-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathProgram.cs
99 lines (82 loc) · 3.26 KB
/
Program.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
using BulkyBooksWeb.Data;
using BulkyBooksWeb.Policies;
using BulkyBooksWeb.Services;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authorization;
using Microsoft.EntityFrameworkCore;
using ChapaNET;
using Microsoft.AspNetCore.Mvc;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddControllersWithViews();
builder.Services.AddDbContext<ApplicationDbContext>(options =>
options.UseLazyLoadingProxies()
.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection")));
builder.Services.AddScoped<CategoryService>();
builder.Services.AddScoped<BookService>();
builder.Services.AddScoped<OrderService>();
builder.Services.AddScoped<UserService>();
builder.Services.AddScoped<IUserContext, UserContext>();
builder.Services.AddHttpContextAccessor(); // Required for IHttpContextAccessor
builder.Services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(30);
options.Cookie.HttpOnly = true;
options.Cookie.IsEssential = true;
options.Cookie.SameSite = SameSiteMode.Lax; // Allow redirects from external sites
options.Cookie.SecurePolicy = CookieSecurePolicy.Always; // 'Always' for secure cookies in production
});
builder.Services.AddControllersWithViews()
.AddCookieTempDataProvider();
builder.Services.Configure<CookieTempDataProviderOptions>(options =>
{
options.Cookie.Name = "TempDataCookie";
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
});
// Add Chapa configuration
var chapaSecretKey = builder.Configuration["Chapa:SecretKey"];
if (string.IsNullOrEmpty(chapaSecretKey))
{
throw new ArgumentNullException(nameof(chapaSecretKey), "Chapa secret key is not configured.");
}
builder.Services.AddSingleton(new Chapa(chapaSecretKey));
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = "/Auth/Login";
options.AccessDeniedPath = "/Auth/AccessDenied";
});
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("AdminOnly", policy => policy.RequireRole("admin"));
options.AddPolicy("AuthorOnly", policy => policy.RequireRole("author"));
options.AddPolicy("UserOnly", policy => policy.RequireRole("user"));
options.AddPolicy("BookOwnerOrAdmin", policy =>
policy.Requirements.Add(new BookOwnerOrAdminRequirement()));
options.AddPolicy("OrderOwnerOrAdmin", policy =>
policy.Requirements.Add(new OrderOwnerOrAdminRequirement()));
});
builder.Services.AddSingleton<IAuthorizationHandler, BookOwnerOrAdminHandler>();
builder.Services.AddSingleton<IAuthorizationHandler, OrderOwnerOrAdminHandler>();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
else
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseSession();
app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
app.Run();