Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-19 02:21:21 +01:00
Code Issues Projects Releases Wiki Activity
13370e011f
bitwarden-server/src/Api/Startup.cs

215 lines
7.9 KiB
C#
Raw Normal View History

centralize AddIdentityAuthenticationServices
2018-08-15 15:26:19 +02:00
using Microsoft.AspNetCore.Builder;
Upgrade to ASP.NET Core RC2 release.
2016-05-20 01:10:24 +02:00
using Microsoft.AspNetCore.Hosting;
initial commit of source
2015-12-09 04:57:38 +01:00
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Bit.Api.Utilities;
using Bit.Core;
using Bit.Core.Identity;
DefaultContractResolver for pascal cased JSON. RTM moved to camelCase
2016-07-14 01:24:26 +02:00
using Newtonsoft.Json.Serialization;
rate limiting APIs
2016-11-13 00:43:32 +01:00
using AspNetCoreRateLimit;
stripe subscription creation
2017-04-04 16:13:16 +02:00
using Stripe;
centralize a lot of service registration
2017-05-06 02:57:33 +02:00
using Bit.Core.Utilities;
remove deprecated jwt bearer authentication method
2017-06-07 05:19:42 +02:00
using IdentityModel;
set en-US as default current culture
2019-07-11 21:03:17 +02:00
using System.Globalization;
show pii on api
2019-07-26 03:17:58 +02:00
using Microsoft.IdentityModel.Logging;
upgrade to aspnet core 3.1
2020-01-10 14:33:13 +01:00
using Microsoft.Extensions.Hosting;
upgrade swagger
2020-01-10 15:36:12 +01:00
using Microsoft.OpenApi.Models;
using System.Collections.Generic;
initial commit of source
2015-12-09 04:57:38 +01:00
namespace Bit.Api
{
public class Startup
{
upgrade to aspnet core 3.1
2020-01-10 14:33:13 +01:00
public Startup(IWebHostEnvironment env, IConfiguration configuration)
initial commit of source
2015-12-09 04:57:38 +01:00
{
set en-US as default current culture
2019-07-11 21:03:17 +02:00
CultureInfo.DefaultThreadCurrentCulture = new CultureInfo("en-US");
simplify secrets in startup via csproj tools
2017-10-19 06:08:09 +02:00
Configuration = configuration;
only load idserv cert in prod environment
2017-01-13 03:07:25 +01:00
Environment = env;
initial commit of source
2015-12-09 04:57:38 +01:00
}
simplify secrets in startup via csproj tools
2017-10-19 06:08:09 +02:00
public IConfiguration Configuration { get; private set; }
upgrade to aspnet core 3.1
2020-01-10 14:33:13 +01:00
public IWebHostEnvironment Environment { get; set; }
initial commit of source
2015-12-09 04:57:38 +01:00
public void ConfigureServices(IServiceCollection services)
{
Upgrade to ASP.NET Core RC2 release.
2016-05-20 01:10:24 +02:00
var provider = services.BuildServiceProvider();
initial commit of source
2015-12-09 04:57:38 +01:00
// Options
services.AddOptions();
// Settings
centralize a lot of service registration
2017-05-06 02:57:33 +02:00
var globalSettings = services.AddGlobalSettingsServices(Configuration);
only use rate limiting on non-self host
2017-08-15 22:33:38 +02:00
if(!globalSettings.SelfHosted)
{
services.Configure<IpRateLimitOptions>(Configuration.GetSection("IpRateLimitOptions"));
services.Configure<IpRateLimitPolicies>(Configuration.GetSection("IpRateLimitPolicies"));
}
initial commit of source
2015-12-09 04:57:38 +01:00
manage data protection keys with azure and enc
2017-03-24 03:02:55 +01:00
// Data Protection
centralize a lot of service registration
2017-05-06 02:57:33 +02:00
services.AddCustomDataProtectionServices(Environment, globalSettings);
manage data protection keys with azure and enc
2017-03-24 03:02:55 +01:00
stripe subscription creation
2017-04-04 16:13:16 +02:00
// Stripe Billing
update stripe SDK
2019-08-08 23:36:41 +02:00
StripeConfiguration.ApiKey = globalSettings.StripeApiKey;
stripe subscription creation
2017-04-04 16:13:16 +02:00
initial commit of source
2015-12-09 04:57:38 +01:00
// Repositories
organize event models. stub out event services
2017-12-01 15:22:04 +01:00
services.AddSqlServerRepositories(globalSettings);
initial commit of source
2015-12-09 04:57:38 +01:00
// Context
services.AddScoped<CurrentContext>();
rate limiting APIs
2016-11-13 00:43:32 +01:00
// Caching
services.AddMemoryCache();
fix bitpay initalization
2019-03-20 04:32:54 +01:00
// BitPay
services.AddSingleton<BitPayClient>();
only use rate limiting on non-self host
2017-08-15 22:33:38 +02:00
if(!globalSettings.SelfHosted)
{
// Rate limiting
services.AddSingleton<IIpPolicyStore, MemoryCacheIpPolicyStore>();
services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
}
rate limiting APIs
2016-11-13 00:43:32 +01:00
initial commit of source
2015-12-09 04:57:38 +01:00
// Identity
centralize a lot of service registration
2017-05-06 02:57:33 +02:00
services.AddCustomIdentityServices(globalSettings);
centralize AddIdentityAuthenticationServices
2018-08-15 15:26:19 +02:00
services.AddIdentityAuthenticationServices(globalSettings, Environment, config =>
initial commit of source
2015-12-09 04:57:38 +01:00
{
WIP: Added IdentityServer4 to API via Bearer2 auth scheme
2017-01-11 06:34:16 +01:00
config.AddPolicy("Application", policy =>
{
policy.RequireAuthenticatedUser();
remove deprecated jwt bearer authentication method
2017-06-07 05:19:42 +02:00
policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application");
web policy for two factor apis
2017-06-26 15:09:30 +02:00
policy.RequireClaim(JwtClaimTypes.Scope, "api");
});
config.AddPolicy("Web", policy =>
{
policy.RequireAuthenticatedUser();
policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application");
policy.RequireClaim(JwtClaimTypes.Scope, "api");
policy.RequireClaim(JwtClaimTypes.ClientId, "web");
WIP: Added IdentityServer4 to API via Bearer2 auth scheme
2017-01-11 06:34:16 +01:00
});
added installations, push scoped tokens, push api
2017-08-10 20:39:11 +02:00
config.AddPolicy("Push", policy =>
{
policy.RequireAuthenticatedUser();
policy.RequireClaim(JwtClaimTypes.Scope, "api.push");
});
added licensing apis, refactored some services
2017-08-30 17:23:55 +02:00
config.AddPolicy("Licensing", policy =>
{
policy.RequireAuthenticatedUser();
policy.RequireClaim(JwtClaimTypes.Scope, "api.licensing");
});
org API clients
2019-02-26 23:01:33 +01:00
config.AddPolicy("Organization", policy =>
{
policy.RequireAuthenticatedUser();
policy.RequireClaim(JwtClaimTypes.Scope, "api.organization");
});
initial commit of source
2015-12-09 04:57:38 +01:00
});
services.AddScoped<AuthenticatorTokenProvider>();
// Services
move repos and services reg out to core extensions
2017-04-26 22:13:24 +02:00
services.AddBaseServices();
docker setup
2017-08-07 22:31:00 +02:00
services.AddDefaultServices(globalSettings);
initial commit of source
2015-12-09 04:57:38 +01:00
// MVC
comments and some name changes
2015-12-31 00:49:43 +01:00
services.AddMvc(config =>
initial commit of source
2015-12-09 04:57:38 +01:00
{
swagger specs for public api
2019-02-28 20:20:14 +01:00
config.Conventions.Add(new ApiExplorerGroupConvention());
camelcase swagger/public apis
2019-03-01 02:50:40 +01:00
config.Conventions.Add(new PublicApiControllersModelConvention());
upgrade to aspnet core 3.1
2020-01-10 14:33:13 +01:00
}).AddNewtonsoftJson(options =>
camelcase swagger/public apis
2019-03-01 02:50:40 +01:00
{
serializer and swagger adjustments for dev
2019-03-01 23:37:11 +01:00
if(Environment.IsProduction() && Configuration["swaggerGen"] != "true")
camelcase swagger/public apis
2019-03-01 02:50:40 +01:00
{
options.SerializerSettings.ContractResolver = new DefaultContractResolver();
}
});
invoice pdf generation api
2017-10-25 06:45:11 +02:00
upgrade swagger
2020-01-10 15:36:12 +01:00
services.AddSwagger(globalSettings);
swagger specs for public api
2019-02-28 20:20:14 +01:00
Move jobs to api hosted service w/ quartz
2018-08-09 22:08:09 +02:00
if(globalSettings.SelfHosted)
{
// Jobs service
Jobs.JobsHostedService.AddJobsServices(services);
services.AddHostedService<Jobs.JobsHostedService>();
}
keep application cache in sync with service bus
2019-06-13 06:10:37 +02:00
if(CoreHelpers.SettingHasValue(globalSettings.ServiceBus.ConnectionString) &&
CoreHelpers.SettingHasValue(globalSettings.ServiceBus.ApplicationCacheTopicName))
{
services.AddHostedService<Core.HostedServices.ApplicationCacheHostedService>();
}
initial commit of source
2015-12-09 04:57:38 +01:00
}
Added loggr logging for production environment.
2016-02-07 05:45:33 +01:00
public void Configure(
IApplicationBuilder app,
upgrade to aspnet core 3.1
2020-01-10 14:33:13 +01:00
IWebHostEnvironment env,
IHostApplicationLifetime appLifetime,
log startup
2019-11-27 20:42:24 +01:00
GlobalSettings globalSettings,
ILogger<Startup> logger)
initial commit of source
2015-12-09 04:57:38 +01:00
{
show pii on api
2019-07-26 03:17:58 +02:00
IdentityModelEventSource.ShowPII = true;
update to net core 2.2
2019-07-23 22:38:49 +02:00
app.UseSerilog(env, appLifetime, globalSettings);
replace loggr with serilog
2017-01-15 05:24:02 +01:00
version info in response headers
2017-08-25 14:57:43 +02:00
// Default Middleware
add new properties to LogContext
2019-09-03 20:44:22 +02:00
app.UseDefaultMiddleware(env, globalSettings);
UseForwardedHeadersForAzure
2017-07-21 18:53:26 +02:00
only use rate limiting on non-self host
2017-08-15 22:33:38 +02:00
if(!globalSettings.SelfHosted)
{
// Rate limiting
app.UseMiddleware<CustomIpRateLimitMiddleware>();
}
XForwardedFor on self host
2018-05-22 03:24:35 +02:00
else
{
UseForwardedHeaders with known proxies
2019-04-26 15:52:54 +02:00
app.UseForwardedHeaders(globalSettings);
XForwardedFor on self host
2018-05-22 03:24:35 +02:00
}
rate limiting APIs
2016-11-13 00:43:32 +01:00
initial commit of source
2015-12-09 04:57:38 +01:00
// Add static files to the request pipeline.
app.UseStaticFiles();
upgrade to aspnet core 3.1
2020-01-10 14:33:13 +01:00
// Add routing
app.UseRouting();
initial commit of source
2015-12-09 04:57:38 +01:00
// Add Cors
all host origins allowed
2019-08-22 21:05:00 +02:00
app.UseCors(policy => policy.SetIsOriginAllowed(h => true)
.AllowAnyMethod().AllowAnyHeader().AllowCredentials());
initial commit of source
2015-12-09 04:57:38 +01:00
upgrade to aspnet core 3.1
2020-01-10 14:33:13 +01:00
// Add authentication and authorization to the request pipeline.
remove cookie auth from useidentity
2017-10-06 20:02:28 +02:00
app.UseAuthentication();
upgrade to aspnet core 3.1
2020-01-10 14:33:13 +01:00
app.UseAuthorization();
remove cookie auth from useidentity
2017-10-06 20:02:28 +02:00
context middleware comes after auth
2017-10-09 22:21:49 +02:00
// Add current context
app.UseMiddleware<CurrentContextMiddleware>();
upgrade to aspnet core 3.1
2020-01-10 14:33:13 +01:00
// Add endpoints to the request pipeline.
app.UseEndpoints(endpoints => endpoints.MapDefaultControllerRoute());
fix spec link
2019-03-08 21:48:34 +01:00
set swagger host
2019-03-08 22:21:37 +01:00
// Add Swagger
upgrade swagger
2020-01-10 15:36:12 +01:00
if(Environment.IsDevelopment() || globalSettings.SelfHosted)
{
app.UseSwagger(config =>
{
config.RouteTemplate = "specs/{documentName}/swagger.json";
var host = globalSettings.BaseServiceUri.Api.Replace("https://", string.Empty)
.Replace("http://", string.Empty);
config.PreSerializeFilters.Add((swaggerDoc, httpReq) =>
swaggerDoc.Servers = new List<OpenApiServer>
{
new OpenApiServer { Url = $"{httpReq.Scheme}://{host}" }
});
});
app.UseSwaggerUI(config =>
{
config.DocumentTitle = "Bitwarden API Documentation";
config.RoutePrefix = "docs";
config.SwaggerEndpoint($"{globalSettings.BaseServiceUri.Api}/specs/public/swagger.json",
"Bitwarden Public API");
config.OAuthClientId("accountType.id");
config.OAuthClientSecret("secretKey");
});
}
log startup
2019-11-27 20:42:24 +01:00
// Log startup
logger.LogInformation(Constants.BypassFiltersEventId, globalSettings.ProjectName + " started.");
config updates for identity startup
2017-04-19 22:01:34 +02:00
}
initial commit of source
2015-12-09 04:57:38 +01:00
}
}
Reference in New Issue Copy Permalink