Fail-Fast Strategy & Options Improvement

Author: mckaragoz

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer/CodeBeam.UltimateAuth.Sample.BlazorServer.csproj

@@ -1,14 +1,14 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
 	<PropertyGroup>
-		<TargetFramework>net10.0</TargetFramework>
+		<TargetFramework>net9.0</TargetFramework>
 		<Nullable>enable</Nullable>
 		<ImplicitUsings>enable</ImplicitUsings>
 		<Version>0.0.1-preview</Version>
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.1" />
+		<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.1" />
 		<PackageReference Include="MudBlazor" Version="9.0.0-preview.1" />
 		<PackageReference Include="CodeBeam.MudBlazor.Extensions" Version="9.0.0-preview.2" />
 		<PackageReference Include="Scalar.AspNetCore" Version="2.12.18" />

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer/Program.cs

@@ -54,7 +54,8 @@
 
 builder.Services.AddUltimateAuth();
 
-builder.Services.AddUltimateAuthServer(o => {
+builder.Services.AddUltimateAuthServer(o =>
+{
     o.Diagnostics.EnableRefreshHeaders = true;
     //o.Session.MaxLifetime = TimeSpan.FromSeconds(32);
     //o.Session.TouchInterval = TimeSpan.FromSeconds(9);

src/CodeBeam.UltimateAuth.Core/Extensions/ServiceCollectionExtensions.cs

@@ -33,7 +33,12 @@ public static class ServiceCollectionExtensions
     /// </summary>
     public static IServiceCollection AddUltimateAuth(this IServiceCollection services, IConfiguration configurationSection)
     {
-        services.Configure<UAuthOptions>(configurationSection);
+        services.AddOptions<UAuthOptions>()
+        .Configure<DirectCoreConfigurationMarker>((options, marker) =>
+        {
+            marker.MarkConfigured();
+            configurationSection.Bind(options);
+        });
         return services.AddUltimateAuthInternal();
     }
 
@@ -45,6 +50,12 @@ public static IServiceCollection AddUltimateAuth(this IServiceCollection service
     public static IServiceCollection AddUltimateAuth(this IServiceCollection services, Action<UAuthOptions> configure)
     {
         services.Configure(configure);
+        services.AddOptions<UAuthOptions>()
+        .Configure<DirectCoreConfigurationMarker>((options, marker) =>
+        {
+            marker.MarkConfigured();
+            configure(options);
+        });
         return services.AddUltimateAuthInternal();
     }
 
@@ -74,6 +85,10 @@ public static IServiceCollection AddUltimateAuth(this IServiceCollection service
     /// </summary>
     private static IServiceCollection AddUltimateAuthInternal(this IServiceCollection services)
     {
+        services.TryAddSingleton<DirectCoreConfigurationMarker>();
+        services.AddSingleton<IPostConfigureOptions<UAuthOptions>, UAuthOptionsPostConfigureGuard>();
+
+
         services.AddSingleton<IValidateOptions<UAuthOptions>, UAuthOptionsValidator>();
         services.AddSingleton<IValidateOptions<UAuthSessionOptions>, UAuthSessionOptionsValidator>();
         services.AddSingleton<IValidateOptions<UAuthTokenOptions>, UAuthTokenOptionsValidator>();
@@ -87,6 +102,32 @@ private static IServiceCollection AddUltimateAuthInternal(this IServiceCollectio
         services.TryAddSingleton<IUAuthProductInfoProvider, UAuthProductInfoProvider>();
         services.TryAddSingleton<SeedRunner>();
 
+        //services.PostConfigure<UAuthOptions>(options =>
+        //{
+        //    var hasRuntimeMarker = services.Any(sd => sd.ServiceType == typeof(IUAuthRuntimeMarker));
+
+        //    if (hasRuntimeMarker && options.AllowDirectCoreConfiguration)
+        //    {
+        //        throw new InvalidOperationException(
+        //            "Direct core configuration is not allowed in server-hosted applications. " +
+        //            "Configure authentication policies via AddUltimateAuthServer instead.");
+        //    }
+        //});
+
+        //services.PostConfigure<UAuthOptions, DirectCoreConfigurationMarker>(
+        //(options, marker) =>
+        //{
+        //    if (!options.AllowDirectCoreConfiguration && marker.IsConfigured)
+        //    {
+        //        throw new InvalidOperationException(
+        //            "Direct core configuration is not allowed. " +
+        //            "Set AllowDirectCoreConfiguration = true only for advanced, non-server scenarios, " +
+        //            "or configure authentication policies via AddUltimateAuthServer.");
+        //    }
+        //});
+
+
+
         return services;
     }
 }

src/CodeBeam.UltimateAuth.Core/Options/UAuthOptions.cs

@@ -13,6 +13,8 @@ namespace CodeBeam.UltimateAuth.Core.Options;
 /// </summary>
 public sealed class UAuthOptions
 {
+    public bool AllowDirectCoreConfiguration { get; set; } = false;
+
     /// <summary>
     /// Configuration settings for interactive login flows,
     /// including lockout thresholds and failed-attempt policies.

src/CodeBeam.UltimateAuth.Core/Options/UAuthOptionsPostConfigureGuard.cs

@@ -0,0 +1,40 @@
+using CodeBeam.UltimateAuth.Core.Runtime;
+using Microsoft.Extensions.Options;
+
+namespace CodeBeam.UltimateAuth.Core.Options;
+
+internal sealed class UAuthOptionsPostConfigureGuard : IPostConfigureOptions<UAuthOptions>
+{
+    private readonly DirectCoreConfigurationMarker _directConfigMarker;
+    private readonly IEnumerable<IUAuthRuntimeMarker> _runtimeMarkers;
+
+    public UAuthOptionsPostConfigureGuard(DirectCoreConfigurationMarker directConfigMarker, IEnumerable<IUAuthRuntimeMarker> runtimeMarkers)
+    {
+        _directConfigMarker = directConfigMarker;
+        _runtimeMarkers = runtimeMarkers;
+    }
+
+    public void PostConfigure(string? name, UAuthOptions options)
+    {
+        var hasServerRuntime = _runtimeMarkers.Any();
+
+        if (hasServerRuntime && _directConfigMarker.IsConfigured)
+        {
+            throw new InvalidOperationException(
+                "Direct core configuration is not allowed in server-hosted applications. " +
+                "Configure authentication policies via AddUltimateAuthServer instead.");
+        }
+
+        if (!hasServerRuntime && !_directConfigMarker.IsConfigured && options.AllowDirectCoreConfiguration == false)
+        {
+            return;
+        }
+
+        if (!hasServerRuntime && _directConfigMarker.IsConfigured && options.AllowDirectCoreConfiguration == false)
+        {
+            throw new InvalidOperationException(
+                "Direct core configuration is not allowed. " +
+                "Set AllowDirectCoreConfiguration = true only for advanced, non-server scenarios.");
+        }
+    }
+}

src/CodeBeam.UltimateAuth.Core/Runtime/DirectCoreConfigurationMarker.cs

@@ -0,0 +1,15 @@
+namespace CodeBeam.UltimateAuth.Core.Runtime;
+
+/// <summary>
+/// Internal marker indicating that UAuthOptions
+/// were configured directly by the application.
+/// </summary>
+internal sealed class DirectCoreConfigurationMarker
+{
+    public bool IsConfigured { get; private set; }
+
+    public void MarkConfigured()
+    {
+        IsConfigured = true;
+    }
+}

src/CodeBeam.UltimateAuth.Core/Runtime/IUAuthRuntimeMarker.cs

@@ -0,0 +1,9 @@
+namespace CodeBeam.UltimateAuth.Core.Runtime;
+
+/// <summary>
+/// Marker interface indicating that UltimateAuth is running in a specific runtime context (e.g. server-hosted).
+/// Implementations must be provided by integration layers such as UltimateAuth.Server.
+/// </summary>
+public interface IUAuthRuntimeMarker
+{
+}

src/CodeBeam.UltimateAuth.Server/Extensions/ServiceCollectionExtensions.cs

@@ -6,6 +6,7 @@
 using CodeBeam.UltimateAuth.Core.Infrastructure;
 using CodeBeam.UltimateAuth.Core.MultiTenancy;
 using CodeBeam.UltimateAuth.Core.Options;
+using CodeBeam.UltimateAuth.Core.Runtime;
 using CodeBeam.UltimateAuth.Credentials;
 using CodeBeam.UltimateAuth.Policies.Abstractions;
 using CodeBeam.UltimateAuth.Policies.Defaults;
@@ -19,6 +20,7 @@
 using CodeBeam.UltimateAuth.Server.Infrastructure;
 using CodeBeam.UltimateAuth.Server.MultiTenancy;
 using CodeBeam.UltimateAuth.Server.Options;
+using CodeBeam.UltimateAuth.Server.Runtime;
 using CodeBeam.UltimateAuth.Server.Services;
 using CodeBeam.UltimateAuth.Server.Stores;
 using Microsoft.Extensions.Configuration;
@@ -67,6 +69,8 @@ public static IServiceCollection AddUltimateAuthServer(this IServiceCollection s
 
     private static IServiceCollection AddUltimateAuthServerInternal(this IServiceCollection services)
     {
+        services.AddSingleton<IUAuthRuntimeMarker, ServerRuntimeMarker>();
+
         services.TryAddSingleton<IOpaqueTokenGenerator, OpaqueTokenGenerator>();
         services.TryAddSingleton<IJwtTokenGenerator,JwtTokenGenerator>();
         services.TryAddSingleton<IJwtSigningKeyProvider, DevelopmentJwtSigningKeyProvider>();

src/CodeBeam.UltimateAuth.Server/Runtime/ServerRuntimeMarker.cs

@@ -0,0 +1,7 @@
+using CodeBeam.UltimateAuth.Core.Runtime;
+
+namespace CodeBeam.UltimateAuth.Server.Runtime;
+
+internal sealed class ServerRuntimeMarker : IUAuthRuntimeMarker
+{
+}