2018-08-15 15:26:19 +02:00
|
|
|
|
using Microsoft.AspNetCore.Builder;
|
2016-05-20 01:10:24 +02:00
|
|
|
|
using Microsoft.AspNetCore.Hosting;
|
2015-12-09 04:57:38 +01:00
|
|
|
|
using Microsoft.Extensions.Configuration;
|
|
|
|
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
|
|
|
|
using Microsoft.Extensions.Logging;
|
2016-05-20 01:10:24 +02:00
|
|
|
|
using Microsoft.IdentityModel.Tokens;
|
2015-12-09 04:57:38 +01:00
|
|
|
|
using Bit.Api.Utilities;
|
|
|
|
|
|
using Bit.Core;
|
|
|
|
|
|
using Bit.Core.Identity;
|
2016-07-14 01:24:26 +02:00
|
|
|
|
using Newtonsoft.Json.Serialization;
|
2016-11-13 00:43:32 +01:00
|
|
|
|
using AspNetCoreRateLimit;
|
2017-01-15 05:24:02 +01:00
|
|
|
|
using Serilog.Events;
|
2017-04-04 16:13:16 +02:00
|
|
|
|
using Stripe;
|
2017-05-06 02:57:33 +02:00
|
|
|
|
using Bit.Core.Utilities;
|
2017-06-07 05:19:42 +02:00
|
|
|
|
using IdentityModel;
|
2018-05-22 03:24:35 +02:00
|
|
|
|
using Microsoft.AspNetCore.HttpOverrides;
|
2015-12-09 04:57:38 +01:00
|
|
|
|
|
|
|
|
|
|
namespace Bit.Api
|
|
|
|
|
|
{
|
|
|
|
|
|
public class Startup
|
|
|
|
|
|
{
|
2017-10-19 06:08:09 +02:00
|
|
|
|
public Startup(IHostingEnvironment env, IConfiguration configuration)
|
2015-12-09 04:57:38 +01:00
|
|
|
|
{
|
2017-10-19 06:08:09 +02:00
|
|
|
|
Configuration = configuration;
|
2017-01-13 03:07:25 +01:00
|
|
|
|
Environment = env;
|
2015-12-09 04:57:38 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-10-19 06:08:09 +02:00
|
|
|
|
public IConfiguration Configuration { get; private set; }
|
2017-01-13 03:07:25 +01:00
|
|
|
|
public IHostingEnvironment Environment { get; set; }
|
2015-12-09 04:57:38 +01:00
|
|
|
|
|
|
|
|
|
|
public void ConfigureServices(IServiceCollection services)
|
|
|
|
|
|
{
|
2016-05-20 01:10:24 +02:00
|
|
|
|
var provider = services.BuildServiceProvider();
|
2015-12-09 04:57:38 +01:00
|
|
|
|
|
|
|
|
|
|
// Options
|
|
|
|
|
|
services.AddOptions();
|
|
|
|
|
|
|
|
|
|
|
|
// Settings
|
2017-05-06 02:57:33 +02:00
|
|
|
|
var globalSettings = services.AddGlobalSettingsServices(Configuration);
|
2017-08-15 22:33:38 +02:00
|
|
|
|
if(!globalSettings.SelfHosted)
|
|
|
|
|
|
{
|
|
|
|
|
|
services.Configure<IpRateLimitOptions>(Configuration.GetSection("IpRateLimitOptions"));
|
|
|
|
|
|
services.Configure<IpRateLimitPolicies>(Configuration.GetSection("IpRateLimitPolicies"));
|
|
|
|
|
|
}
|
2015-12-09 04:57:38 +01:00
|
|
|
|
|
2017-03-24 03:02:55 +01:00
|
|
|
|
// Data Protection
|
2017-05-06 02:57:33 +02:00
|
|
|
|
services.AddCustomDataProtectionServices(Environment, globalSettings);
|
2017-03-24 03:02:55 +01:00
|
|
|
|
|
2017-04-04 16:13:16 +02:00
|
|
|
|
// Stripe Billing
|
|
|
|
|
|
StripeConfiguration.SetApiKey(globalSettings.StripeApiKey);
|
|
|
|
|
|
|
2015-12-09 04:57:38 +01:00
|
|
|
|
// Repositories
|
2017-12-01 15:22:04 +01:00
|
|
|
|
services.AddSqlServerRepositories(globalSettings);
|
2015-12-09 04:57:38 +01:00
|
|
|
|
|
|
|
|
|
|
// Context
|
|
|
|
|
|
services.AddScoped<CurrentContext>();
|
|
|
|
|
|
|
2016-11-13 00:43:32 +01:00
|
|
|
|
// Caching
|
|
|
|
|
|
services.AddMemoryCache();
|
|
|
|
|
|
|
2017-08-15 22:33:38 +02:00
|
|
|
|
if(!globalSettings.SelfHosted)
|
|
|
|
|
|
{
|
|
|
|
|
|
// Rate limiting
|
|
|
|
|
|
services.AddSingleton<IIpPolicyStore, MemoryCacheIpPolicyStore>();
|
|
|
|
|
|
services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
|
2019-02-22 04:43:37 +01:00
|
|
|
|
// BitPay
|
|
|
|
|
|
services.AddSingleton<BitPayClient>();
|
2017-08-15 22:33:38 +02:00
|
|
|
|
}
|
2016-11-13 00:43:32 +01:00
|
|
|
|
|
2015-12-09 04:57:38 +01:00
|
|
|
|
// Identity
|
2017-05-06 02:57:33 +02:00
|
|
|
|
services.AddCustomIdentityServices(globalSettings);
|
2018-08-15 15:26:19 +02:00
|
|
|
|
services.AddIdentityAuthenticationServices(globalSettings, Environment, config =>
|
2015-12-09 04:57:38 +01:00
|
|
|
|
{
|
2017-01-11 06:34:16 +01:00
|
|
|
|
config.AddPolicy("Application", policy =>
|
|
|
|
|
|
{
|
|
|
|
|
|
policy.RequireAuthenticatedUser();
|
2017-06-07 05:19:42 +02:00
|
|
|
|
policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application");
|
2017-06-26 15:09:30 +02:00
|
|
|
|
policy.RequireClaim(JwtClaimTypes.Scope, "api");
|
|
|
|
|
|
});
|
|
|
|
|
|
config.AddPolicy("Web", policy =>
|
|
|
|
|
|
{
|
|
|
|
|
|
policy.RequireAuthenticatedUser();
|
|
|
|
|
|
policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application");
|
|
|
|
|
|
policy.RequireClaim(JwtClaimTypes.Scope, "api");
|
|
|
|
|
|
policy.RequireClaim(JwtClaimTypes.ClientId, "web");
|
2017-01-11 06:34:16 +01:00
|
|
|
|
});
|
2017-08-10 20:39:11 +02:00
|
|
|
|
config.AddPolicy("Push", policy =>
|
|
|
|
|
|
{
|
|
|
|
|
|
policy.RequireAuthenticatedUser();
|
|
|
|
|
|
policy.RequireClaim(JwtClaimTypes.Scope, "api.push");
|
|
|
|
|
|
});
|
2017-08-30 17:23:55 +02:00
|
|
|
|
config.AddPolicy("Licensing", policy =>
|
|
|
|
|
|
{
|
|
|
|
|
|
policy.RequireAuthenticatedUser();
|
|
|
|
|
|
policy.RequireClaim(JwtClaimTypes.Scope, "api.licensing");
|
|
|
|
|
|
});
|
2019-02-26 23:01:33 +01:00
|
|
|
|
config.AddPolicy("Organization", policy =>
|
|
|
|
|
|
{
|
|
|
|
|
|
policy.RequireAuthenticatedUser();
|
|
|
|
|
|
policy.RequireClaim(JwtClaimTypes.Scope, "api.organization");
|
|
|
|
|
|
});
|
2015-12-09 04:57:38 +01:00
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
services.AddScoped<AuthenticatorTokenProvider>();
|
|
|
|
|
|
|
|
|
|
|
|
// Services
|
2017-04-26 22:13:24 +02:00
|
|
|
|
services.AddBaseServices();
|
2017-08-07 22:31:00 +02:00
|
|
|
|
services.AddDefaultServices(globalSettings);
|
2015-12-09 04:57:38 +01:00
|
|
|
|
|
|
|
|
|
|
// MVC
|
2015-12-31 00:49:43 +01:00
|
|
|
|
services.AddMvc(config =>
|
2015-12-09 04:57:38 +01:00
|
|
|
|
{
|
2019-02-28 20:20:14 +01:00
|
|
|
|
config.Conventions.Add(new ApiExplorerGroupConvention());
|
2019-03-01 02:50:40 +01:00
|
|
|
|
config.Conventions.Add(new PublicApiControllersModelConvention());
|
|
|
|
|
|
}).AddJsonOptions(options =>
|
|
|
|
|
|
{
|
2019-03-01 23:37:11 +01:00
|
|
|
|
if(Environment.IsProduction() && Configuration["swaggerGen"] != "true")
|
2019-03-01 02:50:40 +01:00
|
|
|
|
{
|
|
|
|
|
|
options.SerializerSettings.ContractResolver = new DefaultContractResolver();
|
|
|
|
|
|
}
|
|
|
|
|
|
});
|
2017-10-25 06:45:11 +02:00
|
|
|
|
|
2019-02-28 20:20:14 +01:00
|
|
|
|
services.AddSwagger(globalSettings);
|
|
|
|
|
|
|
2018-08-09 22:08:09 +02:00
|
|
|
|
if(globalSettings.SelfHosted)
|
|
|
|
|
|
{
|
|
|
|
|
|
// Jobs service
|
|
|
|
|
|
Jobs.JobsHostedService.AddJobsServices(services);
|
|
|
|
|
|
services.AddHostedService<Jobs.JobsHostedService>();
|
|
|
|
|
|
}
|
2015-12-09 04:57:38 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2016-02-07 05:45:33 +01:00
|
|
|
|
public void Configure(
|
|
|
|
|
|
IApplicationBuilder app,
|
|
|
|
|
|
IHostingEnvironment env,
|
|
|
|
|
|
ILoggerFactory loggerFactory,
|
2017-01-15 05:24:02 +01:00
|
|
|
|
IApplicationLifetime appLifetime,
|
2016-02-07 05:45:33 +01:00
|
|
|
|
GlobalSettings globalSettings)
|
2015-12-09 04:57:38 +01:00
|
|
|
|
{
|
2018-03-23 18:33:31 +01:00
|
|
|
|
loggerFactory.AddSerilog(app, env, appLifetime, globalSettings, (e) =>
|
2017-10-23 15:11:25 +02:00
|
|
|
|
{
|
|
|
|
|
|
var context = e.Properties["SourceContext"].ToString();
|
|
|
|
|
|
if(e.Exception != null && (e.Exception.GetType() == typeof(SecurityTokenValidationException) ||
|
|
|
|
|
|
e.Exception.Message == "Bad security stamp."))
|
2017-01-15 05:24:02 +01:00
|
|
|
|
{
|
2017-10-23 15:11:25 +02:00
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2018-08-15 16:54:15 +02:00
|
|
|
|
if(e.Level == LogEventLevel.Information && context.Contains(typeof(IpRateLimitMiddleware).FullName))
|
2017-10-23 15:11:25 +02:00
|
|
|
|
{
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-10-27 15:24:09 +02:00
|
|
|
|
if(context.Contains("IdentityServer4.Validation.TokenValidator") ||
|
|
|
|
|
|
context.Contains("IdentityServer4.Validation.TokenRequestValidator"))
|
|
|
|
|
|
{
|
|
|
|
|
|
return e.Level > LogEventLevel.Error;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-10-23 15:11:25 +02:00
|
|
|
|
return e.Level >= LogEventLevel.Error;
|
|
|
|
|
|
});
|
2017-01-15 05:24:02 +01:00
|
|
|
|
|
2017-08-25 14:57:43 +02:00
|
|
|
|
// Default Middleware
|
|
|
|
|
|
app.UseDefaultMiddleware(env);
|
2017-07-21 18:53:26 +02:00
|
|
|
|
|
2017-08-15 22:33:38 +02:00
|
|
|
|
if(!globalSettings.SelfHosted)
|
|
|
|
|
|
{
|
|
|
|
|
|
// Rate limiting
|
|
|
|
|
|
app.UseMiddleware<CustomIpRateLimitMiddleware>();
|
|
|
|
|
|
}
|
2018-05-22 03:24:35 +02:00
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
app.UseForwardedHeaders(new ForwardedHeadersOptions
|
|
|
|
|
|
{
|
|
|
|
|
|
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
2016-11-13 00:43:32 +01:00
|
|
|
|
|
2015-12-09 04:57:38 +01:00
|
|
|
|
// Add static files to the request pipeline.
|
|
|
|
|
|
app.UseStaticFiles();
|
|
|
|
|
|
|
|
|
|
|
|
// Add Cors
|
2017-12-05 03:44:02 +01:00
|
|
|
|
app.UseCors(policy => policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials());
|
2015-12-09 04:57:38 +01:00
|
|
|
|
|
2017-10-06 20:02:28 +02:00
|
|
|
|
// Add authentication to the request pipeline.
|
|
|
|
|
|
app.UseAuthentication();
|
|
|
|
|
|
|
2017-10-09 22:21:49 +02:00
|
|
|
|
// Add current context
|
|
|
|
|
|
app.UseMiddleware<CurrentContextMiddleware>();
|
|
|
|
|
|
|
2017-04-19 22:01:34 +02:00
|
|
|
|
// Add MVC to the request pipeline.
|
|
|
|
|
|
app.UseMvc();
|
2019-03-08 21:48:34 +01:00
|
|
|
|
|
2019-03-01 23:37:11 +01:00
|
|
|
|
if(Environment.IsDevelopment() || globalSettings.SelfHosted)
|
2019-02-28 20:20:14 +01:00
|
|
|
|
{
|
|
|
|
|
|
app.UseSwagger(config =>
|
|
|
|
|
|
{
|
|
|
|
|
|
config.RouteTemplate = "specs/{documentName}/swagger.json";
|
|
|
|
|
|
});
|
|
|
|
|
|
app.UseSwaggerUI(config =>
|
|
|
|
|
|
{
|
2019-02-28 20:25:47 +01:00
|
|
|
|
config.DocumentTitle = "Bitwarden API Documentation";
|
2019-02-28 20:20:14 +01:00
|
|
|
|
config.RoutePrefix = "docs";
|
2019-03-08 21:48:34 +01:00
|
|
|
|
config.SwaggerEndpoint($"{globalSettings.BaseServiceUri.Api}/specs/public/swagger.json",
|
|
|
|
|
|
"Bitwarden Public API");
|
2019-02-28 20:20:14 +01:00
|
|
|
|
config.OAuthClientId("accountType.id");
|
|
|
|
|
|
config.OAuthClientSecret("secretKey");
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
2017-04-19 22:01:34 +02:00
|
|
|
|
}
|
2015-12-09 04:57:38 +01:00
|
|
|
|
}
|
|
|
|
|
|
}
|
