TEAMMODEL
/
TEAMModelOS


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241
							using Lib.AspNetCore.ServerSentEvents;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.SpaServices;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Threading.Tasks;
using TEAMModelOS.SDK.DI.Multiple;
using TEAMModelBI.Models;
using TEAMModelOS.Models;
using TEAMModelOS.SDK;
using TEAMModelOS.SDK.DI;
using TEAMModelOS.SDK.Extension;
using TEAMModelOS.SDK.Filter;
using TEAMModelOS.SDK.Helper.Common.ReflectorExtensions;
using TEAMModelOS.SDK.Models;
using VueCliMiddleware;
using System.Net.Http;
using TEAMModelOS.Filter;
using TEAMModelOS.SDK.DI.IPIP;

namespace TEAMModelBI
{
    public class Startup
    {
        public IWebHostEnvironment environment { get; set; }
        readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
        public Startup(IConfiguration configuration,IWebHostEnvironment env)
        {
            Configuration = configuration;
            environment = env;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            // true，默認情況下，聲明映射將以舊格式映射聲明名稱，以適應較早的SAML應用程序，RoleClaimType = 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role'
            // false，RoleClaimType = 'roles'             
            JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
            services.AddAuthentication(options => options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme)
                .AddJwtBearer(options => //AzureADJwtBearer
                {
                    //options.SaveToken = true; //驗證令牌由服務器生成才有效，不適用於服務重啟或分布式架構
                    options.Authority = Configuration["Option:Authority"];
                    options.Audience = Configuration["Option:Audience"];
                    options.RequireHttpsMetadata = true;
                    options.TokenValidationParameters = new TokenValidationParameters
                    {
                        RoleClaimType = "roles",
                        ValidAudiences = new string[] { Configuration["Option:Audience"], $"api://{Configuration["Option:Audience"]}" }
                    };
                    options.Events = new JwtBearerEvents();
                    //下列事件有需要紀錄則打開
                    //options.Events.OnMessageReceived = async context => { await Task.FromResult(0); };
                    //options.Events.OnForbidden = async context => { await Task.FromResult(0); };
                    //options.Events.OnChallenge = async context => { await Task.FromResult(0); };
                    //options.Events.OnAuthenticationFailed = async context => { await Task.FromResult(0); };
                    options.Events.OnTokenValidated = async context =>
                    {
                        if (!context.Principal.Claims.Any(x => x.Type.Equals("http://schemas.microsoft.com/identity/claims/scope")) //ClaimConstants.Scope
                        && !context.Principal.Claims.Any(y => y.Type.Equals("roles"))) //ClaimConstants.Roles //http://schemas.microsoft.com/ws/2008/06/identity/claims/role
                        {
                            //TODO 需處理額外授權非角色及範圍的訪問異常紀錄
                            throw new UnauthorizedAccessException("Neither scope or roles claim was found in the bearer token.");
                        }
                        await Task.FromResult(0);
                    };
                });
            //設定跨域請求
            services.AddCors(options =>
            {
                options.AddPolicy(MyAllowSpecificOrigins,
                builder =>
                {
                    builder.WithOrigins("http://teammodelos-test.chinacloudsites.cn",
                                        "https://www.teammodel.cn", "https://localhost:5001",
                                        "http://localhost:5000")
                                       
                    .AllowAnyHeader()
                    .AllowAnyMethod();
                });
            });

            //Table和blob注入
            List<(string name, string connectionString)> storageConnects = new();
            storageConnects.Add(("Default", Configuration.GetValue<string>("Azure:Storage:ConnectionString")));      //大路站ClientString
            storageConnects.Add(("Global", Configuration.GetValue<string>("GlobalAzure:Storage:ConnectionString"))); //国际站ClientString

            storageConnects.Add(("LogChina", Configuration.GetValue<string>("Azure:LogStorage:ConnectionString"))); //防火墙日志 大陆站ClientString
            storageConnects.Add(("LogGlobal", Configuration.GetValue<string>("GlobalAzure:LogStorage:ConnectionString"))); //防火墙日志  国际站ClientString
            storageConnects.Add(("CoreServiceV2", Configuration.GetValue<string>("CoreServiceV2:Storage:ConnectionString"))); //CoreService V2
            services.AddMultipleAzureStorage(storageConnects);

            //cosmosDB注入
            List<(string name,string connectionString)> cosmosDBConnects = new();
            cosmosDBConnects.Add(("Default", Configuration.GetValue<string>("Azure:Cosmos:ConnectionString")));      //大陆站ConnectString
            cosmosDBConnects.Add(("Global", Configuration.GetValue<string>("GlobalAzure:Cosmos:ConnectionString"))); //国际站ConnectString
            cosmosDBConnects.Add(("CoreServiceV1", Configuration.GetValue<string>("CoreServiceV1:Cosmos:ConnectionString"))); //CoreService V1 read only
            cosmosDBConnects.Add(("CoreServiceV2", Configuration.GetValue<string>("CoreServiceV2:Cosmos:ConnectionString"))); //CoreService V2
            cosmosDBConnects.Add(("CoreServiceV2CnRead", Configuration.GetValue<string>("CoreServiceV2:CosmosCnRead:ConnectionString"))); //CoreService V2 read only
            services.AddMultipleAzureCosmos(cosmosDBConnects);

            //redis注入
            List<(string name, string connectionString)> redisConnects = new();
            redisConnects.Add(("Default", Configuration.GetValue<string>("Azure:Redis:ConnectionString")));
            redisConnects.Add(("Global", Configuration.GetValue<string>("GlobalAzure:Redis:ConnectionString")));
            services.AddMultipleAzureRedis(redisConnects);

            //serverBus 注入 
            List<(string name, string connectionString)> funConnects = new();
            funConnects.Add(("Default", Configuration.GetValue<string>("Azure:ServiceBus:ConnectionString")));
            funConnects.Add(("Global", Configuration.GetValue<string>("GlobalAzure:ServiceBus:ConnectionString")));
            services.AddMultipleAzureServiceBus(funConnects);
            
            //单一注入
            //services.AddAzureStorage(Configuration.GetValue<string>("Azure:Storage:ConnectionString"));
            //services.AddAzureCosmos(Configuration.GetValue<string>("Azure:Cosmos:ConnectionString"));
            //services.AddAzureRedis(Configuration.GetValue<string>("Azure:Redis:ConnectionString"));
            //services.AddAzureServiceBus(Configuration.GetValue<string>("Azure:ServiceBus:ConnectionString"));     

            services.AddSnowflakeId(Convert.ToInt64(Configuration.GetValue<string>("Option:LocationNum")), 1);
            services.AddHttpClient();
            services.AddHttpClient<DingDing>();
            services.AddSingleton(new City(@"Services/ipip.ipdb"));
            //services.AddCoreAPIHttpService(Configuration);
            services.AddHttpClient<CoreAPIHttpService>().ConfigureHttpMessageHandlerBuilder(builder =>
            {
                builder.PrimaryHandler = new HttpClientHandler
                {
                    ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true
                };
            });
            services.AddHttpClient<HttpTrigger>();
            services.AddMemoryCache();
            services.AddControllers().AddJsonOptions(options => { options.JsonSerializerOptions.IgnoreNullValues = false; });
            services.Configure<SysConfig>(Configuration.GetSection("sysConfig"));  //注册连接
            //HttpContextAccessor，并用来访问HttpContext。(提供組件或非控制器服務存取HttpContext)
            services.AddHttpContextAccessor();
            services.Configure<Option>(options => Configuration.GetSection("Option").Bind(options));
            services.AddControllers();

            string path = $"{ environment.ContentRootPath}/JsonFile/Core";
            services.AddIPSearcher(path);
            services.AddSpaStaticFiles(configuration =>
            {
                configuration.RootPath = "ClientApp";
            });
            services.AddServerSentEvents(o =>
            {
                o.KeepaliveMode = ServerSentEventsKeepaliveMode.Always;
                o.OnClientConnected = async (service, client) =>
                {
                    //if (client.Request.Headers.TryGetValue("X-Auth-Name", out StringValues name))
                    //{
                    //    client.Client.SetProperty("NAME", name.ToString());
                    //}
                    //if (client.Request.Headers.TryGetValue("X-Auth-DID", out StringValues did))
                    //{
                    //    client.Client.SetProperty("DID", did.ToString());
                    //}
                    //if (client.Request.Headers.TryGetValue("X-Auth-CID", out StringValues cid))
                    //{
                    //    client.Client.SetProperty("CID", cid.ToString());
                    //}
                    //if (client.Request.Headers.TryGetValue("X-Auth-PIN", out StringValues pin))
                    //{
                    //    client.Client.SetProperty("PIN", pin.ToString());
                    //}
                    //if (client.Request.Headers.TryGetValue("X-Auth-APP", out StringValues app))
                    //{
                    //    client.Client.SetProperty("APP", app.ToString());
                    //}

                    await client.Client.SendEventAsync(new { sid = client.Client.Id.ToString() }.ToJsonString());
                };
            });
            //等保安全性验证。
            services.AddScoped<SecurityHeadersAttribute>();
            services.AddMvcFilter<RequestAuditFilter>();
            services.AddAntiforgery(options => options.HeaderName = "X-CSRF-TOKEN");
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseRouting();
            //以下需要按照順序載入中間件  如果应用调用 UseStaticFiles，请将 UseStaticFiles 置于 UseRouting之前。
            app.UseStaticFiles();
            app.UseSpaStaticFiles();
            app.UseCors(MyAllowSpecificOrigins); //使用跨域設定
            app.UseHttpsRedirection(); //開發中暫時關掉
            //如果应用使用身份验证/授权功能（如 AuthorizePage 或 [Authorize]），请将对 UseAuthentication 和 UseAuthorization的
            //调用放在之后、UseRouting 和 UseCors，但在 UseEndpoints之前
            app.UseAuthentication();
            app.UseAuthorization();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
                endpoints.MapServerSentEvents("/service/sse", new ServerSentEventsOptions
                {
                    //Authorization = ServerSentEventsAuthorization.Default,
                    OnPrepareAccept = response =>
                    {
                        response.Headers.Append("Cache-Control", "no-cache");
                        response.Headers.Append("X-Accel-Buffering", "no");
                        response.Headers.Append("Content-Type", "text/event-stream");
                        response.Headers.Append("Access-Control-Allow-Origin", "*");
                    }
                });
#if DEBUG
                endpoints.MapToVueCliProxy(
                    "{*path}",
                    new SpaOptions { SourcePath = "ClientApp" },
                    npmScript: (System.Diagnostics.Debugger.IsAttached) ? "serve" : null,
                    // regex: "Compiled successfully",
                    forceKill: true
                    );
#else
                endpoints.MapFallbackToFile("index.html");
#endif

            });
        }
    }
}