warrenchen/member_center
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: warrenchen:766ecf702f0d49a820cf264c053a5efbe148e282
Branches Tags
warrenchen:master
warrenchen:develop
..
compare: warrenchen:75e235b8e390b2b29d160dc6625f897bd535d1f9
Branches Tags
warrenchen:develop
warrenchen:master

No commits in common. "766ecf702f0d49a820cf264c053a5efbe148e282" and "75e235b8e390b2b29d160dc6625f897bd535d1f9" have entirely different histories.
766ecf702f ... 75e235b8e3

1 changed files with 9 additions and 39 deletions
Show Stats Expand all files Collapse all files

48
src/MemberCenter.Api/Program.cs
View File

@ -14,9 +14,6 @@ EnvLoader.LoadDotEnvIfDevelopment();
var builder = WebApplication.CreateBuilder(args); var builder = WebApplication.CreateBuilder(args);
var pathBase = NormalizePathBase(builder.Configuration["PathBase"]); var pathBase = NormalizePathBase(builder.Configuration["PathBase"]);
var issuer = builder.Configuration["Auth:Issuer"];
var issuerUri = ParseAbsoluteUriOrThrow(issuer, "Auth:Issuer");
var allowInsecureHttp = builder.Configuration.GetValue("Auth:AllowInsecureHttp", false);
builder.Services.AddDbContext<MemberCenterDbContext>(options => builder.Services.AddDbContext<MemberCenterDbContext>(options =>
{ {
@ -61,8 +58,14 @@ builder.Services.AddOpenIddict()
WithPathBase(pathBase, "/auth/login"), WithPathBase(pathBase, "/auth/login"),
WithPathBase(pathBase, "/auth/refresh")); WithPathBase(pathBase, "/auth/refresh"));
options.SetLogoutEndpointUris(WithPathBase(pathBase, "/auth/logout")); options.SetLogoutEndpointUris(WithPathBase(pathBase, "/auth/logout"));
if (issuerUri is not null) var issuer = builder.Configuration["Auth:Issuer"];
if (!string.IsNullOrWhiteSpace(issuer))
{ {
if (!Uri.TryCreate(issuer, UriKind.Absolute, out var issuerUri))
{
throw new InvalidOperationException("Auth:Issuer must be an absolute URI.");
}
options.SetIssuer(issuerUri); options.SetIssuer(issuerUri);
} }
@ -95,9 +98,9 @@ builder.Services.AddOpenIddict()
.EnableLogoutEndpointPassthrough() .EnableLogoutEndpointPassthrough()
.EnableStatusCodePagesIntegration(); .EnableStatusCodePagesIntegration();
if (builder.Environment.IsDevelopment() || allowInsecureHttp) if (builder.Environment.IsDevelopment())
{ {
// Allows OIDC/OAuth endpoints to operate behind non-HTTPS internal networks/proxies. // TEST/LOCAL ONLY: allow HTTP for local Docker integration testing.
aspNetCore.DisableTransportSecurityRequirement(); aspNetCore.DisableTransportSecurityRequirement();
} }
}) })
@ -137,17 +140,6 @@ if (!string.IsNullOrWhiteSpace(pathBase))
app.UsePathBase(pathBase); app.UsePathBase(pathBase);
} }
app.Use(async (context, next) =>
{
if (issuerUri is not null && IsOpenIddictRequest(context.Request.Path))
{
context.Request.Scheme = issuerUri.Scheme;
context.Request.Host = HostString.FromUriComponent(issuerUri);
}
await next();
});
app.UseRouting(); app.UseRouting();
app.UseAuthentication(); app.UseAuthentication();
app.UseAuthorization(); app.UseAuthorization();
@ -174,25 +166,3 @@ static string WithPathBase(string? pathBase, string relativePath)
? normalizedRelativePath ? normalizedRelativePath
: $"{pathBase}{normalizedRelativePath}"; : $"{pathBase}{normalizedRelativePath}";
} }
static Uri? ParseAbsoluteUriOrThrow(string? uri, string configKey)
{
if (string.IsNullOrWhiteSpace(uri))
{
return null;
}
if (!Uri.TryCreate(uri, UriKind.Absolute, out var parsed))
{
throw new InvalidOperationException($"{configKey} must be an absolute URI.");
}
return parsed;
}
static bool IsOpenIddictRequest(PathString path)
{
return path.StartsWithSegments("/.well-known", StringComparison.OrdinalIgnoreCase)
|| path.StartsWithSegments("/oauth", StringComparison.OrdinalIgnoreCase)
|| path.StartsWithSegments("/auth", StringComparison.OrdinalIgnoreCase);
}