public Startup(IConfiguration configuration)
{
Configuration = configuration;
swaggerUtils = new SwaggerUtils()
{
Title = "SlaveApplication", Scope = "slaveApplication"
};
}
public Startup(IConfiguration configuration)
{
Configuration = configuration;
swaggerUtils = new SwaggerUtils()
{
Title = "MasterApplication", Scope = "masterApplication"
};
}
private void ConfigureServicesApiExplorer(IServiceCollection services, List <string> scopes)
{
services.AddMvcCore().AddVersionedApiExplorer(options =>
{
options.GroupNameFormat = "'v'VVV";
options.SubstituteApiVersionInUrl = true;
});
services.AddApiVersioning(options =>
{
options.AssumeDefaultVersionWhenUnspecified = true;
options.DefaultApiVersion = new ApiVersion(1, 0);
options.ReportApiVersions = true;
});
services.AddSwaggerGen(options =>
{
options.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
Description = "OAuth 2.0 Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = "header",
Type = "apiKey"
});
options.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
Type = "oauth2",
Flow = "implicit",
AuthorizationUrl = "/connect/authorize",
TokenUrl = "/connect/token",
Scopes = scopes.ToDictionary(s => s, s => Configuration.GetScopeTitle(s))
});
options.OperationFilter <SecurityRequirementsOperationFilter>();
options.DocumentFilter <LowercaseDocumentFilter>();
// resolve the IApiVersionDescriptionProvider service
// note: that we have to build a temporary service provider here because one has not been created yet
var provider = services.BuildServiceProvider().GetRequiredService <IApiVersionDescriptionProvider>();
// add a swagger document for each discovered API version
// note: you might choose to skip or document deprecated API versions differently
foreach (var description in provider.ApiVersionDescriptions)
{
options.SwaggerDoc(description.GroupName, SwaggerUtils.CreateInfoForApiVersion(description));
}
// add a custom operation filter which sets default values
options.OperationFilter <SwaggerDefaultValues>();
// integrate xml comments
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
options.IncludeXmlComments(xmlPath);
});
}
private void AddJwtPayload(SwaggerDocument swaggerDoc, SignResponseAttribute attribute)
{
var key = "jwt_payload_" + attribute.TokenName;
Schema claimSchema;
var normalizedDefinitionName = SwaggerUtils.NormalizeModelName(attribute.SwaggerDefinitionName);
var claimDefinitionProperties = swaggerDoc.Definitions[normalizedDefinitionName].Properties;
if (attribute.ResponseContainsList)
{
claimSchema = new Schema
{
Type = "array",
Title = attribute.ClaimName,
Items = NewSchemaItem(attribute.SwaggerDefinitionName, claimDefinitionProperties)
};
}
else
{
claimSchema = NewSchemaItem(attribute.ClaimName, claimDefinitionProperties);
}
swaggerDoc.Definitions.Add(
key,
new Schema
{
Type = "object",
Required = new[] { "iss", "sub", attribute.AnonymousUsage ? "" : "aud", "jti", "exp", "iat", attribute.ClaimName },
Properties = new Dictionary <string, Schema>
{
{
"iss",
new Schema
{
Type = "string",
Example = "EU.EORI.NL123456789"
}
},
{
"sub",
new Schema
{
Type = "string",
Example = "EU.EORI.NL123456789"
}
},
{
"aud",
new Schema
{
Type = "string",
Example = "EU.EORI.NL123456789"
}
},
{
"jti",
new Schema
{
Type = "string",
Example = "378a47c4-2822-4ca5-a49a-7e5a1cc7ea59"
}
},
{
"exp",
new Schema
{
Type = "integer",
Example = "1504683475"
}
},
{
"iat",
new Schema
{
Type = "integer",
Example = "1504683475"
}
},
{
attribute.ClaimName,
claimSchema
}
}
});
}
public static void Register()
{
var thisAssembly = typeof(SwaggerConfig).Assembly;
GlobalConfiguration.Configuration
.EnableSwagger(c =>
{
// By default, the service root url is inferred from the request used to access the docs.
// However, there may be situations (e.g. proxy and load-balanced environments) where this does not
// resolve correctly. You can workaround this by providing your own code to determine the root URL.
//
//c.RootUrl(req => GetRootUrlFromAppConfig());
// If schemes are not explicitly provided in a Swagger 2.0 document, then the scheme used to access
// the docs is taken as the default. If your API supports multiple schemes and you want to be explicit
// about them, you can use the "Schemes" option as shown below.
//
//c.Schemes(new[] { "http", "https" });
// Use "SingleApiVersion" to describe a single version API. Swagger 2.0 includes an "Info" object to
// hold additional metadata for an API. Version and title are required but you can also provide
// additional fields by chaining methods off SingleApiVersion.
//
c.SingleApiVersion("v1", "SwaggerDocsRazorViews");
// If your API has multiple versions, use "MultipleApiVersions" instead of "SingleApiVersion".
// In this case, you must provide a lambda that tells Swashbuckle which actions should be
// included in the docs for a given API version. Like "SingleApiVersion", each call to "Version"
// returns an "Info" builder so you can provide additional metadata per API version.
//
//c.MultipleApiVersions(
// (apiDesc, targetApiVersion) => ResolveVersionSupportByRouteConstraint(apiDesc, targetApiVersion),
// (vc) =>
// {
// vc.Version("v2", "Swashbuckle Dummy API V2");
// vc.Version("v1", "Swashbuckle Dummy API V1");
// });
// You can use "BasicAuth", "ApiKey" or "OAuth2" options to describe security schemes for the API.
// See https://github.com/swagger-api/swagger-spec/blob/master/versions/2.0.md for more details.
// NOTE: These only define the schemes and need to be coupled with a corresponding "security" property
// at the document or operation level to indicate which schemes are required for an operation. To do this,
// you'll need to implement a custom IDocumentFilter and/or IOperationFilter to set these properties
// according to your specific authorization implementation
//
//c.BasicAuth("basic")
// .Description("Basic HTTP Authentication");
//
//c.ApiKey("apiKey")
// .Description("API Key Authentication")
// .Name("apiKey")
// .In("header");
//
//c.OAuth2("oauth2")
// .Description("OAuth2 Implicit Grant")
// .Flow("implicit")
// .AuthorizationUrl("http://petstore.swagger.wordnik.com/api/oauth/dialog")
// //.TokenUrl("https://tempuri.org/token")
// .Scopes(scopes =>
// {
// scopes.Add("read", "Read access to protected resources");
// scopes.Add("write", "Write access to protected resources");
// });
// Set this flag to omit descriptions for any actions decorated with the Obsolete attribute
//c.IgnoreObsoleteActions();
// Each operation be assigned one or more tags which are then used by consumers for various reasons.
// For example, the swagger-ui groups operations according to the first tag of each operation.
// By default, this will be controller name but you can use the "GroupActionsBy" option to
// override with any value.
//
//c.GroupActionsBy(apiDesc => apiDesc.HttpMethod.ToString());
// You can also specify a custom sort order for groups (as defined by "GroupActionsBy") to dictate
// the order in which operations are listed. For example, if the default grouping is in place
// (controller name) and you specify a descending alphabetic sort order, then actions from a
// ProductsController will be listed before those from a CustomersController. This is typically
// used to customize the order of groupings in the swagger-ui.
//
//c.OrderActionGroupsBy(new DescendingAlphabeticComparer());
// If you annotate Controllers and API Types with
// Xml comments (http://msdn.microsoft.com/en-us/library/b2s063f7(v=vs.110).aspx), you can incorporate
// those comments into the generated docs and UI. You can enable this by providing the path to one or
// more Xml comment files.
//
c.IncludeXmlComments(SwaggerUtils.GetXmlCommentsPath());
// Swashbuckle makes a best attempt at generating Swagger compliant JSON schemas for the various types
// exposed in your API. However, there may be occasions when more control of the output is needed.
// This is supported through the "MapType" and "SchemaFilter" options:
//
// Use the "MapType" option to override the Schema generation for a specific type.
// It should be noted that the resulting Schema will be placed "inline" for any applicable Operations.
// While Swagger 2.0 supports inline definitions for "all" Schema types, the swagger-ui tool does not.
// It expects "complex" Schemas to be defined separately and referenced. For this reason, you should only
// use the "MapType" option when the resulting Schema is a primitive or array type. If you need to alter a
// complex Schema, use a Schema filter.
//
//c.MapType<ProductType>(() => new Schema { type = "integer", format = "int32" });
// If you want to post-modify "complex" Schemas once they've been generated, across the board or for a
// specific type, you can wire up one or more Schema filters.
//
//c.SchemaFilter<ApplySchemaVendorExtensions>();
// In a Swagger 2.0 document, complex types are typically declared globally and referenced by unique
// Schema Id. By default, Swashbuckle does NOT use the full type name in Schema Ids. In most cases, this
// works well because it prevents the "implementation detail" of type namespaces from leaking into your
// Swagger docs and UI. However, if you have multiple types in your API with the same class name, you'll
// need to opt out of this behavior to avoid Schema Id conflicts.
//
//c.UseFullTypeNameInSchemaIds();
// Alternatively, you can provide your own custom strategy for inferring SchemaId's for
// describing "complex" types in your API.
//
//c.SchemaId(t => t.FullName.Contains('`') ? t.FullName.Substring(0, t.FullName.IndexOf('`')) : t.FullName);
// Set this flag to omit schema property descriptions for any type properties decorated with the
// Obsolete attribute
//c.IgnoreObsoleteProperties();
// In accordance with the built in JsonSerializer, Swashbuckle will, by default, describe enums as integers.
// You can change the serializer behavior by configuring the StringToEnumConverter globally or for a given
// enum type. Swashbuckle will honor this change out-of-the-box. However, if you use a different
// approach to serialize enums as strings, you can also force Swashbuckle to describe them as strings.
//
//c.DescribeAllEnumsAsStrings();
// Similar to Schema filters, Swashbuckle also supports Operation and Document filters:
//
// Post-modify Operation descriptions once they've been generated by wiring up one or more
// Operation filters.
//
//c.OperationFilter<AddDefaultResponse>();
c.OperationFilter <AddDefaultValues>();
c.OperationFilter <ExamplesOperationFilter>();
//
// If you've defined an OAuth2 flow as described above, you could use a custom filter
// to inspect some attribute on each action and infer which (if any) OAuth2 scopes are required
// to execute the operation
//
//c.OperationFilter<AssignOAuth2SecurityRequirements>();
// Post-modify the entire Swagger document by wiring up one or more Document filters.
// This gives full control to modify the final SwaggerDocument. You should have a good understanding of
// the Swagger 2.0 spec. - https://github.com/swagger-api/swagger-spec/blob/master/versions/2.0.md
// before using this option.
//
//c.DocumentFilter<ApplyDocumentVendorExtensions>();
// In contrast to WebApi, Swagger 2.0 does not include the query string component when mapping a URL
// to an action. As a result, Swashbuckle will raise an exception if it encounters multiple actions
// with the same path (sans query string) and HTTP method. You can workaround this by providing a
// custom strategy to pick a winner or merge the descriptions for the purposes of the Swagger docs
//
//c.ResolveConflictingActions(apiDescriptions => apiDescriptions.First());
// Wrap the default SwaggerGenerator with additional behavior (e.g. caching) or provide an
// alternative implementation for ISwaggerProvider with the CustomProvider option.
//
//c.CustomProvider((defaultProvider) => new CachingSwaggerProvider(defaultProvider));
})
.EnableSwaggerUi(c =>
{
// Use the "InjectStylesheet" option to enrich the UI with one or more additional CSS stylesheets.
// The file must be included in your project as an "Embedded Resource", and then the resource's
// "Logical Name" is passed to the method as shown below.
//
//c.InjectStylesheet(containingAssembly, "Swashbuckle.Dummy.SwaggerExtensions.testStyles1.css");
// Use the "InjectJavaScript" option to invoke one or more custom JavaScripts after the swagger-ui
// has loaded. The file must be included in your project as an "Embedded Resource", and then the resource's
// "Logical Name" is passed to the method as shown above.
//
//c.InjectJavaScript(thisAssembly, "Swashbuckle.Dummy.SwaggerExtensions.testScript1.js");
// The swagger-ui renders boolean data types as a dropdown. By default, it provides "true" and "false"
// strings as the possible choices. You can use this option to change these to something else,
// for example 0 and 1.
//
//c.BooleanValues(new[] { "0", "1" });
// By default, swagger-ui will validate specs against swagger.io's online validator and display the result
// in a badge at the bottom of the page. Use these options to set a different validator URL or to disable the
// feature entirely.
//c.SetValidatorUrl("http://localhost/validator");
//c.DisableValidator();
// Use this option to control how the Operation listing is displayed.
// It can be set to "None" (default), "List" (shows operations for each resource),
// or "Full" (fully expanded: shows operations and their details).
//
//c.DocExpansion(DocExpansion.List);
// Use the CustomAsset option to provide your own version of assets used in the swagger-ui.
// It's typically used to instruct Swashbuckle to return your version instead of the default
// when a request is made for "index.html". As with all custom content, the file must be included
// in your project as an "Embedded Resource", and then the resource's "Logical Name" is passed to
// the method as shown below.
//
//c.CustomAsset("index", containingAssembly, "YourWebApiProject.SwaggerExtensions.index.html");
// If your API has multiple versions and you've applied the MultipleApiVersions setting
// as described above, you can also enable a select box in the swagger-ui, that displays
// a discovery URL for each version. This provides a convenient way for users to browse documentation
// for different API versions.
//
//c.EnableDiscoveryUrlSelector();
// If your API supports the OAuth2 Implicit flow, and you've described it correctly, according to
// the Swagger 2.0 specification, you can enable UI support as shown below.
//
//c.EnableOAuth2Support("test-client-id", "test-realm", "Swagger UI");
});
}
public void ConfigureServices(IServiceCollection services)
{
var instanceInfo = new InstanceInfo();
services.AddSingleton(instanceInfo);
CustomLogs.SetupCustomLogs.ConfigureServices(instanceInfo);
SetupDefaultWebMetrics.ConfigureServices(instanceInfo, services);
SetupTracing.ConfigureServices(instanceInfo, services, true);
ServiceClients.ConfigureServices(services, CustomLogs.SetupCustomLogs.Logger());
SetupCustomCache.ConfigureServices(services, out var redisCacheOptions);
CustomLogs.SetupCustomLogs.PrintAllEnv();
var ipHeader = "X-Real-IP";
services.AddScoped <IIpAddressParser>(o => new ReversProxyIpParser(ipHeader));
//https://github.com/stefanprodan/AspNetCoreRateLimit/wiki/IpRateLimitMiddleware#setup
services.Configure <IpRateLimitOptions>(options =>
{
options.EnableEndpointRateLimiting = false;
options.StackBlockedRequests = false;
//The RealIpHeader is used to extract the client IP when your Kestrel server is behind a reverse proxy, if your proxy uses a different header then X-Real-IP use this option to set it up.
options.RealIpHeader = ipHeader;
//The ClientIdHeader is used to extract the client id for white listing, if a client id is present in this header and matches a value specified in ClientWhitelist then no rate limits are applied.
options.ClientIdHeader = "X-ClientId";
options.HttpStatusCode = 429;
options.IpWhitelist = new List <string>()
{
/*"127.0.0.1", "::1/10", "192.168.0.0/24" */
};
options.EndpointWhitelist = new List <string>()
{
/*"get:/api/license", "*:/api/status" */
};
options.ClientWhitelist = new List <string>()
{
/*"dev-id-1", "dev-id-2" */
};
options.GeneralRules = new List <RateLimitRule>()
{
new RateLimitRule()
{
Endpoint = "*",
Period = "10s",
//runtime exception PeriodTimespan = TimeSpan.FromSeconds(10),
Limit = 2
}
};
options.DisableRateLimitHeaders = true;
options.RateLimitCounterPrefix = "web_throttle_";
});
services.Configure <IpRateLimitPolicies>(options =>
{
options.IpRules = new List <IpRateLimitPolicy>()
{
/*
* new IpRateLimitPolicy()
* {
* //like "192.168.0.0/24", "fe80::/10" or "192.168.0.0-192.168.0.255".
* Ip = "192.168.3.22/25",
* Rules = new List<RateLimitRule>()
* {
* new RateLimitRule()
* {
* Endpoint = "*",
* PeriodTimespan = TimeSpan.FromSeconds(2),
* Limit = 2
* }
* }
* }
*/
};
});
services.AddSingleton <IIpPolicyStore, DistributedCacheIpPolicyStore>();
services.AddSingleton <IRateLimitCounterStore, DistributedCacheRateLimitCounterStore>();
services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = !string.IsNullOrWhiteSpace(Settings.JwtIssuer),
ValidateAudience = !string.IsNullOrWhiteSpace(Settings.JwtAudience),
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = Settings.JwtIssuer,
ValidAudience = Settings.JwtAudience,
IssuerSigningKey = Settings.JwtSigningKey
};
});
// By default, ASP.NET Core application will reject any request coming from the cross-origin clients.
services.AddCors();
services.AddMvc(options => {
options.Filters.Add(typeof(GlobalValidatorAttribute));
options.MaxModelValidationErrors = 10;
});
services.AddMvcCore();
services.AddVersionedApiExplorer(
options =>
{
// add the versioned api explorer, which also adds IApiVersionDescriptionProvider service
// note: the specified format code will format the version as "'v'major[.minor][-status]"
options.GroupNameFormat = "'v'VVV";
// note: this option is only necessary when versioning by url segment. the SubstitutionFormat
// can also be used to control the format of the API version in route templates
options.SubstituteApiVersionInUrl = true;
});
services.AddApiVersioning(options =>
{
//https://github.com/Microsoft/aspnet-api-versioning/wiki/New-Services-Quick-Start#aspnet-core
options.AssumeDefaultVersionWhenUnspecified = true;
options.DefaultApiVersion = new ApiVersion(1, 0);
options.ReportApiVersions = true;
options.UseApiBehavior = false;
}
);
services.AddSwaggerGen(
options =>
{
// resolve the IApiVersionDescriptionProvider service
// note: that we have to build a temporary service provider here because one has not been created yet
var provider = services.BuildServiceProvider().GetRequiredService <IApiVersionDescriptionProvider>();
// add a swagger document for each discovered API version
// note: you might choose to skip or document deprecated API versions differently
foreach (var description in provider.ApiVersionDescriptions)
{
options.SwaggerDoc(description.GroupName, SwaggerUtils.CreateInfoForApiVersion(description));
}
// add a custom operation filter which sets default values
options.OperationFilter <SwaggerDefaultValues>();
options.DocumentFilter <SwaggerAddEnumDescriptions>();
//options.DescribeAllEnumsAsStrings();
// integrate xml comments
options.IncludeXmlComments(SwaggerUtils.XmlCommentsFilePath); //check project properties - add xml docs to bin\Debug\netcoreapp2.0\Web.xml
});
services.AddHealthChecks(checks =>
{
//However, the MVC web application has multiple dependencies on the rest of the microservices. Therefore, it calls one AddUrlCheck method for each microservice
//checks.AddSqlCheck("CatalogDb", Configuration["ConnectionString"]);
checks.AddUrlCheck(ServiceClients.HealthUrl(Service.Account), TimeSpan.FromSeconds(1));
checks.AddUrlCheck(ServiceClients.HealthUrl(Service.ToDo), TimeSpan.FromSeconds(1));
checks.AddUrlCheck(ServiceClients.HealthUrl(Service.ToBuy), TimeSpan.FromSeconds(1));
checks.AddRedisCheck(redisCacheOptions, TimeSpan.FromSeconds(1));
//If the microservice does not have a dependency on a service or on SQL Server, you should just add a Healthy("Ok") check.
//checks.AddValueTaskCheck("HTTP Endpoint", () => new ValueTask<IHealthCheckResult>(HealthCheckResult.Healthy("Ok")));
});
}
