Teknikode
/
Teknik
Watch 3
Star 17
Fork 4
Code Issues 38 Pull Requests 0 Releases 3 Wiki Activity
The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
727 Commits
2 Branches
Tree: f15fb73094
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f15fb73094'
${ noResults }
Teknik/Teknik/Startup.cs

Startup.cs 13KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335 
  1. using System;

  2. using System.Collections.Generic;

  3. using System.Linq;

  4. using System.Threading.Tasks;

  5. using Microsoft.AspNetCore.Builder;

  6. using Microsoft.AspNetCore.Identity;

  7. using Microsoft.AspNetCore.Hosting;

  8. using Microsoft.AspNetCore.Http;

  9. using Microsoft.AspNetCore.HttpsPolicy;

  10. using Microsoft.AspNetCore.Mvc;

  11. using Microsoft.EntityFrameworkCore;

  12. using Teknik.Data;

  13. using Teknik.Utilities;

  14. using Microsoft.Extensions.Configuration;

  15. using Microsoft.Extensions.DependencyInjection;

  16. using Teknik.Logging;

  17. using System.IO;

  18. using Microsoft.Extensions.Logging;

  19. using Teknik.Configuration;

  20. using Teknik.Middleware;

  21. using Microsoft.AspNetCore.ResponseCompression;

  22. using System.IO.Compression;

  23. using System.Text;

  24. using Microsoft.AspNetCore.Authentication.Cookies;

  25. using IdentityServer4.Models;

  26. using Microsoft.AspNetCore.Authentication.OpenIdConnect;

  27. using Teknik.Attributes;

  28. using Teknik.Filters;

  29. using Microsoft.Net.Http.Headers;

  30. using Teknik.Areas.Users.Models;

  31. using Microsoft.AspNetCore.Mvc.Infrastructure;

  32. using Microsoft.AspNetCore.Mvc.Routing;

  33. using Microsoft.AspNetCore.Http.Features;

  34. using Microsoft.IdentityModel.Tokens;

  35. using Microsoft.AspNetCore.Authentication;

  36. using IdentityModel;

  37. using Teknik.Security;

  38. using Microsoft.AspNetCore.Routing;

  39. using Microsoft.AspNetCore.Mvc.Internal;

  40. using Microsoft.AspNetCore.Authorization;

  41. using System.Text.Encodings.Web;

  42. 

  43. namespace Teknik

  44. {

  45.     public class Startup

  46.     {

  47.         public Startup(IHostingEnvironment env)

  48.         {

  49.             Environment = env;

  50.         }

  51.         

  52.         public IHostingEnvironment Environment { get; }

  53. 

  54.         // This method gets called by the runtime. Use this method to add services to the container.

  55.         public void ConfigureServices(IServiceCollection services)

  56.         {

  57.             string baseDir = Environment.ContentRootPath;

  58.             string dataDir = Path.Combine(baseDir, "App_Data");

  59.             AppDomain.CurrentDomain.SetData("DataDirectory", dataDir);

  60. 

  61.             // Setup IIS

  62.             services.Configure<IISOptions>(options =>

  63.             {

  64.                 options.ForwardClientCertificate = false;

  65.                 options.AutomaticAuthentication = false;

  66.             });

  67. 

  68.             // HTTP Context

  69.             services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();

  70. 

  71.             // Create Configuration Singleton

  72.             services.AddScoped<Config, Config>(opt => Config.Load(dataDir));

  73. 

  74.             // Build an intermediate service provider

  75.             var sp = services.BuildServiceProvider();

  76. 

  77.             // Resolve the services from the service provider

  78.             var config = sp.GetService<Config>();

  79. 

  80.             if (config.DevEnvironment)

  81.             {

  82.                 Environment.EnvironmentName = EnvironmentName.Development;

  83.             }

  84.             else

  85.             {

  86.                 Environment.EnvironmentName = EnvironmentName.Production;

  87.             }

  88. 

  89.             services.AddHttpsRedirection(options =>

  90.             {

  91.                 options.RedirectStatusCode = (Environment.IsDevelopment()) ? StatusCodes.Status307TemporaryRedirect : StatusCodes.Status308PermanentRedirect;

  92. #if DEBUG

  93.                 options.HttpsPort = 5050;

  94. #else

  95.                 options.HttpsPort = 443;

  96. #endif

  97.             });

  98. 

  99.             // Add Tracking Filter scopes

  100.             //services.AddScoped<TrackDownload>();

  101.             //services.AddScoped<TrackLink>();

  102.             //services.AddScoped<TrackPageView>();

  103. 

  104.             // Create the Database Context

  105.             services.AddDbContext<TeknikEntities>(options => options

  106.                     .UseLazyLoadingProxies()

  107.                     .UseSqlServer(config.DbConnection), ServiceLifetime.Transient);

  108. 

  109.             // Cookie Policies

  110.             services.Configure<CookiePolicyOptions>(options =>

  111.             {

  112.                 // This lambda determines whether user consent for non-essential cookies is needed for a given request.

  113.                 options.CheckConsentNeeded = context => false;

  114.                 options.MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.None;

  115.             });

  116. 

  117.             services.ConfigureApplicationCookie(options =>

  118.             {

  119.                 options.Cookie.Domain = CookieHelper.GenerateCookieDomain(config.Host, false, Environment.IsDevelopment());

  120.                 options.Cookie.Name = "TeknikWeb";

  121.                 options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;

  122.                 options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;

  123.                 options.Cookie.Expiration = TimeSpan.FromDays(30);

  124.                 options.ExpireTimeSpan = TimeSpan.FromDays(30);

  125.             });

  126. 

  127.             // Compression Response

  128.             services.Configure<GzipCompressionProviderOptions>(options => options.Level = CompressionLevel.Fastest);

  129.             services.AddResponseCompression(options => {

  130.                 options.Providers.Add<GzipCompressionProvider>();

  131.             });

  132. 

  133.             services.AddHttpsRedirection(options =>

  134.             {

  135.                 options.RedirectStatusCode = StatusCodes.Status301MovedPermanently;

  136.             });

  137. 

  138.             // Sessions

  139.             services.AddResponseCaching();

  140.             services.AddMemoryCache();

  141.             services.AddSession();

  142. 

  143.             // Set the anti-forgery cookie name

  144.             services.AddAntiforgery(options =>

  145.             {

  146.                 options.Cookie.Domain = CookieHelper.GenerateCookieDomain(config.Host, false, Environment.IsDevelopment());

  147.                 options.Cookie.Name = "TeknikWebAntiForgery";

  148.                 options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;

  149.                 options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;

  150.             });

  151. 

  152.             // Core MVC

  153.             services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

  154. 

  155.             services.AddTransient<CookieEventHandler>();

  156.             services.AddSingleton<LogoutSessionManager>();

  157. 

  158.             services.AddAuthentication(options =>

  159.             {

  160.                 options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;

  161.                 options.DefaultChallengeScheme = "oidc";

  162.             })

  163.                 .AddIdentityServerAuthentication(options =>

  164.                 {

  165.                     options.Authority = config.UserConfig.IdentityServerConfig.Authority;

  166.                     options.RequireHttpsMetadata = true;

  167. 

  168.                     options.ApiName = config.UserConfig.IdentityServerConfig.APIName;

  169.                     options.ApiSecret = config.UserConfig.IdentityServerConfig.APISecret;

  170. 

  171.                     options.NameClaimType = "username";

  172.                     options.RoleClaimType = JwtClaimTypes.Role;

  173.                 })

  174.                 .AddCookie(options =>

  175.                 {

  176.                     options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;

  177.                     options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;

  178.                     options.Cookie.Expiration = TimeSpan.FromDays(30);

  179.                     options.ExpireTimeSpan = TimeSpan.FromDays(30);

  180.                     options.Cookie.Name = "TeknikWebAuth";

  181.                     options.Cookie.Domain = CookieHelper.GenerateCookieDomain(config.Host, false, Environment.IsDevelopment());

  182. 

  183.                     options.EventsType = typeof(CookieEventHandler);

  184.                 })

  185.                 .AddOpenIdConnect("oidc", options =>

  186.                 {

  187.                     options.SignInScheme = "Cookies";

  188. 

  189.                     options.Authority = config.UserConfig.IdentityServerConfig.Authority;

  190.                     options.RequireHttpsMetadata = true;

  191. 

  192.                     options.ClientId = config.UserConfig.IdentityServerConfig.ClientId;

  193.                     options.ClientSecret = config.UserConfig.IdentityServerConfig.ClientSecret;

  194.                     options.ResponseType = "code id_token";

  195. 

  196.                     // Set the scopes to listen to

  197.                     options.Scope.Clear();

  198.                     options.Scope.Add("openid");

  199.                     options.Scope.Add("role");

  200.                     options.Scope.Add("account-info");

  201.                     options.Scope.Add("teknik-api.read");

  202.                     options.Scope.Add("teknik-api.write");

  203.                     options.Scope.Add("offline_access");

  204. 

  205.                     // Let's clear the claim actions and make our own mappings

  206.                     options.ClaimActions.Clear();

  207.                     options.ClaimActions.MapUniqueJsonKey("sub", "sub");

  208.                     options.ClaimActions.MapUniqueJsonKey("username", "username");

  209.                     options.ClaimActions.MapUniqueJsonKey("role", "role");

  210.                     options.ClaimActions.MapUniqueJsonKey("creation-date", "creation-date");

  211.                     options.ClaimActions.MapUniqueJsonKey("last-seen", "last-seen");

  212.                     options.ClaimActions.MapUniqueJsonKey("account-type", "account-type");

  213.                     options.ClaimActions.MapUniqueJsonKey("account-status", "account-status");

  214.                     options.ClaimActions.MapUniqueJsonKey("recovery-email", "recovery-email");

  215.                     options.ClaimActions.MapUniqueJsonKey("recovery-verified", "recovery-verified");

  216.                     options.ClaimActions.MapUniqueJsonKey("2fa-enabled", "2fa-enabled");

  217.                     options.ClaimActions.MapUniqueJsonKey("pgp-public-key", "pgp-public-key");

  218. 

  219.                     options.GetClaimsFromUserInfoEndpoint = true;

  220.                     options.SaveTokens = true;

  221. 

  222.                     options.TokenValidationParameters = new TokenValidationParameters

  223.                     {

  224.                         NameClaimType = "username",

  225.                         RoleClaimType = JwtClaimTypes.Role

  226.                     };

  227. 

  228.                     options.Events.OnRemoteFailure = HandleOnRemoteFailure;

  229.                 });

  230. 

  231.             services.AddAuthorization(options =>

  232.             {

  233.                 options.AddPolicy("FullAPI", p =>

  234.                 {

  235.                     p.AddAuthenticationSchemes("Bearer");

  236.                     p.RequireScope("teknik-api.read");

  237.                     p.RequireScope("teknik-api.write");

  238.                 });

  239.                 options.AddPolicy("ReadAPI", p =>

  240.                 {

  241.                     p.AddAuthenticationSchemes("Bearer");

  242.                     p.RequireScope("teknik-api.read");

  243.                 });

  244.                 options.AddPolicy("WriteAPI", p =>

  245.                 {

  246.                     p.AddAuthenticationSchemes("Bearer");

  247.                     p.RequireScope("teknik-api.write");

  248.                 });

  249.                 options.AddPolicy("AnyAPI", p =>

  250.                 {

  251.                     p.AddAuthenticationSchemes("Bearer");

  252.                     p.RequireScope("teknik-api.read", "teknik-api.write");

  253.                 });

  254.             });

  255. 

  256.             services.Configure<FormOptions>(x =>

  257.             {

  258.                 x.ValueLengthLimit = int.MaxValue;

  259.                 x.MultipartBodyLengthLimit = long.MaxValue; // In case of multipart

  260.             });

  261.         }

  262. 

  263.         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.

  264.         public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, TeknikEntities dbContext, Config config)

  265.         {

  266.             // Create and Migrate the database

  267.             dbContext.Database.Migrate();

  268. 

  269.             // Initiate Logging

  270.             loggerFactory.AddLogger(config);

  271. 

  272.             // Setup the HttpContext

  273.             app.UseHttpContextSetup();

  274. 

  275.             // HttpContext Session

  276.             app.UseSession(new SessionOptions()

  277.             {

  278.                 IdleTimeout = TimeSpan.FromMinutes(30),

  279.                 Cookie = new CookieBuilder()

  280.                 {

  281.                     Domain = CookieHelper.GenerateCookieDomain(config.Host, false, Environment.IsDevelopment()),

  282.                     Name = "TeknikWebSession",

  283.                     SecurePolicy = CookieSecurePolicy.SameAsRequest,

  284.                     SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict

  285.                 }

  286.             });

  287. 

  288.             // Use Exception Handling

  289.             app.UseErrorHandler(config);

  290. 

  291.             // Performance Monitor the entire request

  292.             app.UsePerformanceMonitor();

  293. 

  294.             // Custom Middleware

  295.             app.UseBlacklist();

  296.             app.UseCORS();

  297.             app.UseCSP();

  298.             app.UseSecurityHeaders();

  299. 

  300.             // Cache Responses

  301.             app.UseResponseCaching();

  302. 

  303.             // Force a HTTPS redirection (301)

  304.             app.UseHttpsRedirection();

  305. 

  306.             // Setup static files anc cache them client side

  307.             app.UseStaticFiles(new StaticFileOptions

  308.             {

  309.                 OnPrepareResponse = ctx =>

  310.                 {

  311.                     ctx.Context.Response.Headers[HeaderNames.CacheControl] = "public,max-age=" + 31536000;

  312.                 }

  313.             });

  314. 

  315.             // Enable Cookie Policy

  316.             app.UseCookiePolicy();

  317. 

  318.             // Authorize all the things!

  319.             app.UseAuthentication();

  320. 

  321.             // And finally, let's use MVC

  322.             app.UseMvc(routes =>

  323.             {

  324.                 routes.BuildRoutes(config);

  325.             });

  326.         }

  327. 

  328.         private async Task HandleOnRemoteFailure(RemoteFailureContext context)

  329.         {

  330.             if (context.Failure.Message.Contains("access_denied"))

  331.                 context.Response.StatusCode = 403;

  332.             context.HandleResponse();

  333.         }

  334.     }

  335. }