-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathProgram.cs
More file actions
116 lines (98 loc) · 3.65 KB
/
Program.cs
File metadata and controls
116 lines (98 loc) · 3.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
using System.Text;
using System.Text.Json;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using UserManagementAPI.Middleware;
using UserManagementAPI.Services;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
// Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
builder.Services.AddOpenApi();
// JWT configuration
var jwtSettings = builder.Configuration.GetSection("Jwt");
var secretKey = jwtSettings.GetValue<string>("SecretKey") ?? string.Empty;
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = jwtSettings.GetValue<string>("Issuer"),
ValidAudience = jwtSettings.GetValue<string>("Audience"),
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey))
};
// Configure events to let exceptions bubble up to our middleware
options.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
// Convert authentication failure to an exception that our middleware can handle
throw new System.UnauthorizedAccessException("Invalid or expired token");
},
OnChallenge = context =>
{
// Handle missing authorization header by throwing exception for consistent JSON response
context.HandleResponse(); // Prevent default challenge response
throw new System.UnauthorizedAccessException("Authorization header missing");
}
};
});
builder.Services.AddAuthorization(options =>
{
options.InvokeHandlersAfterFailure = false; // Don't invoke handlers after failure
options.FallbackPolicy = null; // No fallback policy
});
// Add User Management Services
builder.Services.AddScoped<IUserService, UserService>();
// Add controllers
builder.Services.AddControllers();
// Add logging
builder.Services.AddLogging();
var app = builder.Build();
// Configure the HTTP request pipeline.
// Add request/response logging first to capture all activity
app.UseRequestResponseLogging();
// Add exception handling to catch all errors
app.UseExceptionHandling();
app.UseAuthentication();
app.UseAuthorization();
// Convert status code responses such as 404 and 405 into JSON error payloads
app.UseStatusCodePages(async context =>
{
var response = context.HttpContext.Response;
if (response.StatusCode == 404 || response.StatusCode == 405)
{
if (!response.HasStarted)
{
response.ContentType = "application/json";
var errorCode = response.StatusCode == 404 ? "NOT_FOUND" : "METHOD_NOT_ALLOWED";
var message = response.StatusCode == 404 ? "Resource not found" : "Method not allowed";
var payload = new
{
error = new
{
code = errorCode,
message,
statusCode = response.StatusCode,
timestamp = DateTime.UtcNow
}
};
await response.WriteAsync(JsonSerializer.Serialize(payload, new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase }));
}
}
});
if (app.Environment.IsDevelopment())
{
app.MapOpenApi();
}
app.UseHttpsRedirection();
// Map controllers
app.MapControllers();
app.Run();