Use systemd in prod

PhoneToolMX/PhoneToolMX.csproj

@@ -15,6 +15,7 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
     <PackageReference Include="Microsoft.EntityFrameworkCore.Proxies" Version="6.0.23" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="6.0.0" />
     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="6.0.13" />
     <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="6.0.22" />
   </ItemGroup>

PhoneToolMX/Program.cs

@@ -3,10 +3,14 @@ using Microsoft.EntityFrameworkCore;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.CookiePolicy;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using NuGet.Packaging;
 using PhoneToolMX.Models;
+using System.Net;
 using System.Security.Authentication;
 using System.Security.Claims;
 
@@ -19,6 +23,10 @@ options => options.UseNpgsql(builder.Configuration.GetConnectionString("DbConnec
     b => b.MigrationsAssembly("PhoneToolMX.Models")));
 builder.Services.AddDatabaseDeveloperPageExceptionFilter();
 
+if (!builder.Environment.IsDevelopment()) {
+    builder.Host.UseSystemd();
+}
+
 builder.Services.AddIdentityCore<User>(opts =>
     { 
         opts.ClaimsIdentity.UserIdClaimType = "sub";
@@ -31,6 +39,18 @@ builder.Services.AddIdentityCore<User>(opts =>
     .AddUserManager<UserManager<User>>()
     .AddEntityFrameworkStores<PTMXContext>();
 
+Console.WriteLine("Testing one two");
+
+var proxyConfig = builder.Configuration.GetSection("Proxies");
+if (proxyConfig?.GetSection("TrustedProxies")?.Get<IList<string>>() is {} trustedProxies) {
+    Console.WriteLine("Got trusted proxies!");
+    builder.Services.Configure<ForwardedHeadersOptions>(opts =>
+    {
+        opts.KnownProxies.AddRange(trustedProxies.Select(IPAddress.Parse));
+        opts.ForwardedHeaders = ForwardedHeaders.All;
+    });
+}
+
 // Using OIDC
 builder.Services.AddAuthentication(opts =>
 {
@@ -81,7 +101,7 @@ builder.Services.AddAuthentication(opts =>
                 }
             }
         };
-
+        
         // if dev, disable secure
         if (!builder.Environment.IsDevelopment()) return;
         opts.NonceCookie.SecurePolicy = CookieSecurePolicy.None;
@@ -103,6 +123,14 @@ if (!app.Environment.IsDevelopment())
     app.UseExceptionHandler("/Home/Error");
     // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
     app.UseHsts();
+    app.UseCookiePolicy(new CookiePolicyOptions
+    {
+        HttpOnly = HttpOnlyPolicy.Always,
+        MinimumSameSitePolicy = SameSiteMode.Strict,
+        Secure = CookieSecurePolicy.Always,
+    });
+    app.UseHttpsRedirection();
+    app.UseForwardedHeaders();
 } else {
     app.UseDeveloperExceptionPage();
     app.UseMigrationsEndPoint();
@@ -115,7 +143,6 @@ using (var scope = app.Services.CreateScope()) {
     context.Database.EnsureCreated();
 }
 
-app.UseHttpsRedirection();
 app.UseStaticFiles();
 
 app.UseRouting();