Compare commits
No commits in common. "766ecf702f0d49a820cf264c053a5efbe148e282" and "75e235b8e390b2b29d160dc6625f897bd535d1f9" have entirely different histories.
766ecf702f
...
75e235b8e3
@ -14,9 +14,6 @@ EnvLoader.LoadDotEnvIfDevelopment();
|
||||
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
var pathBase = NormalizePathBase(builder.Configuration["PathBase"]);
|
||||
var issuer = builder.Configuration["Auth:Issuer"];
|
||||
var issuerUri = ParseAbsoluteUriOrThrow(issuer, "Auth:Issuer");
|
||||
var allowInsecureHttp = builder.Configuration.GetValue("Auth:AllowInsecureHttp", false);
|
||||
|
||||
builder.Services.AddDbContext<MemberCenterDbContext>(options =>
|
||||
{
|
||||
@ -61,8 +58,14 @@ builder.Services.AddOpenIddict()
|
||||
WithPathBase(pathBase, "/auth/login"),
|
||||
WithPathBase(pathBase, "/auth/refresh"));
|
||||
options.SetLogoutEndpointUris(WithPathBase(pathBase, "/auth/logout"));
|
||||
if (issuerUri is not null)
|
||||
var issuer = builder.Configuration["Auth:Issuer"];
|
||||
if (!string.IsNullOrWhiteSpace(issuer))
|
||||
{
|
||||
if (!Uri.TryCreate(issuer, UriKind.Absolute, out var issuerUri))
|
||||
{
|
||||
throw new InvalidOperationException("Auth:Issuer must be an absolute URI.");
|
||||
}
|
||||
|
||||
options.SetIssuer(issuerUri);
|
||||
}
|
||||
|
||||
@ -95,9 +98,9 @@ builder.Services.AddOpenIddict()
|
||||
.EnableLogoutEndpointPassthrough()
|
||||
.EnableStatusCodePagesIntegration();
|
||||
|
||||
if (builder.Environment.IsDevelopment() || allowInsecureHttp)
|
||||
if (builder.Environment.IsDevelopment())
|
||||
{
|
||||
// Allows OIDC/OAuth endpoints to operate behind non-HTTPS internal networks/proxies.
|
||||
// TEST/LOCAL ONLY: allow HTTP for local Docker integration testing.
|
||||
aspNetCore.DisableTransportSecurityRequirement();
|
||||
}
|
||||
})
|
||||
@ -137,17 +140,6 @@ if (!string.IsNullOrWhiteSpace(pathBase))
|
||||
app.UsePathBase(pathBase);
|
||||
}
|
||||
|
||||
app.Use(async (context, next) =>
|
||||
{
|
||||
if (issuerUri is not null && IsOpenIddictRequest(context.Request.Path))
|
||||
{
|
||||
context.Request.Scheme = issuerUri.Scheme;
|
||||
context.Request.Host = HostString.FromUriComponent(issuerUri);
|
||||
}
|
||||
|
||||
await next();
|
||||
});
|
||||
|
||||
app.UseRouting();
|
||||
app.UseAuthentication();
|
||||
app.UseAuthorization();
|
||||
@ -174,25 +166,3 @@ static string WithPathBase(string? pathBase, string relativePath)
|
||||
? normalizedRelativePath
|
||||
: $"{pathBase}{normalizedRelativePath}";
|
||||
}
|
||||
|
||||
static Uri? ParseAbsoluteUriOrThrow(string? uri, string configKey)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(uri))
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
if (!Uri.TryCreate(uri, UriKind.Absolute, out var parsed))
|
||||
{
|
||||
throw new InvalidOperationException($"{configKey} must be an absolute URI.");
|
||||
}
|
||||
|
||||
return parsed;
|
||||
}
|
||||
|
||||
static bool IsOpenIddictRequest(PathString path)
|
||||
{
|
||||
return path.StartsWithSegments("/.well-known", StringComparison.OrdinalIgnoreCase)
|
||||
|| path.StartsWithSegments("/oauth", StringComparison.OrdinalIgnoreCase)
|
||||
|| path.StartsWithSegments("/auth", StringComparison.OrdinalIgnoreCase);
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user