251 lines
10 KiB
C#
251 lines
10 KiB
C#
using DigitalData.UserManager.Infrastructure.Repositories;
|
|
using EnvelopeGenerator.Application.Contracts;
|
|
using EnvelopeGenerator.Application.MappingProfiles;
|
|
using EnvelopeGenerator.Application.Services;
|
|
using EnvelopeGenerator.Infrastructure.Contracts;
|
|
using EnvelopeGenerator.Infrastructure.Repositories;
|
|
using EnvelopeGenerator.Web.Services;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using NLog;
|
|
using Quartz;
|
|
using NLog.Web;
|
|
using DigitalData.Core.API;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using DigitalData.UserManager.Application.MappingProfiles;
|
|
using EnvelopeGenerator.Web.Models;
|
|
using DigitalData.Core.DTO;
|
|
using System.Text.Encodings.Web;
|
|
using Ganss.Xss;
|
|
using Microsoft.Extensions.Options;
|
|
using DigitalData.EmailProfilerDispatcher.Application;
|
|
using EnvelopeGenerator.Application;
|
|
using EnvelopeGenerator.Application.Resources;
|
|
|
|
var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
|
|
logger.Info("Logging initialized!");
|
|
try
|
|
{
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
|
|
var config = builder.Configuration;
|
|
|
|
var allowedOrigins = config.GetSection("AllowedOrigins").Get<string[]>() ??
|
|
throw new InvalidOperationException("AllowedOrigins section is missing in the configuration.");
|
|
|
|
builder.Services.AddCors(options =>
|
|
{
|
|
options.AddPolicy("SameOriginPolicy", builder =>
|
|
{
|
|
builder.WithOrigins(allowedOrigins)
|
|
.SetIsOriginAllowedToAllowWildcardSubdomains()
|
|
.AllowCredentials()
|
|
.AllowAnyMethod()
|
|
.AllowAnyHeader();
|
|
});
|
|
});
|
|
|
|
builder.Logging.ClearProviders();
|
|
builder.Host.UseNLog();
|
|
|
|
// Add base services
|
|
builder.Services.AddScoped<DatabaseService>();
|
|
|
|
// Add higher order services
|
|
builder.Services.AddScoped<EnvelopeOldService>();
|
|
|
|
// Add controllers and razor views
|
|
builder.Services.AddControllersWithViews(options =>
|
|
{
|
|
//remove option for Test*Controller
|
|
options.Conventions.Add(new RemoveIfControllerConvention()
|
|
.AndIf(_ => !builder.IsDevOrDiP())
|
|
.AndIf(c => c.ControllerName.StartsWith("Test"))
|
|
.AndIf(_ => !config.GetValue<bool>("EnableTestControllers")));
|
|
}).AddJsonOptions(q =>
|
|
{
|
|
// Prevents serialization error when serializing SvgBitmap in EnvelopeReceiver
|
|
q.JsonSerializerOptions.ReferenceHandler = System.Text.Json.Serialization.ReferenceHandler.IgnoreCycles;
|
|
});
|
|
|
|
if (config.GetValue<bool>("EnableSwagger") && builder.IsDevOrDiP())
|
|
{
|
|
builder.Services.AddEndpointsApiExplorer();
|
|
builder.Services.AddSwaggerGen();
|
|
}
|
|
|
|
//AddEF Core dbcontext
|
|
var connStr = config.GetConnectionString(Key.Default) ?? throw new InvalidOperationException("There is no default connection string in appsettings.json.");
|
|
builder.Services.AddDbContext<EGDbContext>(options => options.UseSqlServer(connStr));
|
|
|
|
//Inject CRUD Service and repositoriesad
|
|
builder.Services.AddScoped<IConfigRepository, ConfigRepository>();
|
|
builder.Services.AddScoped<IDocumentReceiverElementRepository, DocumentReceiverElementRepository>();
|
|
builder.Services.AddScoped<IEnvelopeDocumentRepository, EnvelopeDocumentRepository>();
|
|
builder.Services.AddScoped<IConfigRepository, ConfigRepository>();
|
|
builder.Services.AddScoped<IDocumentReceiverElementRepository, DocumentReceiverElementRepository>();
|
|
builder.Services.AddScoped<IDocumentStatusRepository, DocumentStatusRepository>();
|
|
builder.Services.AddScoped<IEmailTemplateRepository, EmailTemplateRepository>();
|
|
builder.Services.AddScoped<IEnvelopeRepository, EnvelopeRepository>();
|
|
builder.Services.AddScoped<IEnvelopeCertificateRepository, EnvelopeCertificateRepository>();
|
|
builder.Services.AddScoped<IEnvelopeDocumentRepository, EnvelopeDocumentRepository>();
|
|
builder.Services.AddScoped<IEnvelopeHistoryRepository, EnvelopeHistoryRepository>();
|
|
builder.Services.AddScoped<IEnvelopeReceiverRepository, EnvelopeReceiverRepository>();
|
|
builder.Services.AddScoped<IEnvelopeTypeRepository, EnvelopeTypeRepository>();
|
|
builder.Services.AddScoped<IReceiverRepository, ReceiverRepository>();
|
|
builder.Services.AddScoped<IUserReceiverRepository, UserReceiverRepository>();
|
|
builder.Services.AddScoped<IConfigService, ConfigService>();
|
|
builder.Services.AddScoped<IDocumentReceiverElementService, DocumentReceiverElementService>();
|
|
builder.Services.AddScoped<IEnvelopeDocumentService, EnvelopeDocumentService>();
|
|
builder.Services.AddScoped<IDocumentStatusService, DocumentStatusService>();
|
|
builder.Services.AddScoped<IEmailTemplateService, EmailTemplateService>();
|
|
builder.Services.AddScoped<IEnvelopeService, EnvelopeService>();
|
|
builder.Services.AddScoped<IEnvelopeCertificateService, EnvelopeCertificateService>();
|
|
builder.Services.AddScoped<IEnvelopeDocumentService, EnvelopeDocumentService>();
|
|
builder.Services.AddScoped<IEnvelopeHistoryService, EnvelopeHistoryService>();
|
|
builder.Services.AddScoped<IEnvelopeReceiverService, EnvelopeReceiverService>();
|
|
builder.Services.AddScoped<IEnvelopeTypeService, EnvelopeTypeService>();
|
|
builder.Services.AddScoped<IReceiverService, ReceiverService>();
|
|
builder.Services.AddScoped<IUserReceiverService, UserReceiverService>();
|
|
|
|
//Auto mapping profiles
|
|
builder.Services.AddAutoMapper(typeof(BasicDtoMappingProfile).Assembly);
|
|
builder.Services.AddAutoMapper(typeof(UserMappingProfile).Assembly);
|
|
|
|
builder.Services.Configure<CookiePolicyOptions>(options =>
|
|
{
|
|
options.CheckConsentNeeded = context =>
|
|
{
|
|
var consentCookie = context.Request.Cookies["cookie-consent-settings"];
|
|
return consentCookie != "necessary=false";
|
|
};
|
|
|
|
options.MinimumSameSitePolicy = SameSiteMode.Strict;
|
|
options.ConsentCookie.Name = "cookie-consent-settings";
|
|
});
|
|
|
|
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
|
|
.AddCookie(options =>
|
|
{
|
|
options.Cookie.HttpOnly = true; // Makes the cookie inaccessible to client-side scripts for security
|
|
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only
|
|
options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites
|
|
options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
|
|
|
|
options.Events = new CookieAuthenticationEvents
|
|
{
|
|
OnRedirectToLogin = context =>
|
|
{
|
|
// Dynamically calculate the redirection path, for example:
|
|
var envelopeReceiverId = context.HttpContext.Request.RouteValues["envelopeReceiverId"];
|
|
context.RedirectUri = $"/EnvelopeKey/{envelopeReceiverId}/Locked";
|
|
|
|
context.Response.Redirect(context.RedirectUri);
|
|
return Task.CompletedTask;
|
|
},
|
|
OnRedirectToLogout = context =>
|
|
{
|
|
// Apply a similar redirection logic for logout
|
|
var envelopeReceiverId = context.HttpContext.Request.RouteValues["envelopeReceiverId"];
|
|
context.RedirectUri = $"/EnvelopeKey/{envelopeReceiverId}/Success";
|
|
|
|
context.Response.Redirect(context.RedirectUri);
|
|
return Task.CompletedTask;
|
|
}
|
|
};
|
|
});
|
|
|
|
builder.Services.AddSingleton(config.GetSection("ContactLink").Get<ContactLink>() ?? new());
|
|
|
|
builder.Services.AddCookieConsentSettings();
|
|
|
|
builder.Services.AddCookieBasedLocalizer();
|
|
|
|
builder.Services.AddSingleton(HtmlEncoder.Default);
|
|
builder.Services.AddSingleton(UrlEncoder.Default);
|
|
builder.Services.AddSingleton(_ =>
|
|
{
|
|
var sanitizer = new HtmlSanitizer();
|
|
//configure sanitzer
|
|
return sanitizer;
|
|
});
|
|
|
|
// Register the FlagIconCssClass instance as a singleton
|
|
builder.Services.Configure<Cultures>(config.GetSection("Cultures"));
|
|
builder.Services.AddSingleton(sp => sp.GetRequiredService<IOptions<Cultures>>().Value);
|
|
|
|
// Register mail services
|
|
builder.Services.AddScoped<IEnvelopeMailService, EnvelopeMailService>();
|
|
builder.Services.AddDispatcher<EGDbContext, Resource>();
|
|
|
|
var app = builder.Build();
|
|
|
|
// Configure the HTTP request pipeline.
|
|
if (!app.Environment.IsDevelopment())
|
|
{
|
|
app.UseExceptionHandler("/Home/Error");
|
|
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
|
|
app.UseHsts();
|
|
}
|
|
|
|
//Content-Security-Policy
|
|
if (config.GetValue<bool>("UseCSPInDev") || !app.Environment.IsDevelopment())
|
|
{
|
|
var csp_list = config.GetSection("Content-Security-Policy").Get<string[]>();
|
|
if (csp_list is null)
|
|
logger.Warn("There is no Content-Security-Policy");
|
|
else
|
|
{
|
|
var csp = string.Join("; ", csp_list?.Where(st => st is not null) ?? Array.Empty<string>());
|
|
logger.Info($"Content-Security-Policy {csp}");
|
|
if (csp_list is not null)
|
|
app.UseCSPMiddleware(csp);
|
|
}
|
|
}
|
|
|
|
if (config.GetValue<bool>("EnableSwagger") && builder.IsDevOrDiP())
|
|
{
|
|
app.UseSwagger();
|
|
app.UseSwaggerUI();
|
|
}
|
|
|
|
app.UseHttpsRedirection();
|
|
|
|
app.UseStaticFiles();
|
|
|
|
//app.UseCookiePolicy();
|
|
|
|
app.UseRouting();
|
|
|
|
app.UseAuthentication();
|
|
app.UseAuthorization();
|
|
|
|
var cultures = app.Services.GetRequiredService<Cultures>();
|
|
if(!cultures.Any())
|
|
throw new InvalidOperationException(@"Languages section is missing in the appsettings. Please configure like following.
|
|
Language is both a name of the culture and the name of the resx file such as Resource.de-DE.resx
|
|
FIClass is the css class (in wwwroot/lib/flag-icons-main) for the flag of country.
|
|
""Cultures"": [
|
|
{
|
|
""Language"": ""de-DE"",
|
|
""FIClass"": ""fi-de""
|
|
},
|
|
{
|
|
""Language"": ""en-US"",
|
|
""FIClass"": ""fi-us""
|
|
}
|
|
]");
|
|
|
|
if(!config.GetValue<bool>("DisableMultiLanguage"))
|
|
app.UseCookieBasedLocalizer(cultures.Languages.ToArray());
|
|
|
|
app.UseCors("SameOriginPolicy");
|
|
|
|
app.MapControllers();
|
|
app.MapFallbackToController("Error404", "Home");
|
|
app.Run();
|
|
}
|
|
catch(Exception ex)
|
|
{
|
|
logger.Error(ex, "Stopped program because of exception");
|
|
throw;
|
|
} |