Merge pull request 'Refactored fowarded header config in app' (#86) from cart into main

Reviewed-on: #86

MidrandBookshop/MidrandBookshop.csproj

@@ -18,13 +18,13 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="LiteCharms.Features" Version="1.130.0" />
+    <PackageReference Include="LiteCharms.Features" Version="1.135.0" />
   </ItemGroup>
 
   <!-- UI -->
   <ItemGroup>
     <PackageReference Include="ANM.Blazored.Toast" Version="0.1.1" />
-    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.130.0" />
+    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.135.0" />
     
     <!-- Global Usings -->
     <Using Include="Blazored.Toast.Services" />
@@ -62,6 +62,7 @@
     <Using Include="Microsoft.AspNetCore.Components.Web" />
     <Using Include="Microsoft.AspNetCore.WebUtilities" />
     <Using Include="Microsoft.AspNetCore.Components" />
+    <Using Include="System.Security.Cryptography.X509Certificates" />
   </ItemGroup>
 
 </Project>

MidrandBookshop/Program.cs

@@ -1,87 +1,51 @@
 using LiteCharms.Features.Extensions;
-using LiteCharms.Features.Mediator;
-using LiteCharms.Features.MidrandBooks.Extensions;
-using LiteCharms.Features.MidrandBooks.Payments;
 using LiteCharms.Features.Postgres;
+using MidrandBookshop;
 using MidrandBookshop.Components;
 using static LiteCharms.Features.Extensions.Quartz;
 
 var builder = WebApplication.CreateBuilder(args);
 
-builder.Services.AddAntiforgery();
-
-builder.Services.AddRazorComponents()
-    .AddInteractiveServerComponents();
-
 builder.AddMonitoring();
-builder.Services.AddEndpointsApiExplorer();
-
-builder.Services.AddScoped(typeof(IPipelineBehavior<,>), typeof(TelemetryPipelineBehavior<,>));
-builder.Services.AddScoped(typeof(IPipelineBehavior<,>), typeof(LoggingPipelineBehavior<,>));
-
-builder.Services.AddQuartzSchedulerClient(MidrandShopSchedulerName, builder.Configuration);
-
-builder.Services.AddMediator();
-builder.Services.AddEmailServices(builder.Configuration);
-builder.Services.AddEmailServiceBus();
-
-builder.Services.AddHttpClient();
-builder.Services.AddScoped<CartService>();
-builder.Services.AddShopServices(includeLocalStorage: true);
-builder.Services.AddHashServices(builder.Configuration);
-builder.Services.AddPayfastServices(builder.Configuration);
-
-builder.Services.AddSecurityApiSdk(builder.Configuration);
-builder.Services.AddLiteCharmsWebSecurity(builder.Configuration);
-
-builder.Services.AddDataProtectionDatabase(builder.Configuration);
-builder.Services.AddMidrandShopDatabase(builder.Configuration);
-
-builder.Services.AddMidrandShopPostgresHealthCheck();
-builder.Services.AddMidrandShopQuartzHealthCheck();
-builder.Services.AddHealthChecksSupport(builder.Configuration);
-
-builder.Services.Configure<ForwardedHeadersOptions>(options =>
-{
-    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
-    options.KnownProxies.Clear();
-});
+builder.Services.RegisterServices(builder.Configuration);
 
 var app = builder.Build();
 
-using var security = app.Services.CreateScope();
-{
-    var dataProtectionContext = security.ServiceProvider.GetRequiredService<DataProtectionDbContext>();
-
-    await dataProtectionContext.Database.MigrateAsync();
-}
-
-app.UseForwardedHeaders();
-app.AddSecurityEndpoints();
-
-var schedulerFactory = app.Services.GetRequiredService<ISchedulerFactory>();
-var scheduler = await schedulerFactory.GetScheduler(MidrandShopSchedulerName);
-
-if (!scheduler!.IsStarted)
-    await scheduler.Start();
-
 if (!app.Environment.IsDevelopment())
 {
     app.UseExceptionHandler("/Error", createScopeForErrors: true);
     app.UseHsts();
 }
 
+app.UseForwardedHeaders();
+app.UseHttpsRedirection();
+
+app.UseStatusCodePagesWithReExecute("/not-found", createScopeForStatusCodePages: true);
 app.UseHealthChecks("/health", new HealthCheckOptions
 {
     ResponseWriter = HealthChecks.UI.Client.UIResponseWriter.WriteHealthCheckUIResponse
 });
 
-app.UseStatusCodePagesWithReExecute("/not-found", createScopeForStatusCodePages: true);
-app.UseHttpsRedirection();
-
-app.UseAntiforgery();
-
 app.MapStaticAssets();
+app.UseCookiePolicy();
+
+app.UseAuthentication();
+app.UseAuthorization();
+app.UseAntiforgery();
+app.AddSecurityEndpoints();
+
+using (var security = app.Services.CreateScope())
+{
+    var dataProtectionContext = security.ServiceProvider.GetRequiredService<DataProtectionDbContext>();
+
+    await dataProtectionContext.Database.MigrateAsync();
+}
+
+var schedulerFactory = app.Services.GetRequiredService<ISchedulerFactory>();
+var scheduler = await schedulerFactory.GetScheduler(MidrandShopSchedulerName);
+
+if (!scheduler!.IsStarted) await scheduler.Start();
+
 app.MapRazorComponents<App>()
     .AddInteractiveServerRenderMode();
 

MidrandBookshop/Properties/launchSettings.json

@@ -14,7 +14,7 @@
         "commandName": "Project",
         "dotnetRunMessages": true,
         "launchBrowser": false,
-        "applicationUrl": "https://localhost:7021;http://localhost:5053",
+        "applicationUrl": "https://localhost:8440;http://localhost:8083",
         "environmentVariables": {
           "ASPNETCORE_ENVIRONMENT": "Development"
         }

MidrandBookshop/Setup.cs

@@ -0,0 +1,58 @@
+using LiteCharms.Features.Mediator;
+using LiteCharms.Features.MidrandBooks.Payments;
+using LiteCharms.Features.Extensions;
+using LiteCharms.Features.MidrandBooks.Extensions;
+using static LiteCharms.Features.Extensions.Quartz;
+
+namespace MidrandBookshop;
+
+public static class Setup
+{
+    public static IServiceCollection RegisterServices(this IServiceCollection services, IConfiguration configuration)
+    {
+        services.AddAntiforgery();
+
+        services.AddRazorComponents()
+            .AddInteractiveServerComponents();
+        
+        services.AddEndpointsApiExplorer();
+
+        services.AddScoped(typeof(IPipelineBehavior<,>), typeof(TelemetryPipelineBehavior<,>));
+        services.AddScoped(typeof(IPipelineBehavior<,>), typeof(LoggingPipelineBehavior<,>));
+
+        services.AddQuartzSchedulerClient(MidrandShopSchedulerName, configuration);
+
+        services.AddMediator();
+        services.AddEmailServices(configuration);
+        services.AddEmailServiceBus();
+
+        services.AddHttpClient();
+        services.AddScoped<CartService>();
+        services.AddShopServices(includeLocalStorage: true);
+        services.AddHashServices(configuration);
+        services.AddPayfastServices(configuration);
+
+        services.AddDataProtectionDatabase(configuration);
+        services.AddMidrandShopDatabase(configuration);
+
+        services.AddSecurityApiSdk(configuration);
+        services.AddLiteCharmsWebSecurity(configuration);
+
+        services.AddMidrandShopPostgresHealthCheck();
+        services.AddMidrandShopQuartzHealthCheck();
+        services.AddHealthChecksSupport(configuration);
+
+        services.Configure<ForwardedHeadersOptions>(options =>
+        {
+            options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+
+            options.KnownProxies.Clear();
+            options.KnownIPNetworks.Clear();
+
+            options.ForwardLimit = null;
+            options.RequireHeaderSymmetry = false;
+        });
+
+        return services;
+    }
+}

midrandbooks-uat.yml

@@ -10,8 +10,8 @@ metadata:
   name: midrandbooks-config
   namespace: midrandbooks-uat
 data:
-  ASPNETCORE_ENVIRONMENT: "Development"
-  ASPNETCORE_URLS: "http://0.0.0.0:8080"
+  ASPNETCORE_ENVIRONMENT: "Development"  
+  ASPNETCORE_URLS: "http://0.0.0.0:8443"
   Monitoring__Address: "http://aspire-dashboard-service.aspire.svc.cluster.local:18889"
   Monitoring__ServiceName: "MidrandBooks.Uat"
   HasherSettings__MinHashLength: "11"
@@ -27,7 +27,6 @@ data:
   PayfastSettings__ValidHosts__4: "payment.payfast.io"
   LiteCharmsSettings__Authority: "https://sts.security.khongisa.co.za"
   LiteCharmsSettings__Audience: "midrandbooks-api"
-  ASPNETCORE_FORWARDEDHEADERS_ENABLED: "true"
   LiteCharmsClientSettings__Authority: "https://sts.security.khongisa.co.za"
   LiteCharmsClientSettings__GrantType: "client_credentials"
   LiteCharmsClientSettings__Scope: "midrandbooks-api"
@@ -74,7 +73,7 @@ metadata:
   name: midrandbooks
   namespace: midrandbooks-uat
 spec:
-  replicas: 2
+  replicas: 1
   selector:
     matchLabels:
       app: midrandbooks
@@ -102,7 +101,7 @@ spec:
               memory: "256Mi"
               cpu: "100m"
           ports:
-            - containerPort: 8080
+            - containerPort: 8443
           envFrom:
             - configMapRef:
                 name: midrandbooks-config
@@ -194,13 +193,15 @@ spec:
           livenessProbe:
             httpGet:
               path: /health
-              port: 8080
+              port: 8443
+              scheme: HTTP
             initialDelaySeconds: 5
             periodSeconds: 10
           readinessProbe:
             httpGet:
               path: /health
-              port: 8080
+              port: 8443
+              scheme: HTTP
             initialDelaySeconds: 3
             periodSeconds: 5
       volumes:
@@ -214,14 +215,20 @@ metadata:
   name: midrandbooks-service
   namespace: midrandbooks-uat
 spec:
-  type: ClusterIP
+  ports:
+    - name: https
+      port: 443
+      targetPort: 8443
   selector:
     app: midrandbooks
-  ports:
-    - name: http
-      protocol: TCP
-      port: 80
-      targetPort: 8080
+---
+apiVersion: traefik.io/v1alpha1
+kind: ServersTransport
+metadata:
+  name: midrandbooks-bypass-backend-validation
+  namespace: midrandbooks-uat
+spec:
+  insecureSkipVerify: true
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
@@ -236,10 +243,7 @@ spec:
       kind: Rule
       services:
         - name: midrandbooks-service
-          port: 80
-          sticky:
-            cookie:
-              name: "lp-sticky-session"
-              httpOnly: true
-              secure: true
-  tls: {}
+          port: 443
+          scheme: http
+          serversTransport: midrandbooks-bypass-backend-validation
+  tls: {}