using System; using System.Text; using System.Threading.Tasks; using BlueWest.Domain; using BlueWest.Domain; using BlueWest.Cryptography; using BlueWest.Data.Application.Users; using BlueWest.Data.Auth; using BlueWest.Data.Auth.Context.Users; using BlueWest.WebApi.Configuration; using BlueWest.WebApi.Context.Users; using BlueWest.WebApi.Session; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Identity; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Logging; using Microsoft.IdentityModel.Tokens; using Redis.OM; namespace BlueWest.WebApi { /// /// Startup Extensions /// public static class StartupExtensions { private static MySqlServerVersion GetMySqlServerVersion(int major, int minor, int build) => new (new Version(major, minor, build)); private static string GetConnectionString(this IConfiguration configurationRoot, string db) { // Docker / No-Docker var startupMode = configurationRoot["mode"]; if (startupMode == "docker") { var config = configurationRoot.GetSection("ConnectionStringDocker")[db]; return config; } else { var config = configurationRoot.GetSection("ConnectionStringNoDocker")[db]; return config; } return string.Empty; } /// /// Get MYSQL Connection String /// /// /// /// private static DbContextOptionsBuilder GetMySqlSettings( this DbContextOptionsBuilder optionsBuilder, IConfiguration configuration, IWebHostEnvironment environment) { var sqlVersion = GetMySqlServerVersion(8, 0, 11); // Docker / No-Docker var mySqlConnectionString = configuration.GetConnectionString("MySQL"); if (mySqlConnectionString == string.Empty) { throw new InvalidOperationException("Fatal error: MySQL Connection string is empty."); } optionsBuilder .UseMySql( mySqlConnectionString, sqlVersion) .UseMySql(sqlVersion, builder => { builder.EnableRetryOnFailure(6, TimeSpan.FromSeconds(3), null); }); // The following three options help with debugging, but should // be changed or removed for production. if (environment.IsDevelopment()) { optionsBuilder .LogTo(Console.WriteLine, LogLevel.Information) .EnableSensitiveDataLogging() .EnableDetailedErrors(); } return optionsBuilder; } /// /// Setup database Contexts /// /// /// /// /// public static IServiceCollection PrepareMySqlDatabasePool(this IServiceCollection serviceCollection, IConfiguration configuration, IWebHostEnvironment environment) { return serviceCollection .AddDbContextPool(options => options.GetMySqlSettings(configuration, environment)) .AddDbContextPool(options => options.GetMySqlSettings(configuration, environment)) .AddDbContextPool(options => options.GetMySqlSettings(configuration, environment)) .AddDbContextPool(options => options.GetMySqlSettings(configuration, environment)) .AddDbContextPool(options => options.GetMySqlSettings(configuration, environment)); } internal static IServiceCollection AddAuthServerServices(this IServiceCollection services, IConfiguration configuration , IWebHostEnvironment environment) { var connectionString = configuration.GetConnectionString("Redis"); if (connectionString == null) { throw new InvalidOperationException("Redis connection string is empty"); } services .AddSingleton(new RedisConnectionProvider(connectionString)) .AddScoped() .AddScoped() .AddHostedService() .AddSingleton() .AddScoped() .AddScoped() .AddScoped() .AddScoped(); // Database Context and Swagger // Register the ConfigurationBuilder instance of AuthSettings var authSettings = configuration.GetSection(nameof(AuthSettings)); services.Configure(authSettings); var signingKey = new SymmetricSecurityKey (Encoding.ASCII.GetBytes(authSettings[nameof(AuthSettings.SecretKey)])); // jwt wire up // Get options from app settings var jwtAppSettingOptions = configuration .GetSection(nameof(JwtIssuerOptions)); // Configure JwtIssuerOptions services.Configure(options => { options.Issuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)]; options.Audience = jwtAppSettingOptions[nameof(JwtIssuerOptions.Audience)]; options.SigningCredentials = new SigningCredentials (signingKey, SecurityAlgorithms.HmacSha256); }); var tokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidIssuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)], ValidateAudience = true, ValidAudience = jwtAppSettingOptions[nameof(JwtIssuerOptions.Audience)], ValidateIssuerSigningKey = true, IssuerSigningKey = signingKey, RequireExpirationTime = false, ValidateLifetime = true, ClockSkew = TimeSpan.Zero }; services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddCookie(options => { options.Cookie.SameSite = SameSiteMode.Lax; options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; options.Cookie.MaxAge = SessionConstants.DefaultSessionMaxAge; options.LoginPath = "/api/auth/logincookie"; options.LogoutPath = "/api/auth/logout"; }) .AddJwtBearer(configureOptions => { configureOptions.ClaimsIssuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)]; configureOptions.TokenValidationParameters = tokenValidationParameters; configureOptions.SaveToken = true; configureOptions.Events = new JwtBearerEvents { OnAuthenticationFailed = context => { if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) { context.Response.Headers.Add("Token-Expired", "true"); } return Task.CompletedTask; }, }; }); // api user claim policy services.AddAuthorization(options => { options.AddPolicy(SessionConstants.ApiNamePolicy, policy => policy.RequireClaim(Data.Auth.Context.Users.Constants.JwtClaimIdentifiers.Rol, Data.Auth.Context.Users.Constants.JwtClaims.ApiAccess)); }); // add identity var identityBuilder = services.AddIdentityCore(o => { o.User.RequireUniqueEmail = true; // configure identity options o.Password.RequireDigit = false; o.Password.RequireLowercase = false; o.Password.RequireUppercase = false; o.Password.RequireNonAlphanumeric = false; o.Password.RequiredLength = 6; }) .AddUserManager() .AddUserStore(); identityBuilder = new IdentityBuilder(identityBuilder.UserType, typeof(ApplicationRole), identityBuilder.Services); identityBuilder .AddEntityFrameworkStores() .AddDefaultTokenProviders(); return services; } } }