using HTEXGpt.Services; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.Extensions.DependencyInjection.Extensions; using Microsoft.IdentityModel.Tokens; using System.IdentityModel.Tokens.Jwt; using System.Net.WebSockets; using TEAMModelOS.SDK.DI; using Hangfire; using Hangfire.Dashboard.BasicAuthorization; using Hangfire.Redis.StackExchange; using HTEXScreen.Service.CoreHangfire; using HTEXScreen.Service; using TEAMModelOS.SDK; namespace HTEX.Screen { public class Program { public static void Main(string[] args) { var builder = WebApplication.CreateBuilder(args); // Add services to the container. JwtSecurityTokenHandler.DefaultMapInboundClaims = false; builder.Services.AddAuthentication(options => options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => //AzureADJwtBearer { //options.SaveToken = true; //驗證令牌由服務器生成才有效,不適用於服務重啟或分布式架構 options.Authority ="https://login.chinacloudapi.cn/4807e9cf-87b8-4174-aa5b-e76497d7392b/v2.0";// builder.Configuration["Option:Authority"]; options.Audience = "72643704-b2e7-4b26-b881-bd5865e7a7a5";//builder.Configuration["Option:Audience"]; options.RequireHttpsMetadata = true; options.TokenValidationParameters = new TokenValidationParameters { RoleClaimType = "roles", //ValidAudiences = new string[] { builder.Configuration["Option:Audience"], $"api://{builder.Configuration["Option:Audience"]}" } ValidAudiences = new string[] { "72643704-b2e7-4b26-b881-bd5865e7a7a5", $"api://72643704-b2e7-4b26-b881-bd5865e7a7a5" } }; options.Events = new JwtBearerEvents(); //下列事件有需要紀錄則打開 //options.Events.OnMessageReceived = async context => { await Task.FromResult(0); }; //options.Events.OnForbidden = async context => { await Task.FromResult(0); }; //options.Events.OnChallenge = async context => { await Task.FromResult(0); }; //options.Events.OnAuthenticationFailed = async context => { await Task.FromResult(0); }; options.Events.OnTokenValidated = async context => { if (!context.Principal.Claims.Any(x => x.Type.Equals("http://schemas.microsoft.com/identity/claims/scope")) //ClaimConstants.Scope && !context.Principal.Claims.Any(y => y.Type.Equals("roles"))) //ClaimConstants.Roles //http://schemas.microsoft.com/ws/2008/06/identity/claims/role { //TODO 需處理額外授權非角色及範圍的訪問異常紀錄 throw new UnauthorizedAccessException("Neither scope or roles claim was found in the bearer token."); } await Task.FromResult(0); }; }); builder.Services.AddControllers(); #if DEBUG builder.WebHost.UseUrls(new[] { "https://*:7298" }); #endif // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); //builder.Services.AddSwaggerGen(); builder.Services.AddHttpClient(); string StorageConnectionString = builder.Configuration.GetValue("Azure:Storage:ConnectionString"); string StorageConnectionStringTest = builder.Configuration.GetValue("Azure:Storage:ConnectionString-Test"); string ServiceBusConnectionString = builder.Configuration.GetValue("Azure:ServiceBus:ConnectionString"); string ServiceBusConnectionStringTest = builder.Configuration.GetValue("Azure:ServiceBus:ConnectionString-Test"); string RedisConnectionString = builder.Configuration.GetValue("Azure:Redis:ConnectionString"); string RedisConnectionStringTest = builder.Configuration.GetValue("Azure:Redis:ConnectionString-Test"); string CosmosConnectionString = builder.Configuration.GetValue("Azure:Cosmos:ConnectionString"); string CosmosConnectionStringTest = builder.Configuration.GetValue("Azure:Cosmos:ConnectionString-Test"); //Storage builder.Services.AddAzureStorage(StorageConnectionString, "Default"); builder.Services.AddAzureStorage(StorageConnectionStringTest, "Test"); //ServiceBus builder.Services.AddAzureServiceBus(ServiceBusConnectionString, "Default"); builder.Services.AddAzureServiceBus(ServiceBusConnectionStringTest, "Test"); //Redis builder.Services.AddAzureRedis(RedisConnectionString, "Default"); builder.Services.AddAzureRedis(RedisConnectionStringTest, "Test"); //Cosmos builder.Services.AddAzureCosmos(CosmosConnectionString, "Default"); builder.Services.AddAzureCosmos(CosmosConnectionStringTest, "Test"); builder.Services.AddHostedService(); builder.Services.AddHostedService(); builder.Services.AddHttpContextAccessor(); builder.Services.AddHttpClient(); string path = $"{builder.Environment.ContentRootPath}/JsonFiles"; builder.Services.TryAddSingleton(new Region2LongitudeLatitudeTranslator(path)); builder.Services.AddIPSearcher(path); builder.Services.AddScoped(); builder.Services.AddScoped(); builder.Services.AddScoped(); builder.Services.AddScoped(); builder.Services.AddScoped(); builder.Services.AddScoped(); builder.Services.AddHttpClient(); builder.Services.AddCors(options => { options.AddPolicy("MyAllowSpecificOrigins", builder => { builder.WithOrigins("http://teammodelos-test.chinacloudsites.cn", "https://www.teammodel.cn", "https://localhost:5001", "http://localhost:5000", "http://localhost:64524", "https://localhost:44341", "https://localhost:8888", "http://localhost:8888", "https://localhost:8081", "http://localhost:8081") .AllowAnyHeader() .AllowAnyMethod(); }); }); // 添加CORS服务 builder.Services.AddCors(options => { options.AddPolicy("AllowSpecificOrigin", builder => { #if DEBUG builder.AllowAnyOrigin() // 添加允许的源 .AllowAnyHeader() // 允许任何请求标头 // .AllowCredentials() ; // 允许包含凭据 #else //builder.WithOrigins("https://teammodeltest.blob.core.chinacloudapi.cn", "https://teammodelos.blob.core.chinacloudapi.cn") // 添加允许的源 .AllowAnyMethod() // 允许任何请求方法 // .AllowAnyHeader() // 允许任何请求标头 // .AllowCredentials(); // 允许包含凭据 #endif }); }); builder.Services.AddHangfire(config => { config.UseRedisStorage(builder.Configuration.GetValue("Azure:Redis:ConnectionString"), new RedisStorageOptions { Db=1 }); }); builder.Services.AddHangfireServer(); var app = builder.Build(); if (app.Environment.IsDevelopment()) { //app.UseSwagger(); //app.UseSwaggerUI(); } app.UseRouting(); app.UseCors("MyAllowSpecificOrigins"); //使用跨域設定 app.UseHttpsRedirection(); //開發中暫時關掉 app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); app.UseHangfireDashboard("/cdhabook-hangfire", new DashboardOptions { Authorization = new[] { new BasicAuthAuthorizationFilter(new BasicAuthAuthorizationFilterOptions { RequireSsl = false, SslRedirect = false, LoginCaseSensitive = true, Users = new [] { new BasicAuthAuthorizationUser { Login = "cdhabook", PasswordClear = "cdhabook_abc123" } } }) } }); RecurringJob.AddOrUpdate("1.访问日志记录统计VisitSettleJob,每小时的第2分钟,统计上个小时的", job => job.Run(), Cron.Hourly(2), options: new RecurringJobOptions { TimeZone=TimeZoneInfo.Local }); app.Run(); } } }