diff --git a/PhoneToolMX/PhoneToolMX.csproj b/PhoneToolMX/PhoneToolMX.csproj index d509b90..8b8fa58 100644 --- a/PhoneToolMX/PhoneToolMX.csproj +++ b/PhoneToolMX/PhoneToolMX.csproj @@ -15,6 +15,7 @@ <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets> </PackageReference> <PackageReference Include="Microsoft.EntityFrameworkCore.Proxies" Version="6.0.23" /> + <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="6.0.0" /> <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="6.0.13" /> <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="6.0.22" /> </ItemGroup> diff --git a/PhoneToolMX/Program.cs b/PhoneToolMX/Program.cs index db12cc8..4be83d0 100644 --- a/PhoneToolMX/Program.cs +++ b/PhoneToolMX/Program.cs @@ -3,10 +3,14 @@ using Microsoft.EntityFrameworkCore; using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.CookiePolicy; +using Microsoft.AspNetCore.HttpOverrides; using Microsoft.AspNetCore.Identity; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Protocols.OpenIdConnect; +using NuGet.Packaging; using PhoneToolMX.Models; +using System.Net; using System.Security.Authentication; using System.Security.Claims; @@ -19,6 +23,10 @@ options => options.UseNpgsql(builder.Configuration.GetConnectionString("DbConnec b => b.MigrationsAssembly("PhoneToolMX.Models"))); builder.Services.AddDatabaseDeveloperPageExceptionFilter(); +if (!builder.Environment.IsDevelopment()) { + builder.Host.UseSystemd(); +} + builder.Services.AddIdentityCore<User>(opts => { opts.ClaimsIdentity.UserIdClaimType = "sub"; @@ -31,6 +39,18 @@ builder.Services.AddIdentityCore<User>(opts => .AddUserManager<UserManager<User>>() .AddEntityFrameworkStores<PTMXContext>(); +Console.WriteLine("Testing one two"); + +var proxyConfig = builder.Configuration.GetSection("Proxies"); +if (proxyConfig?.GetSection("TrustedProxies")?.Get<IList<string>>() is {} trustedProxies) { + Console.WriteLine("Got trusted proxies!"); + builder.Services.Configure<ForwardedHeadersOptions>(opts => + { + opts.KnownProxies.AddRange(trustedProxies.Select(IPAddress.Parse)); + opts.ForwardedHeaders = ForwardedHeaders.All; + }); +} + // Using OIDC builder.Services.AddAuthentication(opts => { @@ -81,7 +101,7 @@ builder.Services.AddAuthentication(opts => } } }; - + // if dev, disable secure if (!builder.Environment.IsDevelopment()) return; opts.NonceCookie.SecurePolicy = CookieSecurePolicy.None; @@ -103,6 +123,14 @@ if (!app.Environment.IsDevelopment()) app.UseExceptionHandler("/Home/Error"); // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts(); + app.UseCookiePolicy(new CookiePolicyOptions + { + HttpOnly = HttpOnlyPolicy.Always, + MinimumSameSitePolicy = SameSiteMode.Strict, + Secure = CookieSecurePolicy.Always, + }); + app.UseHttpsRedirection(); + app.UseForwardedHeaders(); } else { app.UseDeveloperExceptionPage(); app.UseMigrationsEndPoint(); @@ -115,7 +143,6 @@ using (var scope = app.Services.CreateScope()) { context.Database.EnsureCreated(); } -app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseRouting();