Startup.cs 5.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170
  1. using System;
  2. using Microsoft.AspNetCore.Builder;
  3. using Microsoft.AspNetCore.Hosting;
  4. using Microsoft.Extensions.Configuration;
  5. using Microsoft.Extensions.DependencyInjection;
  6. using Microsoft.Extensions.Hosting;
  7. using Microsoft.Extensions.FileProviders;
  8. using System.IO;
  9. using Microsoft.AspNetCore.Http;
  10. using Microsoft.AspNetCore.Authentication.JwtBearer;
  11. using Microsoft.IdentityModel.Tokens;
  12. using System.Text;
  13. using Microsoft.Extensions.Logging;
  14. using System.Collections.Generic;
  15. using Microsoft.AspNetCore.Cors.Infrastructure;
  16. using Microsoft.AspNetCore.StaticFiles;
  17. namespace jsonjumble
  18. {
  19. public class Startup
  20. {
  21. public IConfiguration Configuration { get; }
  22. public Startup(IConfiguration configuration)
  23. {
  24. Configuration = configuration;
  25. }
  26. public void ConfigureServices(IServiceCollection services)
  27. {
  28. services.AddControllers();
  29. services.AddAuthentication(options =>
  30. {
  31. options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
  32. options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
  33. options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
  34. }).AddJwtBearer(options =>
  35. {
  36. options.RequireHttpsMetadata = false;
  37. options.SaveToken = true;
  38. options.TokenValidationParameters = new TokenValidationParameters()
  39. {
  40. ValidateIssuerSigningKey = true,
  41. IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtSettings:SecretKey"])),
  42. ValidateIssuer = true,
  43. ValidIssuer = Configuration["JwtSettings:Issuer"],
  44. ValidateAudience = true,
  45. ValidAudience = Configuration["JwtSettings:Audience"],
  46. ValidateLifetime = true,
  47. ClockSkew = TimeSpan.FromMinutes(Configuration.GetValue<int>("JwtSettings:ExpirationInHours"))
  48. };
  49. });
  50. services.AddMvc().AddNewtonsoftJson();
  51. var validOrigins = Configuration.GetSection("RegisteredDomains").Get<List<string>>().ToArray();
  52. var originString = new StringBuilder();
  53. originString.AppendJoin(", ", validOrigins);
  54. Console.WriteLine($"Allowing Origins: {originString}");
  55. services.AddCors(options =>
  56. {
  57. // options.AddDefaultPolicy(policy =>
  58. // {
  59. // policy.WithOrigins(validOrigins);
  60. // policy.WithMethods(new string[] { "GET" });
  61. // policy.WithHeaders(new string[] { "Access-Control-Allow-Origin", "Content-Type" });
  62. // });
  63. options.AddPolicy(name: "jsonjumble_corspolicy",
  64. policy =>
  65. {
  66. // policy.AllowAnyOrigin();
  67. // policy.AllowAnyMethod();
  68. // policy.AllowAnyHeader();
  69. policy.WithOrigins(validOrigins);
  70. policy.WithMethods(new string[] {"GET"});
  71. policy.WithHeaders(new string[] {"Access-Control-Allow-Origin", "Content-Type"});
  72. });
  73. });
  74. }
  75. public void Configure(
  76. ILogger<Startup> logger,
  77. IApplicationBuilder app,
  78. IWebHostEnvironment env,
  79. ICorsService corsService,
  80. ICorsPolicyProvider corsPolicyProvider
  81. )
  82. {
  83. if (env.IsDevelopment())
  84. {
  85. app.UseDeveloperExceptionPage();
  86. }
  87. if (Configuration.GetValue<Boolean>("UseHttps"))
  88. {
  89. app.UseHttpsRedirection();
  90. }
  91. string errorPath = Path.Combine(Directory.GetCurrentDirectory(), Configuration.GetValue<string>("RelativeErrorFilePath"));
  92. logger.LogInformation($"Loading static error pages from {errorPath}");
  93. app.UseStatusCodePages(new StatusCodePagesOptions()
  94. {
  95. HandleAsync = async (context) =>
  96. {
  97. var filePath = Path.Combine(errorPath, context.HttpContext.Response.StatusCode + ".html");
  98. var responseMessage = $"Error {context.HttpContext.Response.StatusCode}";
  99. if (System.IO.File.Exists(filePath))
  100. {
  101. responseMessage = System.IO.File.ReadAllText(filePath);
  102. }
  103. await context.HttpContext.Response.WriteAsync(responseMessage);
  104. }
  105. });
  106. string staticPath = Path.Combine(Directory.GetCurrentDirectory(), Configuration.GetValue<string>("RelativeStaticFilePath"));
  107. logger.LogInformation($"Loading static files from {staticPath}");
  108. PhysicalFileProvider staticFileProvider = new PhysicalFileProvider(staticPath);
  109. app.UseDefaultFiles(new DefaultFilesOptions()
  110. {
  111. FileProvider = staticFileProvider,
  112. DefaultFileNames = new string[] { "index.html", "index.json" }
  113. });
  114. app.UseStaticFiles(new StaticFileOptions()
  115. {
  116. FileProvider = staticFileProvider,
  117. ServeUnknownFileTypes = true,
  118. OnPrepareResponse = (ctx) =>
  119. {
  120. AddCorsHeadersToStaticFiles(ctx, corsService, corsPolicyProvider);
  121. }
  122. });
  123. app.UseRouting();
  124. // app.UseCors("jsonjumble_corspolicy");
  125. app.UseCors("jsonjumble_corspolicy");
  126. app.UseAuthentication();
  127. app.UseAuthorization();
  128. app.UseEndpoints(endpoints =>
  129. {
  130. endpoints.MapControllers();
  131. });
  132. }
  133. public void AddCorsHeadersToStaticFiles(StaticFileResponseContext ctx,ICorsService corsService,ICorsPolicyProvider corsPolicyProvider) {
  134. var policy = corsPolicyProvider.GetPolicyAsync(ctx.Context, "jsonjumble_corspolicy")
  135. .ConfigureAwait(false)
  136. .GetAwaiter().GetResult();
  137. var corsResult = corsService.EvaluatePolicy(ctx.Context, policy);
  138. corsService.ApplyResult(corsResult, ctx.Context.Response);
  139. // ctx.Context.Response.Headers.Add("X-Content-Type-Options", "nosniff");
  140. }
  141. }
  142. }