-
Notifications
You must be signed in to change notification settings - Fork 0
/
Program.cs
100 lines (78 loc) · 3.08 KB
/
Program.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
using System.Threading.RateLimiting;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.RateLimiting;
using Microsoft.EntityFrameworkCore;
using Rankt.Features.Question;
using Rankt.Features.Account;
using Rankt.Infrastructure.Persistence;
var builder = WebApplication.CreateBuilder(args);
builder.Configuration.AddEnvironmentVariables();
builder.WebHost.UseKestrel(option => option.AddServerHeader = false);
// Add services to the container.
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
// TODO: Clean up and move to infrastructure/web/...
builder.Services.AddInfrastructureServices(builder.Configuration);
builder.Services.AddIdentityApiEndpoints<IdentityUser>(opt =>
{
opt.Lockout.AllowedForNewUsers = true;
opt.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
opt.Lockout.MaxFailedAccessAttempts = 3;
})
.AddEntityFrameworkStores<ApplicationDbContext>();
// Rate limiting for APIs that do not require authentication (e.g., "login")
builder.Services.AddRateLimiter(o =>
{
o.AddFixedWindowLimiter("fixed", options =>
{
// A maximum of 10 requests per each 10-second window are allowed
options.PermitLimit = 10;
options.Window = TimeSpan.FromSeconds(10);
options.QueueProcessingOrder = QueueProcessingOrder.OldestFirst;
options.QueueLimit = 10;
});
});
builder.Services.AddAuthentication();
builder.Services.AddAuthorization();
builder.Services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
});
var app = builder.Build();
// Handled by the reverse proxy
app.UseHttpsRedirection();
// Other security headers are appended by the reverse proxy (see OWASP recommendations).
app.UseSecurityHeaders();
app.UseHsts();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
app.UseDeveloperExceptionPage();
}
app.UseRateLimiter();
app.UseForwardedHeaders();
app.UseStaticFiles();
app.MapAccountEndpoints();
app.MapQuestionEndpoints();
app.MapFallbackToFile("index.html");
using (var scope = app.Services.CreateScope())
{
var dbContext = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
dbContext.Database.Migrate();
// Can be changed with environment variables (see docker-compose.yml)
var adminUsername = builder.Configuration["AppSetup:AdminUsername"] ?? "admin";
var adminPassword = builder.Configuration["AppSetup:AdminPassword"] ?? "temp";
var adminUser = dbContext.Users.First(x => x.Id == ApplicationDbContext.AdminUserId);
adminUser.UserName = adminUsername;
var pwHasher = new PasswordHasher<IdentityUser>();
adminUser.PasswordHash = pwHasher.HashPassword(adminUser, adminPassword);
dbContext.Update(adminUser);
dbContext.SaveChanges();
}
app.Run();