-
Notifications
You must be signed in to change notification settings - Fork 22
Expand file tree
/
Copy pathStartup.cs
More file actions
113 lines (100 loc) · 4.32 KB
/
Startup.cs
File metadata and controls
113 lines (100 loc) · 4.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
using System.Threading.Tasks;
using HwProj.AuthService.Client;
using HwProj.CoursesService.Client;
using HwProj.NotificationsService.Client;
using HwProj.SolutionsService.Client;
using HwProj.Utils.Auth;
using HwProj.Utils.Configuration;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Tokens;
namespace HwProj.APIGateway.API
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.ConfigureHwProjServices("API Gateway");
const string authenticationProviderKey = "GatewayKey";
services.AddAuthentication(options =>
{
options.DefaultScheme = authenticationProviderKey;
})
.AddJwtBearer(authenticationProviderKey, x =>
{
x.RequireHttpsMetadata = false;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "AuthService",
ValidateIssuer = true,
ValidateAudience = false,
ValidateLifetime = true,
IssuerSigningKey = AuthorizationKey.SecurityKey,
ValidateIssuerSigningKey = true
};
})
.AddJwtBearer(AuthSchemeConstants.QueryStringTokenAuthentication, options =>
{
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = "AuthService",
ValidateLifetime = false,
ValidateAudience = false,
IssuerSigningKey = AuthorizationKey.SecurityKey
};
options.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
if (context.Request.Query.ContainsKey("token"))
{
context.Token = context.Request.Query["token"];
}
else
{
context.Fail("Unauthorized");
}
return Task.CompletedTask;
},
OnTokenValidated = async context =>
{
var courseIdClaim = context.Principal.FindFirst("_courseId");
if (courseIdClaim == null)
{
context.Fail("Unauthorized");
return;
}
var authServiceClient = context.HttpContext.RequestServices
.GetRequiredService<IAuthServiceClient>();
var statsAccessToken = await authServiceClient.GetGuestToken(courseIdClaim.Value);
var guestToken = context.Request.Query["token"];
if (statsAccessToken.AccessToken != guestToken)
{
context.Fail("Unauthorized");
}
}
};
});
services.AddHttpClient();
services.AddHttpContextAccessor();
services.AddAuthServiceClient();
services.AddCoursesServiceClient();
services.AddSolutionServiceClient();
services.AddNotificationsServiceClient();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.ConfigureHwProj(env, "API Gateway");
}
}
}