From c2292a0007167c3a5730efe0a05cb26de05f77b8 Mon Sep 17 00:00:00 2001 From: iamshen Date: Tue, 7 May 2024 16:51:24 +0800 Subject: [PATCH 1/3] Update vscode settings --- .vscode/settings.json | 1 + 1 file changed, 1 insertion(+) diff --git a/.vscode/settings.json b/.vscode/settings.json index 15ccc1f..42c3274 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -3,6 +3,7 @@ "configurationstore", "Dapr", "Healthchecks", + "iamshen", "Idsrv", "Linq", "Pluggable", -- Gitee From a783ca8ec2396da3c2b891960f5dd31632d5d3c0 Mon Sep 17 00:00:00 2001 From: iamshen Date: Wed, 8 May 2024 15:33:19 +0800 Subject: [PATCH 2/3] =?UTF-8?q?Add=20Proxy=20Server=20with=20=E2=80=98Yarp?= =?UTF-8?q?=E2=80=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .vscode/settings.json | 16 ++- DaprTool.Solution.sln | 10 ++ Directory.Packages.props | 1 + .../Controllers/ApiResourcesController.cs | 2 +- .../Controllers/ApiScopesController.cs | 2 +- .../Controllers/ClientsController.cs | 2 +- .../IdentityResourcesController.cs | 2 +- .../Controllers/PersistedGrantsController.cs | 2 +- .../Controllers/RolesController.cs | 2 +- .../Controllers/UsersController.cs | 2 +- .../Helpers/StartupHelpers.cs | 13 +++ .../Idsrv4.Admin.Api/Idsrv4.Admin.Api.csproj | 2 - .../src/Idsrv4.Admin.Api/Program.cs | 9 ++ .../src/Idsrv4.Admin.Api/appsettings.json | 5 +- .../Helpers/StartupHelpers.cs | 10 +- .../src/Idsrv4.Admin.STS.Identity/Program.cs | 18 +++- .../Properties/launchSettings.json | 15 --- .../appsettings.json | 4 +- .../AdminUIServiceCollectionExtensions.cs | 4 +- .../Idsrv4.Admin.UI/Helpers/StartupHelpers.cs | 1 + .../src/Idsrv4.Admin/Program.cs | 40 ++++++- .../src/Idsrv4.Admin/appsettings.json | 10 +- .../src/Idsrv4.Admin/identityserverdata.json | 10 +- src/ProxyServer/Program.cs | 13 +++ .../Properties/launchSettings.json | 14 +++ src/ProxyServer/ProxyServer.csproj | 5 + src/ProxyServer/appsettings.json | 100 ++++++++++++++++++ 27 files changed, 262 insertions(+), 52 deletions(-) create mode 100644 src/ProxyServer/Program.cs create mode 100644 src/ProxyServer/Properties/launchSettings.json create mode 100644 src/ProxyServer/ProxyServer.csproj create mode 100644 src/ProxyServer/appsettings.json diff --git a/.vscode/settings.json b/.vscode/settings.json index 42c3274..214442a 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,13 +1,27 @@ { "cSpell.words": [ + "ASPNETCORE", "configurationstore", + "Consts", "Dapr", + "Dtos", + "gstatic", "Healthchecks", + "Hsts", "iamshen", + "identitydata", + "identityserverdata", "Idsrv", "Linq", + "Middlerware", + "migrateonly", + "Oidc", + "Pkce", "Pluggable", + "Proto", "secretstore", - "statestore" + "Serilog", + "statestore", + "swaggerui" ] } \ No newline at end of file diff --git a/DaprTool.Solution.sln b/DaprTool.Solution.sln index da40588..151b74b 100644 --- a/DaprTool.Solution.sln +++ b/DaprTool.Solution.sln @@ -143,6 +143,10 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Idsrv4.Admin.AuditLogging.E EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Idsrv4.Admin.UI", "src\IdentityServer4\src\Idsrv4.Admin.UI\Idsrv4.Admin.UI.csproj", "{07E8E5C4-DA82-44DD-B526-6A4150D5C9FD}" EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "ProxyServer", "ProxyServer", "{60ABC20F-873F-4DA3-A86B-DAA5B563A2B5}" +EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ProxyServer", "src\ProxyServer\ProxyServer.csproj", "{E8CEAD9D-B4BF-4ED1-9DA6-ABC41E797D60}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -281,6 +285,10 @@ Global {07E8E5C4-DA82-44DD-B526-6A4150D5C9FD}.Debug|Any CPU.Build.0 = Debug|Any CPU {07E8E5C4-DA82-44DD-B526-6A4150D5C9FD}.Release|Any CPU.ActiveCfg = Release|Any CPU {07E8E5C4-DA82-44DD-B526-6A4150D5C9FD}.Release|Any CPU.Build.0 = Release|Any CPU + {E8CEAD9D-B4BF-4ED1-9DA6-ABC41E797D60}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {E8CEAD9D-B4BF-4ED1-9DA6-ABC41E797D60}.Debug|Any CPU.Build.0 = Debug|Any CPU + {E8CEAD9D-B4BF-4ED1-9DA6-ABC41E797D60}.Release|Any CPU.ActiveCfg = Release|Any CPU + {E8CEAD9D-B4BF-4ED1-9DA6-ABC41E797D60}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -341,6 +349,8 @@ Global {3A8C58F1-027A-4B82-BEFF-AA82383AE8D7} = {D2F20A9C-E732-43EA-9615-70F9FD46253A} {36A1CAB5-53B0-46E2-A083-DD3CA9E08BB1} = {D2F20A9C-E732-43EA-9615-70F9FD46253A} {07E8E5C4-DA82-44DD-B526-6A4150D5C9FD} = {D2F20A9C-E732-43EA-9615-70F9FD46253A} + {60ABC20F-873F-4DA3-A86B-DAA5B563A2B5} = {5724FC31-E7B7-4F84-8B04-85E8A7B964DB} + {E8CEAD9D-B4BF-4ED1-9DA6-ABC41E797D60} = {60ABC20F-873F-4DA3-A86B-DAA5B563A2B5} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {CE377903-BDA1-4347-BEC2-62ED2F807EE3} diff --git a/Directory.Packages.props b/Directory.Packages.props index bf6d1d9..0268fe6 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -23,6 +23,7 @@ + diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiResourcesController.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiResourcesController.cs index aacbee6..6bcefed 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiResourcesController.cs +++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiResourcesController.cs @@ -11,7 +11,7 @@ using Idsrv4.Admin.BusinessLogic.Services.Interfaces; namespace Idsrv4.Admin.Api.Controllers; -[Route("api/[controller]")] +[Route("[controller]")] [ApiController] [TypeFilter(typeof(ControllerExceptionFilterAttribute))] [Produces("application/json", "application/problem+json")] diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiScopesController.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiScopesController.cs index 3bfa569..dc29174 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiScopesController.cs +++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiScopesController.cs @@ -11,7 +11,7 @@ using Idsrv4.Admin.BusinessLogic.Services.Interfaces; namespace Idsrv4.Admin.Api.Controllers; -[Route("api/[controller]")] +[Route("[controller]")] [ApiController] [TypeFilter(typeof(ControllerExceptionFilterAttribute))] [Produces("application/json", "application/problem+json")] diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ClientsController.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ClientsController.cs index 068bc8c..b0c4034 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ClientsController.cs +++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ClientsController.cs @@ -11,7 +11,7 @@ using Idsrv4.Admin.BusinessLogic.Services.Interfaces; namespace Idsrv4.Admin.Api.Controllers; -[Route("api/[controller]")] +[Route("[controller]")] [ApiController] [TypeFilter(typeof(ControllerExceptionFilterAttribute))] [Produces("application/json", "application/problem+json")] diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/IdentityResourcesController.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/IdentityResourcesController.cs index 5a4bb5f..60df84d 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/IdentityResourcesController.cs +++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/IdentityResourcesController.cs @@ -11,7 +11,7 @@ using Idsrv4.Admin.BusinessLogic.Services.Interfaces; namespace Idsrv4.Admin.Api.Controllers; -[Route("api/[controller]")] +[Route("[controller]")] [ApiController] [TypeFilter(typeof(ControllerExceptionFilterAttribute))] [Produces("application/json", "application/problem+json")] diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/PersistedGrantsController.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/PersistedGrantsController.cs index 198519a..6029918 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/PersistedGrantsController.cs +++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/PersistedGrantsController.cs @@ -10,7 +10,7 @@ using Idsrv4.Admin.BusinessLogic.Identity.Services.Interfaces; namespace Idsrv4.Admin.Api.Controllers; -[Route("api/[controller]")] +[Route("[controller]")] [ApiController] [TypeFilter(typeof(ControllerExceptionFilterAttribute))] [Produces("application/json")] diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/RolesController.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/RolesController.cs index 24e5ec1..ac5271d 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/RolesController.cs +++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/RolesController.cs @@ -15,7 +15,7 @@ using Idsrv4.Admin.BusinessLogic.Identity.Services.Interfaces; namespace Idsrv4.Admin.Api.Controllers; -[Route("api/[controller]")] +[Route("[controller]")] [ApiController] [TypeFilter(typeof(ControllerExceptionFilterAttribute))] [Produces("application/json", "application/problem+json")] diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/UsersController.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/UsersController.cs index 10c3e5f..0db8a67 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/UsersController.cs +++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/UsersController.cs @@ -18,7 +18,7 @@ using Idsrv4.Admin.BusinessLogic.Identity.Services.Interfaces; namespace Idsrv4.Admin.Api.Controllers; -[Route("api/[controller]")] +[Route("[controller]")] [ApiController] [TypeFilter(typeof(ControllerExceptionFilterAttribute))] [Produces("application/json", "application/problem+json")] diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Helpers/StartupHelpers.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Helpers/StartupHelpers.cs index 4d993cb..11f2020 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Helpers/StartupHelpers.cs +++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Helpers/StartupHelpers.cs @@ -27,6 +27,7 @@ using Idsrv4.Admin.AuditLogging.EntityFramework.Entities; using Idsrv4.Admin.AuditLogging.EntityFramework.Extensions; using Idsrv4.Admin.AuditLogging.EntityFramework.Repositories; using Idsrv4.Admin.AuditLogging.EntityFramework.Services; +using Microsoft.AspNetCore.Authorization; namespace Idsrv4.Admin.Api.Helpers; @@ -199,6 +200,17 @@ public static class StartupHelpers options.Authority = adminApiConfiguration.IdentityServerBaseUrl; options.RequireHttpsMetadata = adminApiConfiguration.RequireHttpsMetadata; options.Audience = adminApiConfiguration.OidcApiName; + + options.Events = new JwtBearerEvents + { + // 认证失败事件 + OnAuthenticationFailed = context => + { + Log.Error(context.Exception, "认证失败事件"); + return System.Threading.Tasks.Task.CompletedTask; + }, + + }; }); } @@ -258,6 +270,7 @@ public static class StartupHelpers policy => policy.RequireAssertion(context => context.User.HasClaim(c => (c.Type == JwtClaimTypes.Role && c.Value == adminApiConfiguration.AdministrationRole) || + (c.Type == System.Security.Claims.ClaimsIdentity.DefaultRoleClaimType && c.Value == adminApiConfiguration.AdministrationRole) || (c.Type == $"client_{JwtClaimTypes.Role}" && c.Value == adminApiConfiguration.AdministrationRole) ) && context.User.HasClaim(c diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Idsrv4.Admin.Api.csproj b/src/IdentityServer4/src/Idsrv4.Admin.Api/Idsrv4.Admin.Api.csproj index 016d5aa..01dda19 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Idsrv4.Admin.Api.csproj +++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Idsrv4.Admin.Api.csproj @@ -38,9 +38,7 @@ - - diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Program.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Program.cs index a3a33aa..4a90a00 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Program.cs +++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Program.cs @@ -1,4 +1,5 @@ using Idsrv4.Admin.Shared.ModuleInitializer; +using Microsoft.AspNetCore.Http; var builder = WebApplication.CreateBuilder(); @@ -118,6 +119,14 @@ try if (app.Environment.IsDevelopment()) app.UseDeveloperExceptionPage(); + #region BasePath + + string basePath = builder.Configuration.GetValue("BasePath"); + if (!string.IsNullOrWhiteSpace(basePath)) + app.UsePathBase(new PathString(basePath)); + + #endregion + #region Swagger app.UseSwagger(); diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/appsettings.json b/src/IdentityServer4/src/Idsrv4.Admin.Api/appsettings.json index ef998a1..a6d26fb 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.Api/appsettings.json +++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/appsettings.json @@ -10,8 +10,8 @@ "AdminApiConfiguration": { "ApiName": "IdentityServer4 Admin Api", "ApiVersion": "v1", - "ApiBaseUrl": "https://localhost:44302", - "IdentityServerBaseUrl": "https://localhost:44310", + "ApiBaseUrl": "https://localhost:44444/api/auth", + "IdentityServerBaseUrl": "https://localhost:44444/auth", "OidcSwaggerUIClientId": "identity_admin_api_swaggerui", "OidcApiName": "identity_admin_api", "AdministrationRole": "Administrator", @@ -19,6 +19,7 @@ "CorsAllowAnyOrigin": true, "CorsAllowOrigins": [] }, + "BasePath": "/api/auth", "SmtpConfiguration": { "Host": "", "Login": "", diff --git a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Helpers/StartupHelpers.cs b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Helpers/StartupHelpers.cs index 804b70a..60eb10c 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Helpers/StartupHelpers.cs +++ b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Helpers/StartupHelpers.cs @@ -95,11 +95,13 @@ public static class StartupHelpers { var forwardingOptions = new ForwardedHeadersOptions { - ForwardedHeaders = ForwardedHeaders.All + ForwardedHeaders = ForwardedHeaders.All, + KnownNetworks = {}, + KnownProxies = {} }; - forwardingOptions.KnownNetworks.Clear(); - forwardingOptions.KnownProxies.Clear(); + // forwardingOptions.KnownNetworks.Clear(); + // forwardingOptions.KnownProxies.Clear(); app.UseForwardedHeaders(forwardingOptions); @@ -356,7 +358,7 @@ public static class StartupHelpers where TUserIdentity : class { var configurationSection = configuration.GetSection(nameof(IdentityServerOptions)); - + var builder = services.AddIdentityServer(options => configurationSection.Bind(options)) .AddConfigurationStore() .AddOperationalStore() diff --git a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Program.cs b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Program.cs index c4539ce..7d028ad 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Program.cs +++ b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Program.cs @@ -1,4 +1,6 @@ using Idsrv4.Admin.Shared.ModuleInitializer; +using Microsoft.AspNetCore.Http; +using Microsoft.IdentityModel.Logging; var builder = WebApplication.CreateBuilder(); @@ -79,7 +81,18 @@ try #endregion var app = builder.Build(); + IdentityModelEventSource.ShowPII = true; + // Add custom security headers + app.UseSecurityHeaders(builder.Configuration); + + #region BasePath + + string basePath = builder.Configuration.GetValue("BasePath"); + if (!string.IsNullOrWhiteSpace(basePath)) + app.UsePathBase(new PathString(basePath)); + #endregion + app.UseCookiePolicy(); if (app.Environment.IsDevelopment()) @@ -87,13 +100,10 @@ try else app.UseHsts(); - app.UsePathBase(builder.Configuration.GetValue("BasePath")); app.UseStaticFiles(); app.UseIdentityServer(); - // Add custom security headers - app.UseSecurityHeaders(builder.Configuration); app.UseMvcLocalizationServices(); @@ -107,8 +117,6 @@ try ResponseWriter = UIResponseWriter.WriteHealthCheckUIResponse }); - - //NpgsqlModuleInitializer.EnableLegacyTimestampBehavior(); await app.RunAsync(); } catch (Exception ex) diff --git a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Properties/launchSettings.json b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Properties/launchSettings.json index 9914066..aaf27c9 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Properties/launchSettings.json +++ b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Properties/launchSettings.json @@ -1,20 +1,5 @@ { - "iisSettings": { - "windowsAuthentication": false, - "anonymousAuthentication": true, - "iisExpress": { - "applicationUrl": "https://localhost:44310", - "sslPort": 44310 - } - }, "profiles": { - "IIS Express": { - "commandName": "IISExpress", - "launchBrowser": true, - "environmentVariables": { - "ASPNETCORE_ENVIRONMENT": "Development" - } - }, "Reborn.IdentityServer4.AspNetIdentity": { "commandName": "Project", "launchBrowser": true, diff --git a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/appsettings.json b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/appsettings.json index dd89f64..d28b48d 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/appsettings.json +++ b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/appsettings.json @@ -66,7 +66,7 @@ "FaviconUri": "~/favicon.ico", "Theme": null, "CustomThemeCss": null, - "IdentityAdminBaseUrl": "https://localhost:44303", + "IdentityAdminBaseUrl": "https://localhost:44303/auth/admin", "AdministrationRole": "Administrator" }, "CspTrustedDomains": [ @@ -86,7 +86,7 @@ "RaiseSuccessEvents": true } }, - "BasePath": "", + "BasePath": "/auth", "IdentityOptions": { "Password": { "RequiredLength": 8 diff --git a/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/DependencyInjection/AdminUIServiceCollectionExtensions.cs b/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/DependencyInjection/AdminUIServiceCollectionExtensions.cs index 2fccc87..fbadf54 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/DependencyInjection/AdminUIServiceCollectionExtensions.cs +++ b/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/DependencyInjection/AdminUIServiceCollectionExtensions.cs @@ -78,7 +78,7 @@ public static class AdminUiServiceCollectionExtensions RoleClaimDto>(services, optionsAction); /// - /// Adds the Skoruba IdentityServer4 Admin UI with a fully custom entity model and database contexts. + /// Adds the IdentityServer4 Admin UI with a fully custom entity model and database contexts. /// /// /// @@ -201,7 +201,7 @@ public static class AdminUiServiceCollectionExtensions services.AddSingleton(options.Testing); services.AddSingleton(options.Security); services.AddSingleton(options.Http); - services.AddTransient(); + // services.AddTransient(); return services; } diff --git a/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/StartupHelpers.cs b/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/StartupHelpers.cs index 811e074..fd6d955 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/StartupHelpers.cs +++ b/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/StartupHelpers.cs @@ -349,6 +349,7 @@ public static class StartupHelpers options.DefaultForbidScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultSignOutScheme = CookieAuthenticationDefaults.AuthenticationScheme; + }) .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options => { options.Cookie.Name = adminConfiguration.IdentityAdminCookieName; }) diff --git a/src/IdentityServer4/src/Idsrv4.Admin/Program.cs b/src/IdentityServer4/src/Idsrv4.Admin/Program.cs index 7d8916b..1624d7a 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin/Program.cs +++ b/src/IdentityServer4/src/Idsrv4.Admin/Program.cs @@ -1,4 +1,7 @@ using Idsrv4.Admin.Shared.ModuleInitializer; +using Idsrv4.Admin.UI.Configuration; +using Microsoft.Extensions.DependencyInjection.Extensions; +using Idsrv4.Admin.UI.Helpers; const string seedArgs = "/seed"; const string migrateOnlyArgs = "/migrateonly"; @@ -38,6 +41,8 @@ try // Applies configuration from appsettings. options.BindConfiguration(builder.Configuration); + builder.Services.TryAddSingleton(options.Http); + options.Security.UseDeveloperExceptionPage = builder.Environment.IsDevelopment(); options.Security.UseHsts = builder.Environment.IsDevelopment(); @@ -46,6 +51,7 @@ try MigrationAssemblyConfiguration.GetMigrationAssemblyByProvider(options.DatabaseProvider); options.DatabaseMigrations.SetMigrationsAssemblies(migrationsAssembly); + // Use production DbContexts and auth services. options.Testing.IsStaging = false; }); @@ -69,6 +75,32 @@ try var app = builder.Build(); + var httpConfiguration = app.Services.GetRequiredService(); + var securityConfiguration = app.Services.GetRequiredService(); + + #region SecurityHeaders + + // Add custom security headers + app.UseSecurityHeaders(securityConfiguration.CspTrustedDomains); + + #endregion + + #region BasePath + + if (!string.IsNullOrWhiteSpace(httpConfiguration.BasePath)) + app.UsePathBase(httpConfiguration.BasePath); + + #endregion + + app.UseCookiePolicy(); + + if (securityConfiguration.UseDeveloperExceptionPage) + app.UseDeveloperExceptionPage(); + else + app.UseExceptionHandler("/Home/Error"); + + if (securityConfiguration.UseHsts) app.UseHsts(); + #region Migrations @@ -85,6 +117,12 @@ try #region Middleware + + app.UseStaticFiles(); + + // Use Localization + app.ConfigureLocalization(); + app.UseRouting(); app.UseIdentityServer4AdminUi(); app.MapIdentityServer4AdminUi(); @@ -92,8 +130,6 @@ try #endregion - //NpgsqlModuleInitializer.EnableLegacyTimestampBehavior(); - await app.RunAsync(); } catch (Exception ex) diff --git a/src/IdentityServer4/src/Idsrv4.Admin/appsettings.json b/src/IdentityServer4/src/Idsrv4.Admin/appsettings.json index 2a775c0..34b91f1 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin/appsettings.json +++ b/src/IdentityServer4/src/Idsrv4.Admin/appsettings.json @@ -8,10 +8,10 @@ "DataProtectionDbConnection": "Server=localhost;Port=5432;Database=idsrv4;User Id=idsrv4;Password=Local@Db;Pooling=true;MaxPoolSize=100;" }, "SeedConfiguration": { - "ApplySeed": true + "ApplySeed": false }, "DatabaseMigrationsConfiguration": { - "ApplyDatabaseMigrations": true + "ApplyDatabaseMigrations": false }, "DatabaseProviderConfiguration": { "ProviderType": "PostgreSQL" @@ -19,8 +19,8 @@ "AdminConfiguration": { "PageTitle": "IdentityServer4 Admin", "FaviconUri": "~/favicon.ico", - "IdentityAdminRedirectUri": "https://localhost:44303/signin-oidc", - "IdentityServerBaseUrl": "https://localhost:44310", + "IdentityAdminRedirectUri": "https://localhost:44444/auth/admin/signin-oidc", + "IdentityServerBaseUrl": "https://localhost:44444/auth", "IdentityAdminCookieName": "IdentityServerAdmin", "IdentityAdminCookieExpiresUtcHours": 12, "RequireHttpsMetadata": false, @@ -66,7 +66,7 @@ "DefaultCulture": null }, "HttpConfiguration": { - "BasePath": "" + "BasePath": "/auth/admin" }, "IdentityOptions": { "Password": { diff --git a/src/IdentityServer4/src/Idsrv4.Admin/identityserverdata.json b/src/IdentityServer4/src/Idsrv4.Admin/identityserverdata.json index 5fa4edb..60319d6 100644 --- a/src/IdentityServer4/src/Idsrv4.Admin/identityserverdata.json +++ b/src/IdentityServer4/src/Idsrv4.Admin/identityserverdata.json @@ -84,7 +84,7 @@ { "ClientId": "identity_admin", "ClientName": "identity_admin", - "ClientUri": "https://localhost:44303", + "ClientUri": "https://localhost:44303/authAdmin", "AllowedGrantTypes": [ "authorization_code" ], @@ -95,14 +95,14 @@ } ], "RedirectUris": [ - "https://localhost:44303/signin-oidc" + "https://localhost:44303/authAdmin/signin-oidc" ], - "FrontChannelLogoutUri": "https://localhost:44303/signout-oidc", + "FrontChannelLogoutUri": "https://localhost:44303/authAdmin/signout-oidc", "PostLogoutRedirectUris": [ - "https://localhost:44303/signout-callback-oidc" + "https://localhost:44303/authAdmin/signout-callback-oidc" ], "AllowedCorsOrigins": [ - "https://localhost:44303" + "https://localhost:44303/authAdmin" ], "AllowedScopes": [ "openid", diff --git a/src/ProxyServer/Program.cs b/src/ProxyServer/Program.cs new file mode 100644 index 0000000..df37911 --- /dev/null +++ b/src/ProxyServer/Program.cs @@ -0,0 +1,13 @@ +var builder = WebApplication.CreateBuilder(args); + + +// 如果不知道 路由 匹配 match 怎么配置 请参考链接 +// https://learn.microsoft.com/zh-cn/aspnet/core/fundamentals/routing?view=aspnetcore-8.0#route-templates +builder.Services.AddReverseProxy() + .LoadFromConfig(builder.Configuration.GetSection("ReverseProxy")); + +var app = builder.Build(); + +app.MapReverseProxy(); + +app.Run(); \ No newline at end of file diff --git a/src/ProxyServer/Properties/launchSettings.json b/src/ProxyServer/Properties/launchSettings.json new file mode 100644 index 0000000..0d382ec --- /dev/null +++ b/src/ProxyServer/Properties/launchSettings.json @@ -0,0 +1,14 @@ +{ + "$schema": "http://json.schemastore.org/launchsettings.json", + "profiles": { + "https": { + "commandName": "Project", + "dotnetRunMessages": true, + "launchBrowser": true, + "applicationUrl": "https://localhost:44444", + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + } + } + } +} diff --git a/src/ProxyServer/ProxyServer.csproj b/src/ProxyServer/ProxyServer.csproj new file mode 100644 index 0000000..741151c --- /dev/null +++ b/src/ProxyServer/ProxyServer.csproj @@ -0,0 +1,5 @@ + + + + + diff --git a/src/ProxyServer/appsettings.json b/src/ProxyServer/appsettings.json new file mode 100644 index 0000000..69288fb --- /dev/null +++ b/src/ProxyServer/appsettings.json @@ -0,0 +1,100 @@ +{ + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft.AspNetCore": "Warning" + } + }, + "AllowedHosts": "*", + "ReverseProxy": { + "Routes": { + "authAdminRoute": { + "ClusterId": "authAdminCluster", + "Order": 99, // 数字越小优先级越高 + "Match": { + "Path": "/auth/admin/{**catch-all}" + }, + "Transforms": [ + { + "RequestHeader": "X-Forwarded-Host", + "Set": "{Host}" + }, + { + "RequestHeader": "X-Forwarded-Proto", + "Set": "https" + }, + { + "RequestHeader": "X-Forwarded-Prefix", + "Set": "/auth/admin" + } + ] + }, + "authApiRoute": { + "ClusterId": "authApiCluster", + "Order": 100, // 数字越小优先级越高 + "Match": { + "Path": "/api/auth/{**catch-all}" + }, + "Transforms": [ + // { "PathRemovePrefix": "/api/auth" }, + { + "RequestHeader": "X-Forwarded-Host", + "Set": "{Host}" + }, + { + "RequestHeader": "X-Forwarded-Proto", + "Set": "https" + }, + { + "RequestHeader": "X-Forwarded-Prefix", + "Set": "/api/auth" + } + ] + }, + "authRoute": { + "ClusterId": "authCluster", + "Order": 100, // 数字越小优先级越高 + "Match": { + "Path": "/auth/{**catch-all}" + }, + "Transforms": [ + { + "RequestHeader": "X-Forwarded-Host", + "Set": "{Host}" + }, + { + "RequestHeader": "X-Forwarded-Proto", + "Set": "https" + }, + { + "RequestHeader": "X-Forwarded-Prefix", + "Set": "/auth" + } + ] + } + }, + "Clusters": { + "authCluster": { + "Destinations": { + "destination1": { + "Address": "https://localhost:44310/" + } + } + }, + "authAdminCluster": { + "Destinations": { + "destination1": { + "Address": "https://localhost:44303/" + } + } + }, + "authApiCluster": { + "Destinations": { + "destination1": { + "Address": "https://localhost:44302/" + } + } + } + } + } +} \ No newline at end of file -- Gitee From 3821af4df535c8f2cb9082a5dccae8c0de22a237 Mon Sep 17 00:00:00 2001 From: iamshen Date: Wed, 8 May 2024 16:16:38 +0800 Subject: [PATCH 3/3] Add web admin route to yarp and set the admin site base path with '/admin' --- .vscode/settings.json | 1 + src/ProxyServer/appsettings.json | 28 +++++++++++++++++ src/Web/WebAdmin/Components/App.razor | 6 ++-- src/Web/WebAdmin/Program.cs | 30 +++++++++++++++++-- .../WebAdmin/Properties/launchSettings.json | 20 ++++++------- src/Web/WebAdmin/WebAdmin.csproj | 1 + src/Web/WebAdmin/appsettings.Development.json | 2 +- 7 files changed, 73 insertions(+), 15 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 214442a..8c162fe 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,5 +1,6 @@ { "cSpell.words": [ + "Antiforgery", "ASPNETCORE", "configurationstore", "Consts", diff --git a/src/ProxyServer/appsettings.json b/src/ProxyServer/appsettings.json index 69288fb..d142f32 100644 --- a/src/ProxyServer/appsettings.json +++ b/src/ProxyServer/appsettings.json @@ -8,6 +8,27 @@ "AllowedHosts": "*", "ReverseProxy": { "Routes": { + "adminRoute": { + "ClusterId": "adminCluster", + "Order": 100, // 数字越小优先级越高 + "Match": { + "Path": "/admin/{**catch-all}" + }, + "Transforms": [ + { + "RequestHeader": "X-Forwarded-Host", + "Set": "{Host}" + }, + { + "RequestHeader": "X-Forwarded-Proto", + "Set": "https" + }, + { + "RequestHeader": "X-Forwarded-Prefix", + "Set": "/admin" + } + ] + }, "authAdminRoute": { "ClusterId": "authAdminCluster", "Order": 99, // 数字越小优先级越高 @@ -74,6 +95,13 @@ } }, "Clusters": { + "adminCluster": { + "Destinations": { + "destination1": { + "Address": "https://localhost:7273/" + } + } + }, "authCluster": { "Destinations": { "destination1": { diff --git a/src/Web/WebAdmin/Components/App.razor b/src/Web/WebAdmin/Components/App.razor index c825426..5fb12ee 100644 --- a/src/Web/WebAdmin/Components/App.razor +++ b/src/Web/WebAdmin/Components/App.razor @@ -1,10 +1,12 @@ - +@inject HttpConfiguration HttpConfiguration + + - + diff --git a/src/Web/WebAdmin/Program.cs b/src/Web/WebAdmin/Program.cs index 7f7b80f..c4d8043 100644 --- a/src/Web/WebAdmin/Program.cs +++ b/src/Web/WebAdmin/Program.cs @@ -1,4 +1,5 @@ using System.Globalization; +using Microsoft.AspNetCore.HttpOverrides; using Microsoft.FluentUI.AspNetCore.Components; using WebAdmin.Components; using WebAdmin.Shared.Configurations; @@ -25,6 +26,31 @@ builder.Services.AddFluentUIComponents(); builder.Services.AddControllers(); var app = builder.Build(); +#region BasePath + +if (!string.IsNullOrWhiteSpace(adminUiOptions.Http.BasePath)) + app.UsePathBase(new PathString(adminUiOptions.Http.BasePath)); + +#endregion + +#region ForwardedHeaders +// forward +var forwardingOptions = new ForwardedHeadersOptions +{ + ForwardedHeaders = ForwardedHeaders.All +}; + +forwardingOptions.KnownNetworks.Clear(); +forwardingOptions.KnownProxies.Clear(); + +app.UseForwardedHeaders(forwardingOptions); + +app.UseXXssProtection(options => options.EnabledWithBlockMode()); +app.UseXContentTypeOptions(); +app.UseXfo(options => options.SameOrigin()); +app.UseReferrerPolicy(options => options.NoReferrer()); +#endregion + // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { @@ -36,7 +62,7 @@ else // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts(); } - +app.UseRouting(); app.UseHttpsRedirection(); app.MapControllers(); app.UseRequestLocalization(options => @@ -46,7 +72,7 @@ app.UseRequestLocalization(options => (cultureConfiguration?.Cultures?.Count > 0 ? cultureConfiguration.Cultures.Intersect(CultureConfiguration.AvailableCultures) : CultureConfiguration.AvailableCultures).ToArray(); - if (!supportedCultureCodes.Any()) + if (!supportedCultureCodes.Any()) supportedCultureCodes = CultureConfiguration.AvailableCultures; var defaultCultureCode = string.IsNullOrEmpty(cultureConfiguration?.DefaultCulture) ? CultureConfiguration.DefaultRequestCulture diff --git a/src/Web/WebAdmin/Properties/launchSettings.json b/src/Web/WebAdmin/Properties/launchSettings.json index 8e35d65..300cfeb 100644 --- a/src/Web/WebAdmin/Properties/launchSettings.json +++ b/src/Web/WebAdmin/Properties/launchSettings.json @@ -1,15 +1,15 @@ { "$schema": "http://json.schemastore.org/launchsettings.json", - "profiles": { - "https": { - "commandName": "Project", - "dotnetRunMessages": true, - "launchBrowser": true, - "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}", - "applicationUrl": "https://localhost:7273;http://localhost:5172", - "environmentVariables": { - "ASPNETCORE_ENVIRONMENT": "Development" - } + "profiles": { + "https": { + "commandName": "Project", + "dotnetRunMessages": true, + "launchBrowser": true, + "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}", + "applicationUrl": "https://localhost:7273", + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" } } } +} \ No newline at end of file diff --git a/src/Web/WebAdmin/WebAdmin.csproj b/src/Web/WebAdmin/WebAdmin.csproj index 3c46fc8..99da801 100644 --- a/src/Web/WebAdmin/WebAdmin.csproj +++ b/src/Web/WebAdmin/WebAdmin.csproj @@ -3,6 +3,7 @@ + diff --git a/src/Web/WebAdmin/appsettings.Development.json b/src/Web/WebAdmin/appsettings.Development.json index 01daaa3..3bc2d73 100644 --- a/src/Web/WebAdmin/appsettings.Development.json +++ b/src/Web/WebAdmin/appsettings.Development.json @@ -44,6 +44,6 @@ }, "HttpConfiguration": { - "BasePath": "" + "BasePath": "/admin/" } } -- Gitee