| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239 |
- using System;
- using System.Collections.Generic;
- using System.IO;
- using System.Security.Claims;
- using System.Text;
- using System.Text.Encodings.Web;
- using System.Text.Unicode;
- using HaBookCms.AzureStorage.Implements;
- using HaBookCms.AzureStorage.Interfaces;
- using HaBookCms.AzureStorage.Options;
- using HaBookCms.Common.LogHelper;
- using HaBookCms.ContextConfig.Exceptions;
- using HaBookCms.Jwt.Filter;
- using HaBookCms.Jwt.Model;
- using HaBookCms.RedisStorage.Cache;
- using log4net;
- using log4net.Config;
- using log4net.Repository;
- using Microsoft.AspNetCore.Authentication.JwtBearer;
- using Microsoft.AspNetCore.Builder;
- using Microsoft.AspNetCore.Hosting;
- using Microsoft.AspNetCore.Http;
- using Microsoft.AspNetCore.HttpOverrides;
- using Microsoft.AspNetCore.Mvc;
- using Microsoft.Extensions.Configuration;
- using Microsoft.Extensions.DependencyInjection;
- using Microsoft.IdentityModel.Tokens;
- namespace HaBookCms.Contest
- {
- public class Startup
- {
- /// <summary>
- /// log4net 仓储库
- /// </summary>
- public static ILoggerRepository repository { get; set; }
- public Startup(IConfiguration configuration, IHostingEnvironment env)
- {
- Configuration = configuration;
- var builder = new ConfigurationBuilder()
- .SetBasePath(env.ContentRootPath)
- .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true);
- this.Configuration = builder.Build();
- //log4net
- repository = LogManager.CreateRepository("HaBookCms");
- //指定配置文件
- XmlConfigurator.Configure(repository, new FileInfo("Log4net.config"));
- BaseConfigModel.SetBaseConfig(Configuration, env.ContentRootPath, env.WebRootPath);
- }
-
- public IConfiguration Configuration { get; }
- // This method gets called by the runtime. Use this method to add services to the container.
- public void ConfigureServices(IServiceCollection services)
- {
- services.AddSingleton(typeof(IAzureTableDBRepository), typeof(AzureTableDBRepository));
- services.Configure<CookiePolicyOptions>(options =>
- {
- // This lambda determines whether user consent for non-essential cookies is needed for a given request.
- options.CheckConsentNeeded = context => true;
- options.MinimumSameSitePolicy = SameSiteMode.None;
- });
- services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
- //解决视图输出内容中文编码问题
- services.AddSingleton(HtmlEncoder.Create(UnicodeRanges.All));
- services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
- #region 认证
- JwtAuthConfigModel jwtConfig = new JwtAuthConfigModel();
- // services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
- //.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
- // {
- // o.LoginPath = new PathString("/api/Users/checkLogin");
- // })
- services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
- .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, o =>
- {
- o.TokenValidationParameters = new TokenValidationParameters
- {
- ValidIssuer = jwtConfig.Issuer,
- ValidAudience = jwtConfig.Audience,
- IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtConfig.JWTSecretKey)),
- /***********************************TokenValidationParameters的参数默认值***********************************/
- RequireSignedTokens = true,
- // SaveSigninToken = false,
- // ValidateActor = false,
- // 将下面两个参数设置为false,可以不验证Issuer和Audience,但是不建议这样做。
- ValidateAudience = true,
- ValidateIssuer = true,
- ValidateIssuerSigningKey = true,
- // 是否要求Token的Claims中必须包含 Expires
- RequireExpirationTime = true,
- // 允许的服务器时间偏移量
- // ClockSkew = TimeSpan.FromSeconds(300),
- ClockSkew = TimeSpan.Zero,
- // 是否验证Token有效期,使用当前时间与Token的Claims中的NotBefore和Expires对比
- ValidateLifetime = true
- };
- });
- #endregion
- var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtConfig.JWTSecretKey)), SecurityAlgorithms.HmacSha256);
- // 如果要数据库动态绑定,这里先留个空,后边处理器里动态赋值
- var permission = new List<Permission>();
- // 角色与接口的权限要求参数
- var permissionRequirement = new PermissionRequirement(
- "/api/denied",// 拒绝授权的跳转地址(目前无用)
- permission,
- ClaimTypes.Role,//基于角色的授权
- jwtConfig.Issuer,//发行人
- jwtConfig.Audience,//听众
- signingCredentials,//签名凭据
- expiration: TimeSpan.FromSeconds(60 * 2)//接口的过期时间
- );
- // services.AddSingleton<PermissionRequirement, PermissionRequirement>();
- #region 授权
- services.AddAuthorization(options =>
- {
- options.AddPolicy("RequireContestWeb", policy => policy.RequireRole("ContestWeb").Build());
- options.AddPolicy("RequireApp", policy => policy.RequireRole("App").Build());
- options.AddPolicy("RequireAdmin", policy => policy.RequireRole("Admin").Build());
- options.AddPolicy("RequireAdminOrApp", policy => policy.RequireRole("Admin,App").Build());
- // 自定义权限要求
- options.AddPolicy("Permission",
- policy => policy.Requirements.Add(permissionRequirement));
- });
- #endregion
- //log日志注入
- services.AddSingleton<ILoggerHelper, LogHelper>();
- #region 缓存 读取配置是否使用哪种缓存模式
- services.AddMemoryCache();
- if (Convert.ToBoolean(Configuration["Cache:IsUseRedis"]))
- {
- services.AddSingleton<ICacheService, RedisCacheService>();
- }
- else
- {
- services.AddSingleton<ICacheService, MemoryCacheService>();
- }
- #endregion
- #region 缓存 RedisCache
- //将Redis分布式缓存服务添加到服务中
- services.AddDistributedRedisCache(options =>
- {
- //用于连接Redis的配置
- options.Configuration = "localhost";// Configuration.GetConnectionString("RedisConnectionString");
- //Redis实例名RedisDistributedCache
- options.InstanceName = "RedisInstance";
- });
- #endregion
- #region CORS
- services.AddCors(c =>
- {
- c.AddPolicy("Any", policy =>
- {
- policy.AllowAnyOrigin()
- .AllowAnyMethod()
- .AllowAnyHeader()
- .AllowCredentials();
- });
- c.AddPolicy("Limit", policy =>
- {
- policy
- .WithOrigins("localhost:63969")
- .WithMethods("get", "post", "put", "delete")
- //.WithHeaders("Authorization");
- .AllowAnyHeader();
- });
- });
- #endregion
- #region 性能 压缩
- services.AddResponseCompression();
- #endregion
- }
- // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
- public void Configure(IApplicationBuilder app, IHostingEnvironment env)
- {
- if (env.IsDevelopment())
- {
- app.UseDeveloperExceptionPage();
- }
- else
- {
- app.UseExceptionHandler("/Home/Error");
- // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
- app.UseHsts();
- }
- #region 解决Ubuntu Nginx 代理不能获取IP问题
- app.UseForwardedHeaders(new ForwardedHeadersOptions
- {
- ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
- });
- #endregion
- app.UseHttpsRedirection();
- app.UseStaticFiles(new StaticFileOptions
- {
- ServeUnknownFileTypes = true
- //ContentTypeProvider = new FileExtensionContentTypeProvider(new Dictionary<string, string>
- //{
- // { ".apk","application/vnd.android.package-archive"},
- // { ".nupkg","application/zip"}
- //}) //支持特殊文件下载处理
- });
- //自定义异常处理
- app.UseMiddleware<ExceptionFilter>();
- //认证
- app.UseAuthentication();
- //授权
- app.UseMiddleware<JwtAuthorizationFilter>();
- //性能压缩
- app.UseResponseCompression();
- app.UseCookiePolicy();
- app.UseMvc(routes =>
- {
- routes.MapRoute(
- name: "default",
- template: "{controller=Home}/{action=Index}/{id?}");
- });
- }
- }
- }
|
