next">The next middleware in the request pipeline.</param>
/// <param name="policy">The CSP policy string with placeholders for nonces.</param>
public CSPMiddleware(RequestDelegate next, string policy)
{
private readonly RequestDelegate _next;
private readonly string _policy;
_next = next;
_policy = policy;
}
/// <summary>
/// Initializes a new instance of the <see cref="CSPMiddleware"/> class.
/// </summary>
/// <param name="next">The next middleware in the request pipeline.</param>
/// <param name="policy">The CSP policy string with placeholders for nonces.</param>
public CSPMiddleware(RequestDelegate next, string policy)
/// <summary>
/// Invokes the middleware to add the CSP header to the response.
/// </summary>
/// <param name="context">The HTTP context.</param>
/// <returns>A task that represents the completion of request processing.</returns>
public async Task Invoke(HttpContext context)
{
// Generate a nonce (number used once) for inline scripts and styles
var nonce = Convert.ToBase64String(Guid.NewGuid().ToByteArray());
// Store the nonce in the context items for later use
context.Items["csp-nonce"] = nonce;
// Add the CSP header to the response
context.Response.OnStarting(() =>
{
_next = next;
_policy = policy;
}
context.Response.Headers.Append("Content-Security-Policy",
string.Format(_policy, nonce));
return Task.CompletedTask;
});
/// <summary>
/// Invokes the middleware to add the CSP header to the response.
/// </summary>
/// <param name="context">The HTTP context.</param>
/// <returns>A task that represents the completion of request processing.</returns>
public async Task Invoke(HttpContext context)
{
// Generate a nonce (number used once) for inline scripts and styles
var nonce = Convert.ToBase64String(Guid.NewGuid().ToByteArray());
// Store the nonce in the context items for later use
context.Items["csp-nonce"] = nonce;
// Add the CSP header to the response
context.Response.OnStarting(() =>
{
context.Response.Headers.Add("Content-Security-Policy",
string.Format(_policy, nonce));
return Task.CompletedTask;
});
// Call the next middleware in the pipeline
await _next(context);
}
// Call the next middleware in the pipeline
await _next(context);
}
}