Merge pull request fullstackhero#290 from jnalley20/proxy-nginx

iammukeshm · web-flow · commit 42d13f07fbda · 2021-08-27T02:17:14.000+05:30
Behind SSL Proxy.  Adds Cors policy, forwarded headers and known proxy
diff --git a/src/Application/Configurations/AppConfiguration.cs b/src/Application/Configurations/AppConfiguration.cs
@@ -3,5 +3,8 @@
     public class AppConfiguration
     {
         public string Secret { get; set; }
+        public bool BehindSSLProxy { get; set; }
+        public string ProxyIP { get; set; }
+        public string ApplicationUrl { get; set; }
     }
 }
diff --git a/src/Server/Extensions/ApplicationBuilderExtensions.cs b/src/Server/Extensions/ApplicationBuilderExtensions.cs
@@ -10,6 +10,8 @@
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using BlazorHero.CleanArchitecture.Shared.Constants.Application;
+using BlazorHero.CleanArchitecture.Application.Configurations;
+using Microsoft.Extensions.Configuration;
 
 namespace BlazorHero.CleanArchitecture.Server.Extensions
 {
@@ -28,6 +30,20 @@ internal static IApplicationBuilder UseExceptionHandling(
             return app;
         }
 
+        internal static IApplicationBuilder AddForwardingOptions(this IApplicationBuilder app, IConfiguration configuration)
+        {
+            AppConfiguration config = GetApplicationSettings(configuration);
+            if (config.BehindSSLProxy)
+            {
+                app.UseCors();
+                app.UseForwardedHeaders();
+
+                return app;
+            }
+            else
+                return app;
+        }
+
         internal static void ConfigureSwagger(this IApplicationBuilder app)
         {
             app.UseSwagger();
@@ -77,5 +93,11 @@ internal static IApplicationBuilder Initialize(this IApplicationBuilder app, Mic
 
             return app;
         }
+
+        private static AppConfiguration GetApplicationSettings(IConfiguration configuration)
+        {
+            var applicationSettingsConfiguration = configuration.GetSection(nameof(AppConfiguration));
+            return applicationSettingsConfiguration.Get<AppConfiguration>();
+        }
     }
 }
diff --git a/src/Server/Extensions/ServiceCollectionExtensions.cs b/src/Server/Extensions/ServiceCollectionExtensions.cs
@@ -24,7 +24,9 @@
 using BlazorHero.CleanArchitecture.Shared.Constants.Permission;
 using BlazorHero.CleanArchitecture.Shared.Wrapper;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
@@ -34,6 +36,7 @@
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.OpenApi.Models;
 using Newtonsoft.Json;
+using Serilog;
 using System;
 using System.Collections.Generic;
 using System.Globalization;
@@ -57,6 +60,43 @@ internal static async Task<IStringLocalizer> GetRegisteredServerLocalizerAsync<T
             await serviceProvider.DisposeAsync();
             return localizer;
         }
+        internal static IServiceCollection AddForwardingOptions(this IServiceCollection services, IConfiguration configuration)
+        {
+            var applicationSettingsConfiguration = configuration.GetSection(nameof(AppConfiguration));
+            AppConfiguration config = applicationSettingsConfiguration.Get<AppConfiguration>(); 
+            if (config.BehindSSLProxy)
+            {
+                services.Configure<ForwardedHeadersOptions>(options =>
+                {
+                    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+                    if (config.ProxyIP != "")
+                    {
+                        string ipCheck = config.ProxyIP;
+                        if (IPAddress.TryParse(ipCheck, out IPAddress proxyIP))
+                            options.KnownProxies.Add(proxyIP);
+                        else
+                            Log.Logger.Warning($"Invalid Proxy IP of \"{ipCheck}\", Not Loaded");
+                    }
+                });
+
+                services.AddCors(options =>
+                {
+                    options.AddDefaultPolicy(
+                        builder =>
+                        {
+                            builder
+                                .AllowCredentials()
+                                .AllowAnyHeader()
+                                .AllowAnyMethod()
+                                .WithOrigins(config.ApplicationUrl.TrimEnd('/'));
+                        });
+                });
+
+                return services;
+            }
+            else
+                return services;
+        }
 
         private static async Task SetCultureFromServerPreferenceAsync(IServiceProvider serviceProvider)
         {
diff --git a/src/Server/Server.csproj b/src/Server/Server.csproj
@@ -10,7 +10,7 @@
     <NoWarn>1701;1702;1591</NoWarn>
     <UserSecretsId>aa8b7360-671b-4ab2-99b0-7df28629ef3d</UserSecretsId>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
-    <DockerComposeProjectPath>..\docker-compose.dcproj</DockerComposeProjectPath>
+    <DockerComposeProjectPath>..\..\docker-compose.dcproj</DockerComposeProjectPath>
     <DockerfileContext>..\..</DockerfileContext>
   </PropertyGroup>
   <ItemGroup>
diff --git a/src/Server/Startup.cs b/src/Server/Startup.cs
@@ -31,8 +31,7 @@ public Startup(IConfiguration configuration)
 
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddCors();
-            services.AddSignalR();
+            services.AddForwardingOptions(_configuration);
             services.AddLocalization(options =>
             {
                 options.ResourcesPath = "Resources";
@@ -45,6 +44,7 @@ public void ConfigureServices(IServiceCollection services)
             services.AddServerLocalization();
             services.AddIdentity();
             services.AddJwtAuthentication(services.GetApplicationSettings(_configuration));
+            services.AddSignalR();
             services.AddApplicationLayer();
             services.AddApplicationServices();
             services.AddRepositories();
@@ -69,7 +69,7 @@ public void ConfigureServices(IServiceCollection services)
 
         public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IStringLocalizer<Startup> localizer)
         {
-            app.UseCors();
+            app.AddForwardingOptions(_configuration);
             app.UseExceptionHandling(env);
             app.UseHttpsRedirection();
             app.UseMiddleware<ErrorHandlerMiddleware>();
diff --git a/src/Server/appsettings.json b/src/Server/appsettings.json
@@ -9,7 +9,10 @@
   },
   "AllowedHosts": "*",
   "AppConfiguration": {
-    "Secret": "S0M3RAN0MS3CR3T!1!MAG1C!1!"
+    "Secret": "S0M3RAN0MS3CR3T!1!MAG1C!1!",
+    "BehindSSLProxy": false,
+    "ProxyIP": "",
+    "ApplicationUrl": ""
   },
   "ConnectionStrings": {
     "DefaultConnection": "Data Source=(localdb)\\mssqllocaldb;Initial Catalog=BlazorHero.CleanArchitecture;Integrated Security=True;MultipleActiveResultSets=True"

Original file line number	Diff line number	Diff line change
`@@ -3,5 +3,8 @@`
`3`	`3`	`public class AppConfiguration`
`4`	`4`	`{`
`5`	`5`	`public string Secret { get; set; }`
	`6`	`+ public bool BehindSSLProxy { get; set; }`
	`7`	`+ public string ProxyIP { get; set; }`
	`8`	`+ public string ApplicationUrl { get; set; }`
`6`	`9`	`}`
`7`	`10`	`}`