419 lines
16 KiB
C#
419 lines
16 KiB
C#
// (c) Copyright Ascensio System SIA 2010-2022
|
|
//
|
|
// This program is a free software product.
|
|
// You can redistribute it and/or modify it under the terms
|
|
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
|
|
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
|
|
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
|
|
// any third-party rights.
|
|
//
|
|
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
|
|
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
|
|
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
|
|
//
|
|
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
|
|
//
|
|
// The interactive user interfaces in modified source and object code versions of the Program must
|
|
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
|
|
//
|
|
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
|
|
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
|
|
// trademark law for use of our trademarks.
|
|
//
|
|
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
|
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
|
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
|
|
|
using Flurl.Util;
|
|
|
|
namespace ASC.Api.Core;
|
|
|
|
public abstract class BaseStartup
|
|
{
|
|
private const string CustomCorsPolicyName = "Basic";
|
|
private const string BasicAuthScheme = "Basic";
|
|
private const string MultiAuthSchemes = "MultiAuthSchemes";
|
|
|
|
protected readonly IConfiguration _configuration;
|
|
private readonly IHostEnvironment _hostEnvironment;
|
|
private readonly string _corsOrigin;
|
|
|
|
protected virtual bool AddControllersAsServices { get; }
|
|
protected virtual bool ConfirmAddScheme { get; }
|
|
protected virtual bool AddAndUseSession { get; }
|
|
protected DIHelper DIHelper { get; }
|
|
protected bool LoadProducts { get; set; } = true;
|
|
protected bool LoadConsumers { get; } = true;
|
|
protected bool WebhooksEnabled { get; set; }
|
|
|
|
public BaseStartup(IConfiguration configuration, IHostEnvironment hostEnvironment)
|
|
{
|
|
_configuration = configuration;
|
|
_hostEnvironment = hostEnvironment;
|
|
|
|
_corsOrigin = _configuration["core:cors"];
|
|
|
|
DIHelper = new DIHelper();
|
|
|
|
if (bool.TryParse(_configuration["core:products"], out var loadProducts))
|
|
{
|
|
LoadProducts = loadProducts;
|
|
}
|
|
}
|
|
|
|
public virtual void ConfigureServices(IServiceCollection services)
|
|
{
|
|
services.AddCustomHealthCheck(_configuration);
|
|
services.AddHttpContextAccessor();
|
|
services.AddMemoryCache();
|
|
services.AddHttpClient();
|
|
|
|
services.Configure<ForwardedHeadersOptions>(options =>
|
|
{
|
|
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
|
|
options.ForwardLimit = null;
|
|
options.KnownNetworks.Clear();
|
|
options.KnownProxies.Clear();
|
|
|
|
var knownProxies = _configuration.GetSection("core:hosting:forwardedHeadersOptions:knownProxies").Get<List<String>>();
|
|
var knownNetworks = _configuration.GetSection("core:hosting:forwardedHeadersOptions:knownNetworks").Get<List<String>>();
|
|
|
|
if (knownProxies != null && knownProxies.Count > 0)
|
|
{
|
|
foreach (var knownProxy in knownProxies)
|
|
{
|
|
options.KnownProxies.Add(IPAddress.Parse(knownProxy));
|
|
}
|
|
}
|
|
|
|
|
|
if (knownNetworks != null && knownNetworks.Count > 0)
|
|
{
|
|
foreach (var knownNetwork in knownNetworks)
|
|
{
|
|
var prefix = IPAddress.Parse(knownNetwork.Split("/")[0]);
|
|
var prefixLength = Convert.ToInt32(knownNetwork.Split("/")[1]);
|
|
|
|
options.KnownNetworks.Add(new IPNetwork(prefix, prefixLength));
|
|
}
|
|
}
|
|
});
|
|
|
|
var redisOptions = _configuration.GetSection("Redis").Get<RedisConfiguration>().ConfigurationOptions;
|
|
var connectionMultiplexer = ConnectionMultiplexer.Connect(redisOptions);
|
|
|
|
services.AddRateLimiter(options =>
|
|
{
|
|
options.GlobalLimiter = PartitionedRateLimiter.CreateChained(
|
|
PartitionedRateLimiter.Create<HttpContext, string>(httpContext =>
|
|
{
|
|
var userId = httpContext?.User?.Claims.FirstOrDefault(x => x.Type == ClaimTypes.Sid)?.Value;
|
|
|
|
if (userId == null)
|
|
{
|
|
userId = httpContext?.Connection.RemoteIpAddress.ToInvariantString();
|
|
}
|
|
|
|
var permitLimit = 1500;
|
|
|
|
string partitionKey;
|
|
|
|
partitionKey = $"sw_{userId}";
|
|
|
|
return RedisRateLimitPartition.GetSlidingWindowRateLimiter(partitionKey, key => new RedisSlidingWindowRateLimiterOptions
|
|
{
|
|
PermitLimit = permitLimit,
|
|
Window = TimeSpan.FromMinutes(1),
|
|
ConnectionMultiplexerFactory = () => connectionMultiplexer
|
|
});
|
|
}),
|
|
PartitionedRateLimiter.Create<HttpContext, string>(httpContext =>
|
|
{
|
|
var userId = httpContext?.User?.Claims.FirstOrDefault(x => x.Type == ClaimTypes.Sid)?.Value;
|
|
string partitionKey;
|
|
int permitLimit;
|
|
|
|
if (userId == null)
|
|
{
|
|
userId = httpContext?.Connection.RemoteIpAddress.ToInvariantString();
|
|
}
|
|
|
|
if (String.Compare(httpContext.Request.Method, "GET", true) == 0)
|
|
{
|
|
permitLimit = 50;
|
|
partitionKey = $"cr_read_{userId}";
|
|
|
|
}
|
|
else
|
|
{
|
|
permitLimit = 15;
|
|
partitionKey = $"cr_write_{userId}";
|
|
}
|
|
|
|
return RedisRateLimitPartition.GetConcurrencyRateLimiter(partitionKey, key => new RedisConcurrencyRateLimiterOptions
|
|
{
|
|
PermitLimit = permitLimit,
|
|
QueueLimit = 0,
|
|
ConnectionMultiplexerFactory = () => connectionMultiplexer
|
|
});
|
|
}),
|
|
PartitionedRateLimiter.Create<HttpContext, string>(httpContext =>
|
|
{
|
|
var userId = httpContext?.User?.Claims.FirstOrDefault(x => x.Type == ClaimTypes.Sid)?.Value;
|
|
|
|
if (userId == null)
|
|
{
|
|
userId = httpContext?.Connection.RemoteIpAddress.ToInvariantString();
|
|
}
|
|
|
|
var partitionKey = $"fw_post_put_{userId}";
|
|
var permitLimit = 10000;
|
|
|
|
if (!(String.Compare(httpContext.Request.Method, "POST", true) == 0 ||
|
|
String.Compare(httpContext.Request.Method, "PUT", true) == 0))
|
|
{
|
|
return RateLimitPartition.GetNoLimiter("no_limiter");
|
|
}
|
|
|
|
return RedisRateLimitPartition.GetFixedWindowRateLimiter(partitionKey, key => new RedisFixedWindowRateLimiterOptions
|
|
{
|
|
PermitLimit = permitLimit,
|
|
Window = TimeSpan.FromDays(1),
|
|
ConnectionMultiplexerFactory = () => connectionMultiplexer
|
|
});
|
|
}
|
|
));
|
|
|
|
options.AddPolicy("sensitive_api", httpContext =>
|
|
{
|
|
var userId = httpContext?.User?.Claims.FirstOrDefault(x => x.Type == ClaimTypes.Sid)?.Value;
|
|
var permitLimit = 5;
|
|
var partitionKey = $"sensitive_api_{userId}";
|
|
|
|
return RedisRateLimitPartition.GetSlidingWindowRateLimiter(partitionKey, key => new RedisSlidingWindowRateLimiterOptions
|
|
{
|
|
PermitLimit = permitLimit,
|
|
Window = TimeSpan.FromMinutes(1),
|
|
ConnectionMultiplexerFactory = () => connectionMultiplexer
|
|
});
|
|
});
|
|
|
|
options.OnRejected = (context, ct) => RateLimitMetadata.OnRejected(context.HttpContext, context.Lease, ct);
|
|
});
|
|
|
|
services.AddScoped<EFLoggerFactory>();
|
|
|
|
services.AddBaseDbContextPool<AccountLinkContext>()
|
|
.AddBaseDbContextPool<CoreDbContext>()
|
|
.AddBaseDbContextPool<TenantDbContext>()
|
|
.AddBaseDbContextPool<UserDbContext>()
|
|
.AddBaseDbContextPool<TelegramDbContext>()
|
|
.AddBaseDbContextPool<FirebaseDbContext>()
|
|
.AddBaseDbContextPool<CustomDbContext>()
|
|
.AddBaseDbContextPool<WebstudioDbContext>()
|
|
.AddBaseDbContextPool<InstanceRegistrationContext>()
|
|
.AddBaseDbContextPool<IntegrationEventLogContext>()
|
|
.AddBaseDbContextPool<FeedDbContext>()
|
|
.AddBaseDbContextPool<MessagesContext>()
|
|
.AddBaseDbContextPool<WebhooksDbContext>();
|
|
|
|
if (AddAndUseSession)
|
|
{
|
|
services.AddSession();
|
|
}
|
|
|
|
DIHelper.Configure(services);
|
|
|
|
Action<JsonOptions> jsonOptions = options =>
|
|
{
|
|
options.JsonSerializerOptions.WriteIndented = false;
|
|
options.JsonSerializerOptions.DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull;
|
|
};
|
|
|
|
services.AddControllers().AddJsonOptions(jsonOptions);
|
|
|
|
services.AddSingleton(jsonOptions);
|
|
|
|
DIHelper.AddControllers();
|
|
DIHelper.TryAdd<CultureMiddleware>();
|
|
DIHelper.TryAdd<LoggerMiddleware>();
|
|
DIHelper.TryAdd<IpSecurityFilter>();
|
|
DIHelper.TryAdd<PaymentFilter>();
|
|
DIHelper.TryAdd<ProductSecurityFilter>();
|
|
DIHelper.TryAdd<TenantStatusFilter>();
|
|
DIHelper.TryAdd<ConfirmAuthHandler>();
|
|
DIHelper.TryAdd<BasicAuthHandler>();
|
|
DIHelper.TryAdd<CookieAuthHandler>();
|
|
DIHelper.TryAdd<WebhooksGlobalFilterAttribute>();
|
|
|
|
|
|
if (!string.IsNullOrEmpty(_corsOrigin))
|
|
{
|
|
services.AddCors(options =>
|
|
{
|
|
options.AddPolicy(name: CustomCorsPolicyName,
|
|
policy =>
|
|
{
|
|
policy.WithOrigins(_corsOrigin)
|
|
.SetIsOriginAllowedToAllowWildcardSubdomains()
|
|
.AllowAnyHeader()
|
|
.AllowAnyMethod()
|
|
.AllowCredentials();
|
|
});
|
|
});
|
|
}
|
|
|
|
services.AddDistributedCache(_configuration);
|
|
services.AddEventBus(_configuration);
|
|
services.AddDistributedTaskQueue();
|
|
services.AddCacheNotify(_configuration);
|
|
|
|
services.RegisterFeature();
|
|
|
|
DIHelper.TryAdd(typeof(IWebhookPublisher), typeof(WebhookPublisher));
|
|
|
|
if (LoadProducts)
|
|
{
|
|
DIHelper.RegisterProducts(_configuration, _hostEnvironment.ContentRootPath);
|
|
}
|
|
|
|
services.AddOptions();
|
|
|
|
services.AddMvcCore(config =>
|
|
{
|
|
config.Conventions.Add(new ControllerNameAttributeConvention());
|
|
|
|
config.Filters.Add(new TypeFilterAttribute(typeof(TenantStatusFilter)));
|
|
config.Filters.Add(new TypeFilterAttribute(typeof(PaymentFilter)));
|
|
config.Filters.Add(new TypeFilterAttribute(typeof(IpSecurityFilter)));
|
|
config.Filters.Add(new TypeFilterAttribute(typeof(ProductSecurityFilter)));
|
|
config.Filters.Add(new CustomResponseFilterAttribute());
|
|
config.Filters.Add<CustomExceptionFilterAttribute>();
|
|
config.Filters.Add(new TypeFilterAttribute(typeof(WebhooksGlobalFilterAttribute)));
|
|
});
|
|
|
|
services.AddAuthentication(options =>
|
|
{
|
|
options.DefaultScheme = MultiAuthSchemes;
|
|
options.DefaultChallengeScheme = MultiAuthSchemes;
|
|
}).AddScheme<AuthenticationSchemeOptions, CookieAuthHandler>(CookieAuthenticationDefaults.AuthenticationScheme, a => { })
|
|
.AddScheme<AuthenticationSchemeOptions, BasicAuthHandler>(BasicAuthScheme, a => { })
|
|
.AddScheme<AuthenticationSchemeOptions, ConfirmAuthHandler>("confirm", a => { })
|
|
.AddPolicyScheme(MultiAuthSchemes, JwtBearerDefaults.AuthenticationScheme, options =>
|
|
{
|
|
options.ForwardDefaultSelector = context =>
|
|
{
|
|
var authorizationHeader = context.Request.Headers[HeaderNames.Authorization].FirstOrDefault();
|
|
|
|
if (string.IsNullOrEmpty(authorizationHeader))
|
|
{
|
|
return CookieAuthenticationDefaults.AuthenticationScheme;
|
|
}
|
|
|
|
if (authorizationHeader.StartsWith("Basic "))
|
|
{
|
|
return BasicAuthScheme;
|
|
}
|
|
|
|
if (authorizationHeader.StartsWith("Bearer "))
|
|
{
|
|
var token = authorizationHeader.Substring("Bearer ".Length).Trim();
|
|
var jwtHandler = new JwtSecurityTokenHandler();
|
|
|
|
if (jwtHandler.CanReadToken(token))
|
|
{
|
|
return JwtBearerDefaults.AuthenticationScheme;
|
|
}
|
|
}
|
|
|
|
return CookieAuthenticationDefaults.AuthenticationScheme;
|
|
};
|
|
});
|
|
|
|
services.AddJwtBearerAuthentication();
|
|
|
|
services.AddAutoMapper(GetAutoMapperProfileAssemblies());
|
|
|
|
services.AddBillingHttpClient();
|
|
|
|
|
|
if (!_hostEnvironment.IsDevelopment())
|
|
{
|
|
services.AddStartupTask<WarmupServicesStartupTask>()
|
|
.TryAddSingleton(services);
|
|
}
|
|
}
|
|
|
|
public static IEnumerable<Assembly> GetAutoMapperProfileAssemblies()
|
|
{
|
|
return AppDomain.CurrentDomain.GetAssemblies().Where(x => x.GetName().Name.StartsWith("ASC."));
|
|
}
|
|
|
|
public virtual void Configure(IApplicationBuilder app, IWebHostEnvironment env)
|
|
{
|
|
app.UseForwardedHeaders();
|
|
|
|
app.UseRouting();
|
|
|
|
if (!string.IsNullOrEmpty(_corsOrigin))
|
|
{
|
|
app.UseCors(CustomCorsPolicyName);
|
|
}
|
|
|
|
if (AddAndUseSession)
|
|
{
|
|
app.UseSession();
|
|
}
|
|
|
|
app.UseSynchronizationContextMiddleware();
|
|
|
|
app.UseAuthentication();
|
|
|
|
app.UseRateLimiter();
|
|
|
|
app.UseAuthorization();
|
|
|
|
app.UseCultureMiddleware();
|
|
|
|
app.UseLoggerMiddleware();
|
|
|
|
app.UseEndpoints(async endpoints =>
|
|
{
|
|
await endpoints.MapCustomAsync(WebhooksEnabled, app.ApplicationServices);
|
|
|
|
endpoints.MapHealthChecks("/health", new HealthCheckOptions()
|
|
{
|
|
Predicate = _ => true,
|
|
ResponseWriter = UIResponseWriter.WriteHealthCheckUIResponse
|
|
});
|
|
|
|
endpoints.MapHealthChecks("/ready", new HealthCheckOptions
|
|
{
|
|
Predicate = r => r.Name.Contains("services")
|
|
});
|
|
|
|
endpoints.MapHealthChecks("/liveness", new HealthCheckOptions
|
|
{
|
|
Predicate = r => r.Name.Contains("self")
|
|
});
|
|
});
|
|
|
|
app.Map("/switch", appBuilder =>
|
|
{
|
|
appBuilder.Run(async context =>
|
|
{
|
|
CustomHealthCheck.Running = !CustomHealthCheck.Running;
|
|
await context.Response.WriteAsync($"{Environment.MachineName} running {CustomHealthCheck.Running}");
|
|
});
|
|
});
|
|
|
|
|
|
}
|
|
|
|
public void ConfigureContainer(ContainerBuilder builder)
|
|
{
|
|
builder.Register(_configuration, LoadProducts, LoadConsumers);
|
|
}
|
|
}
|
|
|