diff --git a/DotBased b/DotBased
index 03daea4..5341179 160000
--- a/DotBased
+++ b/DotBased
@@ -1 +1 @@
-Subproject commit 03daea46e78dfa97d3e4f85fa8035fef5c5ed446
+Subproject commit 5341179e9421b7d8c4e54ce4962fc856cef4d6ed
diff --git a/SharpRSS.Blazor/Components/Pages/Home.razor b/SharpRSS.Blazor/Components/Pages/Home.razor
index 19d6dfd..6e1ab80 100644
--- a/SharpRSS.Blazor/Components/Pages/Home.razor
+++ b/SharpRSS.Blazor/Components/Pages/Home.razor
@@ -4,4 +4,13 @@
Mud text!
+
+
+ Not autorized for role: 'test'
+
+
+ Role: 'test' found!
+
+
+
Welcome to your new app.
\ No newline at end of file
diff --git a/SharpRSS.Blazor/Components/Pages/TestAdmin.razor b/SharpRSS.Blazor/Components/Pages/TestAdmin.razor
new file mode 100644
index 0000000..1bdff9b
--- /dev/null
+++ b/SharpRSS.Blazor/Components/Pages/TestAdmin.razor
@@ -0,0 +1,7 @@
+@page "/TestAdmin"
+@attribute [Authorize(Roles = "Admin")]
+
TestAdmin
+
+@code {
+
+}
\ No newline at end of file
diff --git a/SharpRSS.Blazor/Components/Routes.razor b/SharpRSS.Blazor/Components/Routes.razor
index ae94e9e..a977289 100644
--- a/SharpRSS.Blazor/Components/Routes.razor
+++ b/SharpRSS.Blazor/Components/Routes.razor
@@ -3,4 +3,11 @@
+
+
+ @*TODO: Manage not found*@
+ Not found!
+ Page not found!
+
+
\ No newline at end of file
diff --git a/SharpRSS.Blazor/Components/_Imports.razor b/SharpRSS.Blazor/Components/_Imports.razor
index 22cab9c..a7f89ce 100644
--- a/SharpRSS.Blazor/Components/_Imports.razor
+++ b/SharpRSS.Blazor/Components/_Imports.razor
@@ -1,14 +1,19 @@
@using System.Net.Http
@using System.Net.Http.Json
+@using Microsoft.AspNetCore.Authorization
@using Microsoft.AspNetCore.Components.Forms
@using Microsoft.AspNetCore.Components.Routing
@using Microsoft.AspNetCore.Components.Web
-@using static Microsoft.AspNetCore.Components.Web.RenderMode
@using Microsoft.AspNetCore.Components.Web.Virtualization
+@using Microsoft.AspNetCore.Components.Authorization
@using Microsoft.JSInterop
+@using static Microsoft.AspNetCore.Components.Web.RenderMode
@*SharpRSS*@
@using SharpRSS.Blazor
@using SharpRSS.Blazor.Components
+@using SharpRSS.Blazor.Components.Layout
@*MudBlazor*@
@using MudBlazor
-@using MudBlazor.Components
\ No newline at end of file
+@using MudBlazor.Components
+@*Authorize for the whole application*@
+@attribute [Authorize]
\ No newline at end of file
diff --git a/SharpRSS.Blazor/Program.cs b/SharpRSS.Blazor/Program.cs
index b572233..6514e6c 100644
--- a/SharpRSS.Blazor/Program.cs
+++ b/SharpRSS.Blazor/Program.cs
@@ -4,9 +4,9 @@ using MudBlazor.Services;
using SharpRSS.Blazor.Components;
using SharpRSS.Business;
using SharpRSS.Data;
+using SharpRSS.Data.Domains.Configuration;
var builder = WebApplication.CreateBuilder(args);
-
builder.UseSRSS();
builder.Services.AddBlazoredLocalStorage();
@@ -20,15 +20,22 @@ builder.Services.AddHttpContextAccessor(); // HttpContext accessor
/*
* HSTS config
*/
-builder.Services.AddHsts(options =>
+var hstsConfig = new HstsConfiguration();
+var configSection = builder.Configuration.GetSection($"HTTP:{HstsConfiguration.Hsts}");
+configSection.Bind(hstsConfig);
+if (hstsConfig.EnableHsts)
{
- options.Preload = true;
- options.IncludeSubDomains = true;
- options.MaxAge = TimeSpan.FromDays(60); // For DEV = 60 days, PROD = 1 year
-});
+ builder.Services.AddHsts(options =>
+ {
+ options.Preload = hstsConfig.Preload;
+ options.IncludeSubDomains = hstsConfig.IncludeSubdomains;
+ options.MaxAge = TimeSpan.FromSeconds(hstsConfig.MaxAgeSeconds);
+ });
+}
var app = builder.Build();
+//TODO: Move to migrations
var contextFactory = app.Services.GetService>();
if (contextFactory != null)
{
@@ -42,14 +49,15 @@ else
if (!app.Environment.IsDevelopment())
{
+ app.UseDeveloperExceptionPage();
app.UseExceptionHandler("/Error", createScopeForErrors: true);
- app.UseHsts();
}
app.UseHttpsRedirection();
-
app.UseStaticFiles();
app.UseAntiforgery();
+app.UseAuthentication();
+app.UseAuthorization();
app.MapRazorComponents()
.AddInteractiveServerRenderMode();
diff --git a/SharpRSS.Blazor/appsettings.Development.json b/SharpRSS.Blazor/appsettings.Development.json
index eedf5a9..c7523c3 100644
--- a/SharpRSS.Blazor/appsettings.Development.json
+++ b/SharpRSS.Blazor/appsettings.Development.json
@@ -42,5 +42,15 @@
"Properties": {
"Application": "SharpRSS"
}
+ },
+ "HTTP":
+ {
+ "HSTS":
+ {
+ "EnableHSTS": true,
+ "MaxAgeSeconds": 300,
+ "IncludeSubdomains": true,
+ "Preload": true
+ }
}
}
diff --git a/SharpRSS.Business/Auth/SRSSAuthenticationStateProvider.cs b/SharpRSS.Business/Auth/SRSSAuthenticationStateProvider.cs
deleted file mode 100644
index a33cb2a..0000000
--- a/SharpRSS.Business/Auth/SRSSAuthenticationStateProvider.cs
+++ /dev/null
@@ -1,40 +0,0 @@
-using DotBased.Logging;
-using Microsoft.AspNetCore.Components.Authorization;
-using Microsoft.AspNetCore.Http;
-using SharpRSS.Business.Services;
-
-namespace SharpRSS.Business.Auth;
-
-public class SRSSAuthenticationStateProvider : AuthenticationStateProvider
-{
- public SRSSAuthenticationStateProvider(IHttpContextAccessor contextAccessor, AuthService authService)
- {
- _logger = LogService.RegisterLogger(typeof(SRSSAuthenticationStateProvider));
- if (contextAccessor.HttpContext != null)
- _httpContext = contextAccessor.HttpContext;
- else
- {
- var ex = new ApplicationException("HttpContext is null! Cannot setup authentication state provider!");
- _logger.Fatal(ex, "Failed to initialize authentication state provider!");
- throw ex;
- }
- _authService = authService;
- }
-
- /*
- * Services
- */
- private readonly ILogger _logger;
- private readonly HttpContext _httpContext;
- private readonly AuthService _authService;
- /*
- * Consts
- */
- private const string AuthIdName = "srss_auth_id";
-
- public override Task GetAuthenticationStateAsync()
- {
- _logger.Debug("Getting authentication state...");
- throw new NotImplementedException();
- }
-}
\ No newline at end of file
diff --git a/SharpRSS.Business/DependencyInjection.cs b/SharpRSS.Business/DependencyInjection.cs
index b208555..cec002c 100644
--- a/SharpRSS.Business/DependencyInjection.cs
+++ b/SharpRSS.Business/DependencyInjection.cs
@@ -1,17 +1,17 @@
+using DotBased.ASP.Auth;
+using DotBased.ASP.Auth.Scheme;
using DotBased.Logging;
using DotBased.Logging.Serilog;
using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.EntityFrameworkCore.Diagnostics;
using Serilog;
-using SharpRSS.Business.Auth;
-using SharpRSS.Business.Services;
using SharpRSS.Core.Configuration;
using SharpRSS.Data;
+using AuthService = SharpRSS.Business.Services.AuthService;
namespace SharpRSS.Business;
@@ -68,7 +68,14 @@ public static class DependencyInjection
/*
* Authentication
*/
- builder.Services.AddScoped();
+ builder.Services.UseBasedAuth(options =>
+ {
+ options.AllowRegistration = false;
+ options.AuthenticationStateMaxAgeBeforeExpire = TimeSpan.FromDays(7);
+ options.LoginPath = "/auth/login";
+ options.LogoutPath = "/auth/logout";
+ });
+ builder.Services.AddCascadingAuthenticationState();
//TODO: Auth, Settings
return builder;
diff --git a/SharpRSS.Business/SharpRSS.Business.csproj b/SharpRSS.Business/SharpRSS.Business.csproj
index 5ac63b4..0005ffc 100644
--- a/SharpRSS.Business/SharpRSS.Business.csproj
+++ b/SharpRSS.Business/SharpRSS.Business.csproj
@@ -7,6 +7,7 @@
+
@@ -36,4 +37,8 @@
+
+
+
+
diff --git a/SharpRSS.Data/Domains/Configuration/HstsConfiguration.cs b/SharpRSS.Data/Domains/Configuration/HstsConfiguration.cs
index d958bfd..2f5d0e2 100644
--- a/SharpRSS.Data/Domains/Configuration/HstsConfiguration.cs
+++ b/SharpRSS.Data/Domains/Configuration/HstsConfiguration.cs
@@ -5,7 +5,7 @@ public class HstsConfiguration
public const string Hsts = "HSTS";
public bool EnableHsts { get; set; }
- public long MaxAgeSeconds { get; set; }
+ public double MaxAgeSeconds { get; set; }
public bool IncludeSubdomains { get; set; }
public bool Preload { get; set; }
}
\ No newline at end of file
diff --git a/SharpRSS.sln b/SharpRSS.sln
index 385baa8..bc27ca7 100755
--- a/SharpRSS.sln
+++ b/SharpRSS.sln
@@ -17,6 +17,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DotBased", "DotBased\DotBas
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DotBased.Logging.Serilog", "DotBased\DotBased.Logging.Serilog\DotBased.Logging.Serilog.csproj", "{49F07625-B92C-439B-AC3E-7DEB26EA15D4}"
EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DotBased.ASP.Auth", "DotBased\DotBased.ASP.Auth\DotBased.ASP.Auth.csproj", "{18CEAA37-B46A-4543-9E7B-5BF12CFF9172}"
+EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
@@ -47,6 +49,10 @@ Global
{49F07625-B92C-439B-AC3E-7DEB26EA15D4}.Debug|Any CPU.Build.0 = Debug|Any CPU
{49F07625-B92C-439B-AC3E-7DEB26EA15D4}.Release|Any CPU.ActiveCfg = Release|Any CPU
{49F07625-B92C-439B-AC3E-7DEB26EA15D4}.Release|Any CPU.Build.0 = Release|Any CPU
+ {18CEAA37-B46A-4543-9E7B-5BF12CFF9172}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {18CEAA37-B46A-4543-9E7B-5BF12CFF9172}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {18CEAA37-B46A-4543-9E7B-5BF12CFF9172}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {18CEAA37-B46A-4543-9E7B-5BF12CFF9172}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
@@ -57,5 +63,6 @@ Global
GlobalSection(NestedProjects) = preSolution
{F2BA5122-C9EE-4E65-B3EF-987D797AEAB0} = {A73E4832-235F-4032-825E-3A928199A5DF}
{49F07625-B92C-439B-AC3E-7DEB26EA15D4} = {A73E4832-235F-4032-825E-3A928199A5DF}
+ {18CEAA37-B46A-4543-9E7B-5BF12CFF9172} = {A73E4832-235F-4032-825E-3A928199A5DF}
EndGlobalSection
EndGlobal
diff --git a/git-cmd.md b/git-cmd.md
index e6cee7a..1011ffd 100755
--- a/git-cmd.md
+++ b/git-cmd.md
@@ -12,7 +12,7 @@ git submodule update --init --recursive
## Submodule commit
-cd
+cd
git add .