Stable security

2026-06-05 05:58:05 +02:00
parent 097ecd6421
commit 31a640d672
8 changed files with 237 additions and 189 deletions
@@ -167,7 +167,7 @@
                            <path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2" />
                            <circle cx="12" cy="7" r="4" />
                        </svg>
-                        LogIn
+                        Account
                    </a>

                    <a href="/profile" class="btn btn-sm btn-dark rounded-circle d-inline-flex d-md-none align-items-center justify-content-center border-0 p-0 shadow-sm"
@@ -1,5 +1,10 @@
@page "/profile"
+@using Microsoft.AspNetCore.Components.Authorization
+@inject NavigationManager Navigation
+@rendermode InteractiveServer

+<AuthorizeView>
+    <Authorized>
        <div class="container py-5">
            <h2 class="fw-bold mb-5 tracking-tight">My Account</h2>
            <div class="row g-5">
@@ -9,7 +14,7 @@
                        <button class="nav-link text-start" data-bs-toggle="pill" data-bs-target="#shipping" role="tab">Shipping Address</button>
                        <button class="nav-link text-start" data-bs-toggle="pill" data-bs-target="#profile" role="tab">Profile Settings</button>
                        <hr />
-                <button class="nav-link text-danger text-start">Logout</button>
+                        <button class="nav-link text-danger text-start" @onclick="TriggerLogout">Logout</button>
                    </div>
                </div>

@@ -193,6 +198,12 @@
                </div>
            </div>
        </div>
+    </Authorized>
+    
+    <NotAuthorized>
+        <RedirectToLogin />
+    </NotAuthorized>
+</AuthorizeView>

@code {
    private bool showAddForm = false;
@@ -216,6 +227,8 @@
        new AddressItem { Id = 3, Name = "Midrand Books Warehouse", Street = "Unit 8, Corporate Park North", City = "Randjespark", PostalCode = "1683", IsBilling = false, IsShipping = true, IsPrimary = false }
    };

+    private void TriggerLogout() => Navigation.NavigateTo("/logout", forceLoad: true);
+
    private void DownloadInvoice(string orderId)
    {
        // Handle invoice downloading logic here
@@ -0,0 +1,10 @@
+@inject NavigationManager Navigation
+
+@code {
+    protected override void OnInitialized()
+    {
+        var returnUrl = Navigation.ToBaseRelativePath(Navigation.Uri);
+
+        Navigation.NavigateTo($"/login?redirectUri={Uri.EscapeDataString(returnUrl)}", forceLoad: true);
+    }
+}
@@ -1,7 +1,14 @@
-@using MidrandBookshop.Components.Pages
+@using Microsoft.AspNetCore.Components.Authorization
+@using MidrandBookshop.Components.Pages
+
+<CascadingAuthenticationState>
    <Router AppAssembly="@typeof(Program).Assembly">
        <Found Context="routeData">
-        <RouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)" />
+            <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
+                <NotAuthorized>                    
+                    <RedirectToLogin />
+                </NotAuthorized>
+            </AuthorizeRouteView>
            <FocusOnNavigate RouteData="@routeData" Selector="h1" />
        </Found>
        <NotFound>
@@ -10,3 +17,4 @@
            </LayoutView>
        </NotFound>
    </Router>
+</CascadingAuthenticationState>
@@ -18,13 +18,13 @@
  </ItemGroup>

  <ItemGroup>
-    <PackageReference Include="LiteCharms.Features" Version="1.80.0" />
+    <PackageReference Include="LiteCharms.Features" Version="1.82.0" />
  </ItemGroup>

  <!-- UI -->
  <ItemGroup>
    <PackageReference Include="ANM.Blazored.Toast" Version="0.1.1" />
-    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.80.0" />
+    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.82.0" />
    
    <!-- Global Usings -->
    <Using Include="Blazored.Toast.Services" />
@@ -1,9 +1,12 @@
 using LiteCharms.Features.Extensions;
 using LiteCharms.Features.Mediator;
 using LiteCharms.Features.MidrandBooks.Extensions;
+using Microsoft.AspNetCore.HttpOverrides;
 using MidrandBookshop.Components;
 using static LiteCharms.Features.Extensions.Quartz;

+AppContext.SetSwitch("Microsoft.IdentityModel.DisableTelemetry", true);
+
 var builder = WebApplication.CreateBuilder(args);

 builder.Services.AddRazorComponents()
@@ -31,9 +34,19 @@ builder.Services.AddMidrandShopDatabase(builder.Configuration);
 builder.Services.AddMidrandShopPostgresHealthCheck();
 builder.Services.AddMidrandShopQuartzHealthCheck();
 builder.Services.AddHealthChecksSupport(builder.Configuration);
+builder.Services.AddCascadingAuthenticationState();
+
+builder.Services.Configure<ForwardedHeadersOptions>(options =>
+{
+    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+    options.KnownProxies.Clear();
+});

 var app = builder.Build();

+app.UseForwardedHeaders();
+app.AddSecurityEndpoints();
+
 var schedulerFactory = app.Services.GetRequiredService<ISchedulerFactory>();
 var scheduler = await schedulerFactory.GetScheduler(MidrandShopSchedulerName);

@@ -1,6 +1,8 @@
 {
  "AuthentikSettings": {
-    "Authority": "https://id.khongisa.co.za/application/o/midrand-books-uat/"
+    "Authority": "https://id.khongisa.co.za/application/o/midrand-books-uat/",
+    "MetadataEndpoint": "https://id.khongisa.co.za/application/o/midrand-books-uat/.well-known/openid-configuration",
+    "RevokationEndpoint": "https://id.khongisa.co.za/application/o/revoke/"
  },
  "HasherSettings": {
    "MinHashLength": 11
@@ -27,6 +27,8 @@ data:
  ValidPayfastHosts__5: "api.payfast.co.za"
  ValidPayfastHosts__6: "payment.payfast.io"
  AuthentikSettings__Authority: "https://id.khongisa.co.za/application/o/midrand-books-api-uat/"
+  AuthentikSettings__MetadataEndpoint: "https://id.khongisa.co.za/application/o/midrand-books-uat/.well-known/openid-configuration"
+  AuthentikSettings__RevokationEndpoint: "https://id.khongisa.co.za/application/o/revoke/"
 ---
 apiVersion: v1
 kind: Secret