You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
110 lines
3.5 KiB
110 lines
3.5 KiB
using Microsoft.AspNetCore.DataProtection;
|
|
using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
|
|
using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using OAuthServer;
|
|
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
|
|
// Add logging to console
|
|
builder.Logging.AddConsole();
|
|
|
|
// Add services to the container.
|
|
builder.Services.AddControllers();
|
|
builder.Services.AddEndpointsApiExplorer();
|
|
builder.Services.AddSwaggerGen();
|
|
|
|
builder.Configuration.Sources.Clear();
|
|
builder.Services.AddDbContext<AppDbContext>(options => { options.UseSqlite("DataSource=db.sqlite3"); });
|
|
|
|
builder.Services.AddIdentity<IdentityUser, IdentityRole>(options => { options.Stores.MaxLengthForKeys = 128; })
|
|
.AddEntityFrameworkStores<AppDbContext>()
|
|
.AddDefaultTokenProviders();
|
|
|
|
builder.Services.Configure<IdentityOptions>(options =>
|
|
{
|
|
|
|
// SignIn settings.
|
|
options.SignIn.RequireConfirmedAccount = false;
|
|
options.SignIn.RequireConfirmedEmail = false;
|
|
options.SignIn.RequireConfirmedPhoneNumber = false;
|
|
|
|
// Lockout settings.
|
|
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
|
|
options.Lockout.MaxFailedAccessAttempts = 5;
|
|
options.Lockout.AllowedForNewUsers = true;
|
|
|
|
// Password settings.
|
|
options.Password.RequireDigit = false;
|
|
options.Password.RequireLowercase = false;
|
|
options.Password.RequireNonAlphanumeric = false;
|
|
options.Password.RequireUppercase = false;
|
|
options.Password.RequiredLength = 1;
|
|
options.Password.RequiredUniqueChars = 1;
|
|
});
|
|
|
|
builder.Services.ConfigureApplicationCookie(options =>
|
|
{
|
|
// Cookie options
|
|
options.Cookie.Name = "AuthCookie";
|
|
options.Cookie.HttpOnly = true;
|
|
|
|
options.ExpireTimeSpan = TimeSpan.FromHours(24);
|
|
options.SlidingExpiration = true;
|
|
});
|
|
|
|
// Force Identity's security stamp to be validated every minute.
|
|
builder.Services.Configure<SecurityStampValidatorOptions>(options =>
|
|
{
|
|
options.ValidationInterval = TimeSpan.FromMinutes(10);
|
|
});
|
|
|
|
// Set a more secure password hashing iteration count
|
|
builder.Services.Configure<PasswordHasherOptions>(option => { option.IterationCount = 100_000; });
|
|
|
|
builder.Services.AddDataProtection().UseCryptographicAlgorithms(new AuthenticatedEncryptorConfiguration()
|
|
{
|
|
EncryptionAlgorithm = EncryptionAlgorithm.AES_256_CBC,
|
|
ValidationAlgorithm = ValidationAlgorithm.HMACSHA256
|
|
});
|
|
|
|
// Add policy-based authorization
|
|
builder.Services.AddAuthorization(options =>
|
|
{
|
|
// Require either role to authenticate as Contestant
|
|
options.AddPolicy("User", policy => policy
|
|
.RequireRole("User")
|
|
.AddAuthenticationSchemes(IdentityConstants.ApplicationScheme)
|
|
);
|
|
|
|
// Require the External role to authenticate with a different authentication method
|
|
options.AddPolicy("External", policy => policy
|
|
.RequireRole("External")
|
|
.AddAuthenticationSchemes(IdentityConstants.ApplicationScheme)
|
|
);
|
|
});
|
|
|
|
var app = builder.Build();
|
|
|
|
// Configure the HTTP request pipeline.
|
|
if (app.Environment.IsDevelopment())
|
|
{
|
|
app.UseSwagger();
|
|
app.UseSwaggerUI();
|
|
}
|
|
|
|
app.MapControllers();
|
|
|
|
// Automatically apply migrations to database on startup
|
|
var scopeFactory = app.Services.GetRequiredService<IServiceScopeFactory>();
|
|
using (var scope = scopeFactory.CreateScope())
|
|
{
|
|
using (var databaseContext = scope.ServiceProvider.GetRequiredService<AppDbContext>())
|
|
{
|
|
// Migrate the database
|
|
databaseContext.Database.Migrate();
|
|
}
|
|
}
|
|
|
|
app.Run(); |