-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathProgram.cs
More file actions
101 lines (85 loc) · 4.56 KB
/
Program.cs
File metadata and controls
101 lines (85 loc) · 4.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
// command to run the application with HTTPS profile
// dotnet run --launch-profile https
// dotnet --info
// dotnet clean
// dotnet build -v:m
// dotnet run
// to kill process on port 5050
// lsof -i :5050
// kill -9 <PID>
using Microsoft.IdentityModel.Tokens;
using System.Text.Json.Serialization;
using DotnetAPI.Data;
using System.Text;
using Microsoft.AspNetCore.Authentication.JwtBearer;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddControllers(); // explanation: register controller services to the dependency injection container
// Add services to the container.
// Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
// builder.Services.AddOpenApi(); // explanation: use to add OpenAPI/Swagger services
builder.Services.AddEndpointsApiExplorer(); // explanation: use to explore API endpoints for Swagger
builder.Services.AddSwaggerGen(); // explanation: use to generate Swagger documentation
builder.Services.AddCors((options) => // explanation: configure CORS policies. CORS means Cross-Origin Resource Sharing. it is a security feature implemented by browsers to restrict web applications running on one origin (domain) from accessing resources on a different origin.
{
options.AddPolicy("DevCors", (corsBuilder) => // explanation: define a CORS policy named "DevCors" for development environment
{
corsBuilder.WithOrigins("http://localhost:4200", "http://localhost:3000", "http://localhost:8000") // explanation: specify the allowed origins (domains) that can access the API during development
.AllowAnyMethod() // explanation: allow any HTTP method (GET, POST, PUT, DELETE, etc.) from the specified origins
.AllowAnyHeader() // explanation: allow any HTTP headers from the specified origins
.AllowCredentials(); // explanation: allow cookies and authentication information to be sent with requests from the specified origins
});
options.AddPolicy("ProdCors", (corsBuilder) =>
{
corsBuilder.WithOrigins("https://myProductionSite.com")
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
});
});
builder.Services.AddScoped<IUserRepository, UserRepository>(); // explanation: register the UserRepository class as the implementation of the IUserRepository interface with a scoped lifetime
string? tokenKeyString = builder.Configuration.GetSection("AppSettings:TokenKey").Value; // explanation: retrieve the token key string from the application configuration settings
SymmetricSecurityKey tokenKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(
tokenKeyString ?? ""
)
);
TokenValidationParameters tokenValidationParameters = new TokenValidationParameters // explanation: configure token validation parameters for JWT authentication
{
ValidateIssuerSigningKey = false,
IssuerSigningKey = tokenKey,
ValidateIssuer = false,
ValidateAudience = false,
// ValidateLifetime = true,
// ClockSkew = TimeSpan.Zero
};
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) // explanation: add authentication services using JWT Bearer scheme
.AddJwtBearer(options => // explanation: configure JWT Bearer authentication options
{
options.TokenValidationParameters = tokenValidationParameters; // explanation: set the token validation parameters defined earlier
});
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseCors("DevCors"); // explanation: apply the "DevCors" CORS policy in the development environment
app.UseSwagger();
app.UseSwaggerUI();
// app.UseHttpsRedirection();
}
else
{
app.UseCors("ProdCors");
app.UseHttpsRedirection();
}
app.UseAuthentication(); // explanation: enable authentication middleware to process authentication for incoming requests
app.UseAuthorization(); // explanation: enable authorization middleware to enforce access control based on user roles and permissions
app.MapControllers(); // explanation: map controller routes to the request pipeline
// if (app.Environment.IsDevelopment())
// {
// app.MapGet("/", () => Results.Redirect("/swagger/index.html"));
// }
// app.MapGet("/weatherforecast", () =>
// {
// })
// .WithName("GetWeatherForecast");
app.Run(); // explanation: starts the web application and listens for incoming HTTP requests