From 89cb9fbe1ef9dcda49799c5538f9894dd79e60e6 Mon Sep 17 00:00:00 2001 From: Max Date: Sat, 6 Jul 2024 00:02:02 +0200 Subject: [PATCH] Working on http settings --- SharpRSS.Blazor/Program.cs | 17 +++++++++++++++-- SharpRSS.Blazor/SharpRSS.Blazor.csproj | 4 ++++ SharpRSS.Blazor/appsettings.json | 10 ++++++++++ .../Auth/SRSSAuthenticationStateProvider.cs | 10 ++++------ SharpRSS.Business/DependencyInjection.cs | 17 ++++++++++++----- .../Domains/Configuration/HstsConfiguration.cs | 11 +++++++++++ 6 files changed, 56 insertions(+), 13 deletions(-) rename {SharpRSS.Blazor => SharpRSS.Business}/Auth/SRSSAuthenticationStateProvider.cs (78%) create mode 100644 SharpRSS.Data/Domains/Configuration/HstsConfiguration.cs diff --git a/SharpRSS.Blazor/Program.cs b/SharpRSS.Blazor/Program.cs index 4360b05..b572233 100644 --- a/SharpRSS.Blazor/Program.cs +++ b/SharpRSS.Blazor/Program.cs @@ -8,6 +8,7 @@ using SharpRSS.Data; var builder = WebApplication.CreateBuilder(args); builder.UseSRSS(); + builder.Services.AddBlazoredLocalStorage(); // Add services to the container. @@ -16,6 +17,16 @@ builder.Services.AddRazorComponents() builder.Services.AddMudServices(); builder.Services.AddHttpContextAccessor(); // HttpContext accessor +/* + * HSTS config + */ +builder.Services.AddHsts(options => +{ + options.Preload = true; + options.IncludeSubDomains = true; + options.MaxAge = TimeSpan.FromDays(60); // For DEV = 60 days, PROD = 1 year +}); + var app = builder.Build(); var contextFactory = app.Services.GetService>(); @@ -24,12 +35,14 @@ if (contextFactory != null) await using var context = await contextFactory.CreateDbContextAsync(); context.Database.EnsureCreated(); } +else +{ + +} -// Configure the HTTP request pipeline. if (!app.Environment.IsDevelopment()) { app.UseExceptionHandler("/Error", createScopeForErrors: true); - // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts(); } diff --git a/SharpRSS.Blazor/SharpRSS.Blazor.csproj b/SharpRSS.Blazor/SharpRSS.Blazor.csproj index 51196ae..f614324 100644 --- a/SharpRSS.Blazor/SharpRSS.Blazor.csproj +++ b/SharpRSS.Blazor/SharpRSS.Blazor.csproj @@ -31,4 +31,8 @@ + + + + diff --git a/SharpRSS.Blazor/appsettings.json b/SharpRSS.Blazor/appsettings.json index fcc8986..c3063ea 100644 --- a/SharpRSS.Blazor/appsettings.json +++ b/SharpRSS.Blazor/appsettings.json @@ -43,5 +43,15 @@ "Application": "SharpRSS" } }, + "HTTP": + { + "HSTS": + { + "EnableHSTS": true, + "MaxAgeSeconds": 31536000, + "IncludeSubdomains": true, + "Preload": true + } + }, "AllowedHosts": "*" } diff --git a/SharpRSS.Blazor/Auth/SRSSAuthenticationStateProvider.cs b/SharpRSS.Business/Auth/SRSSAuthenticationStateProvider.cs similarity index 78% rename from SharpRSS.Blazor/Auth/SRSSAuthenticationStateProvider.cs rename to SharpRSS.Business/Auth/SRSSAuthenticationStateProvider.cs index da60a16..a33cb2a 100644 --- a/SharpRSS.Blazor/Auth/SRSSAuthenticationStateProvider.cs +++ b/SharpRSS.Business/Auth/SRSSAuthenticationStateProvider.cs @@ -1,14 +1,13 @@ -using Blazored.LocalStorage; using DotBased.Logging; using Microsoft.AspNetCore.Components.Authorization; +using Microsoft.AspNetCore.Http; using SharpRSS.Business.Services; -using ILogger = DotBased.Logging.ILogger; -namespace SharpRSS.Blazor.Auth; +namespace SharpRSS.Business.Auth; public class SRSSAuthenticationStateProvider : AuthenticationStateProvider { - public SRSSAuthenticationStateProvider(IHttpContextAccessor contextAccessor, AuthService authService, ILocalStorageService localStorageService) + public SRSSAuthenticationStateProvider(IHttpContextAccessor contextAccessor, AuthService authService) { _logger = LogService.RegisterLogger(typeof(SRSSAuthenticationStateProvider)); if (contextAccessor.HttpContext != null) @@ -20,7 +19,6 @@ public class SRSSAuthenticationStateProvider : AuthenticationStateProvider throw ex; } _authService = authService; - _localStorageService = localStorageService; } /* @@ -29,7 +27,6 @@ public class SRSSAuthenticationStateProvider : AuthenticationStateProvider private readonly ILogger _logger; private readonly HttpContext _httpContext; private readonly AuthService _authService; - private readonly ILocalStorageService _localStorageService; /* * Consts */ @@ -37,6 +34,7 @@ public class SRSSAuthenticationStateProvider : AuthenticationStateProvider public override Task GetAuthenticationStateAsync() { + _logger.Debug("Getting authentication state..."); throw new NotImplementedException(); } } \ No newline at end of file diff --git a/SharpRSS.Business/DependencyInjection.cs b/SharpRSS.Business/DependencyInjection.cs index 0fafc23..b208555 100644 --- a/SharpRSS.Business/DependencyInjection.cs +++ b/SharpRSS.Business/DependencyInjection.cs @@ -1,12 +1,14 @@ using DotBased.Logging; using DotBased.Logging.Serilog; using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Components.Authorization; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; using Microsoft.EntityFrameworkCore.Diagnostics; using Serilog; +using SharpRSS.Business.Auth; using SharpRSS.Business.Services; using SharpRSS.Core.Configuration; using SharpRSS.Data; @@ -24,7 +26,7 @@ public static class DependencyInjection Log.Logger = serilogConfig.CreateLogger(); LogService.AddLogAdapter(new BasedSerilogAdapter(Log.Logger)); - var logger = LogService.RegisterLogger(typeof(DependencyInjection)); + var _logger = LogService.RegisterLogger(typeof(DependencyInjection)); builder.Logging.ClearProviders(); builder.Logging.AddSerilog(); @@ -40,17 +42,17 @@ public static class DependencyInjection switch (dbSettings.Server.ToUpper()) { case "SQLITE": - logger.Information("Configuring SQLite context..."); + _logger.Information("Configuring SQLite context..."); options.UseSqlite(dbSettings.Connection); break; case "MARIADB": - logger.Information("Configuring MariaDB context..."); + _logger.Information("Configuring MariaDB context..."); var srvVersion = ServerVersion.AutoDetect(dbSettings.Connection); - logger.Information("Server found, version: {SrvVersion}", srvVersion.Version.Build); + _logger.Information("Server found, version: {SrvVersion}", srvVersion.Version.Build); options.UseMySql(dbSettings.Connection, srvVersion); break; case "MSSQL": - logger.Information("Configuring MSSQL context..."); + _logger.Information("Configuring MSSQL context..."); options.UseSqlServer(dbSettings.Connection); break; default: @@ -63,6 +65,11 @@ public static class DependencyInjection */ builder.Services.AddScoped(); + /* + * Authentication + */ + builder.Services.AddScoped(); + //TODO: Auth, Settings return builder; } diff --git a/SharpRSS.Data/Domains/Configuration/HstsConfiguration.cs b/SharpRSS.Data/Domains/Configuration/HstsConfiguration.cs new file mode 100644 index 0000000..d958bfd --- /dev/null +++ b/SharpRSS.Data/Domains/Configuration/HstsConfiguration.cs @@ -0,0 +1,11 @@ +namespace SharpRSS.Data.Domains.Configuration; + +public class HstsConfiguration +{ + public const string Hsts = "HSTS"; + + public bool EnableHsts { get; set; } + public long MaxAgeSeconds { get; set; } + public bool IncludeSubdomains { get; set; } + public bool Preload { get; set; } +} \ No newline at end of file