Merge pull request 'Updated handling of fowarded header and fixed base64 encoding of certificate' (#81) from cart into main

Reviewed-on: #81

MidrandBookshop/MidrandBookshop.csproj

@@ -18,13 +18,13 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="LiteCharms.Features" Version="1.130.0" />
+    <PackageReference Include="LiteCharms.Features" Version="1.133.0" />
   </ItemGroup>
 
   <!-- UI -->
   <ItemGroup>
     <PackageReference Include="ANM.Blazored.Toast" Version="0.1.1" />
-    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.130.0" />
+    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.133.0" />
     
     <!-- Global Usings -->
     <Using Include="Blazored.Toast.Services" />

MidrandBookshop/Program.cs

@@ -4,6 +4,7 @@ using LiteCharms.Features.MidrandBooks.Extensions;
 using LiteCharms.Features.MidrandBooks.Payments;
 using LiteCharms.Features.Postgres;
 using MidrandBookshop.Components;
+using System.Security.Cryptography.X509Certificates;
 using static LiteCharms.Features.Extensions.Quartz;
 
 var builder = WebApplication.CreateBuilder(args);
@@ -47,9 +48,29 @@ builder.Services.Configure<ForwardedHeadersOptions>(options =>
     options.KnownProxies.Clear();
 });
 
+builder.WebHost.ConfigureKestrel(options =>
+{
+    var certBase64 = builder.Configuration["DataProtection:Certificate"];
+    var certPassword = builder.Configuration["DataProtection:Password"];
+
+    if (!string.IsNullOrWhiteSpace(certBase64))
+    {
+        var rawBytes = Convert.FromBase64String(certBase64);
+        var kestrelCert = X509CertificateLoader.LoadPkcs12(rawBytes, certPassword);
+
+        options.ListenAnyIP(8443, listenOptions =>
+        {
+            listenOptions.UseHttps(kestrelCert);
+        });
+    }
+    else
+        options.ListenAnyIP(8080);
+});
+
 var app = builder.Build();
 
 app.UseForwardedHeaders();
+app.UseCookiePolicy();
 
 using var security = app.Services.CreateScope();
 {

MidrandBookshop/Properties/launchSettings.json

@@ -14,7 +14,7 @@
         "commandName": "Project",
         "dotnetRunMessages": true,
         "launchBrowser": false,
-        "applicationUrl": "https://localhost:7021;http://localhost:5053",
+        "applicationUrl": "https://localhost:8440;http://localhost:8083",
         "environmentVariables": {
           "ASPNETCORE_ENVIRONMENT": "Development"
         }

midrandbooks-uat.yml

@@ -10,8 +10,8 @@ metadata:
   name: midrandbooks-config
   namespace: midrandbooks-uat
 data:
-  ASPNETCORE_ENVIRONMENT: "Development"
+  ASPNETCORE_ENVIRONMENT: "Development"  
-  ASPNETCORE_URLS: "http://0.0.0.0:8080"
+  ASPNETCORE_URLS: "https://0.0.0.0:8443"
   Monitoring__Address: "http://aspire-dashboard-service.aspire.svc.cluster.local:18889"
   Monitoring__ServiceName: "MidrandBooks.Uat"
   HasherSettings__MinHashLength: "11"
@@ -27,7 +27,6 @@ data:
   PayfastSettings__ValidHosts__4: "payment.payfast.io"
   LiteCharmsSettings__Authority: "https://sts.security.khongisa.co.za"
   LiteCharmsSettings__Audience: "midrandbooks-api"
-  ASPNETCORE_FORWARDEDHEADERS_ENABLED: "true"
   LiteCharmsClientSettings__Authority: "https://sts.security.khongisa.co.za"
   LiteCharmsClientSettings__GrantType: "client_credentials"
   LiteCharmsClientSettings__Scope: "midrandbooks-api"
@@ -74,7 +73,7 @@ metadata:
   name: midrandbooks
   namespace: midrandbooks-uat
 spec:
-  replicas: 2
+  replicas: 1
   selector:
     matchLabels:
       app: midrandbooks
@@ -102,7 +101,7 @@ spec:
               memory: "256Mi"
               cpu: "100m"
           ports:
-            - containerPort: 8080
+            - containerPort: 8443
           envFrom:
             - configMapRef:
                 name: midrandbooks-config
@@ -194,13 +193,15 @@ spec:
           livenessProbe:
             httpGet:
               path: /health
-              port: 8080
+              port: 8443
+              scheme: HTTPS
             initialDelaySeconds: 5
             periodSeconds: 10
           readinessProbe:
             httpGet:
               path: /health
-              port: 8080
+              port: 8443
+              scheme: HTTPS
             initialDelaySeconds: 3
             periodSeconds: 5
       volumes:
@@ -214,14 +215,20 @@ metadata:
   name: midrandbooks-service
   namespace: midrandbooks-uat
 spec:
-  type: ClusterIP
+  ports:
+    - name: https
+      port: 443
+      targetPort: 8443
   selector:
     app: midrandbooks
-  ports:
+---
-    - name: http
+apiVersion: traefik.io/v1alpha1
-      protocol: TCP
+kind: ServersTransport
-      port: 80
+metadata:
-      targetPort: 8080
+  name: midrandbooks-bypass-backend-validation
+  namespace: midrandbooks-uat
+spec:
+  insecureSkipVerify: true
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
@@ -236,10 +243,12 @@ spec:
       kind: Rule
       services:
         - name: midrandbooks-service
-          port: 80
+          port: 443
+          scheme: https
+          serversTransport: midrandbooks-bypass-backend-validation
           sticky:
             cookie:
               name: "lp-sticky-session"
               httpOnly: true
               secure: true
-  tls: {}
+  tls: {}