Merge pull request 'Refactored forced https redirection' (#15) from notifications into master

Reviewed-on: #15

ShopAdmin/Program.cs

@@ -1,6 +1,5 @@
 using LiteCharms.Features.Extensions;
 using LiteCharms.Features.Mediator;
-using Microsoft.AspNetCore.Authentication;
 using ShopAdmin.Components;
 using static LiteCharms.Features.Email.Extensions.Constants;
 
@@ -68,20 +67,24 @@ builder.Services.AddAuthentication(options =>
 
     options.Events = new OpenIdConnectEvents
     {
-        OnRedirectToIdentityProviderForSignOut = async callbackContext =>
+        OnRedirectToIdentityProvider = context =>
         {
-            var request = callbackContext.Request;
+            var fallbackUri = context.ProtocolMessage.RedirectUri;
-            string currentBaseUrl = $"{request.Scheme}://{request.Host}{request.PathBase}/";
 
-            callbackContext.ProtocolMessage.PostLogoutRedirectUri = currentBaseUrl;
+            if (fallbackUri.StartsWith("http://", StringComparison.OrdinalIgnoreCase))
+                context.ProtocolMessage.RedirectUri = fallbackUri.Replace("http://", "https://", StringComparison.OrdinalIgnoreCase);
 
-            var idToken = await callbackContext.HttpContext.GetTokenAsync("id_token");
+            return Task.CompletedTask;
-
-            if (!string.IsNullOrEmpty(idToken)) callbackContext.ProtocolMessage.IdTokenHint = idToken;
         }
     };
 });
 
+builder.Services.Configure<ForwardedHeadersOptions>(options =>
+{
+    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+    options.KnownProxies.Clear();
+});
+
 var app = builder.Build();
 
 var schedulerFactory = app.Services.GetRequiredService<ISchedulerFactory>();
@@ -90,6 +93,8 @@ var scheduler = await schedulerFactory.GetScheduler(ShopSchedulerName);
 if (!scheduler!.IsStarted)
     await scheduler.Start();
 
+app.UseForwardedHeaders();
+
 if (!app.Environment.IsDevelopment())
 {
     app.UseExceptionHandler("/Error", createScopeForErrors: true);
@@ -113,11 +118,12 @@ app.MapStaticAssets();
 
 app.MapGet("/auth/login", (string redirectUri = "/") =>
     Results.Challenge(new AuthenticationProperties { RedirectUri = redirectUri }, [OpenIdConnectDefaults.AuthenticationScheme]));
+
 app.MapGet("/auth/logout", async (HttpContext context) =>
 {
     await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
 
-    string currentBaseUrl = $"{context.Request.Scheme}://{context.Request.Host}{context.Request.PathBase}/";
+    string currentBaseUrl = $"https://{context.Request.Host}{context.Request.PathBase}/";
 
     await context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
     {

ShopAdmin/ShopAdmin.csproj

@@ -57,6 +57,8 @@
 
   <!-- Shared Global Usings -->
   <ItemGroup>
+    <Using Include="Microsoft.AspNetCore.HttpOverrides" />
+    <Using Include="Microsoft.AspNetCore.Authentication" />
     <Using Include="Blazored.Toast" />
     <Using Include="Quartz" />
     <Using Include="Mediator" />