PluralKit/PluralKit.API/Startup.cs

using System.Reflection;

using Autofac;

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Diagnostics;
using Microsoft.OpenApi.Models;

using Newtonsoft.Json;

using PluralKit.Core;

using Serilog;

namespace PluralKit.API;

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddCors();
        services.AddAuthentication("SystemToken")
            .AddScheme<SystemTokenAuthenticationHandler.Opts,
                SystemTokenAuthenticationHandler>("SystemToken", null);

        services.AddAuthorization(options =>
        {
            options.AddPolicy("EditSystem",
                p => p.RequireAuthenticatedUser().AddRequirements(new OwnSystemRequirement()));
            options.AddPolicy("EditMember",
                p => p.RequireAuthenticatedUser().AddRequirements(new OwnSystemRequirement()));

            options.AddPolicy("ViewMembers",
                p => p.AddRequirements(new PrivacyRequirement<PKSystem>(s => s.MemberListPrivacy)));
            options.AddPolicy("ViewFront",
                p => p.AddRequirements(new PrivacyRequirement<PKSystem>(s => s.FrontPrivacy)));
            options.AddPolicy("ViewFrontHistory",
                p => p.AddRequirements(new PrivacyRequirement<PKSystem>(s => s.FrontHistoryPrivacy)));
        });
        services.AddSingleton<IAuthenticationHandler, SystemTokenAuthenticationHandler>();
        services.AddSingleton<IAuthorizationHandler, MemberOwnerHandler>();
        services.AddSingleton<IAuthorizationHandler, SystemOwnerHandler>();
        services.AddSingleton<IAuthorizationHandler, SystemPrivacyHandler>();

        services.AddControllers()
            // sorry MS, this just does *more*
            .AddNewtonsoftJson(opts =>
            {
                // ... though by default it messes up timestamps in JSON
                opts.SerializerSettings.DateParseHandling = DateParseHandling.None;
            })
            .ConfigureApiBehaviorOptions(options =>
                options.InvalidModelStateResponseFactory = context =>
                    throw Errors.GenericBadRequest
            );

        services.AddSwaggerGen(c =>
        {
            c.SwaggerDoc("v1.0", new OpenApiInfo { Title = "PluralKit", Version = "1.0" });

            c.EnableAnnotations();
            c.AddSecurityDefinition("TokenAuth",
                new OpenApiSecurityScheme { Name = "Authorization", Type = SecuritySchemeType.ApiKey });

            // Exclude routes without a version, then fall back to group name matching (default behavior)
            c.DocInclusionPredicate((docName, apiDesc) =>
            {
                if (!apiDesc.RelativePath.StartsWith("v1/")) return false;
                return apiDesc.GroupName == docName;
            });

            // Set the comments path for the Swagger JSON and UI.
            // https://docs.microsoft.com/en-us/aspnet/core/tutorials/getting-started-with-swashbuckle?view=aspnetcore-3.1&tabs=visual-studio#customize-and-extend
            var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
            var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
            c.IncludeXmlComments(xmlPath);
        });
        services.AddSwaggerGenNewtonsoftSupport();

        // metrics
        services.AddMetricsTrackingMiddleware();
        services.AddAppMetricsCollectors();
    }

    public void ConfigureContainer(ContainerBuilder builder)
    {
        builder.RegisterInstance(InitUtils.BuildConfiguration(Environment.GetCommandLineArgs()).Build())
            .As<IConfiguration>();
        builder.RegisterModule(new ConfigModule<ApiConfig>("API"));
        builder.RegisterModule(new LoggingModule("api",
            cfg: new LoggerConfiguration().Filter.ByExcluding(
                exc => exc.Exception is PKError || exc.Exception.IsUserError()
        )));
        // builder.RegisterModule(new MetricsModule("API"));
        builder.RegisterModule<DataStoreModule>();
        builder.RegisterModule<APIModule>();
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();

            // Only enable Swagger stuff when ASPNETCORE_ENVIRONMENT=Development (for now)
            app.UseSwagger();
            app.UseSwaggerUI(c => { c.SwaggerEndpoint("/swagger/v1.0/swagger.json", "PluralKit (v1)"); });
        }

        // add X-PluralKit-Version header
        app.Use((ctx, next) =>
        {
            ctx.Response.Headers.Add("X-PluralKit-Version", BuildInfoService.FullVersion);
            return next();
        });

        app.UseExceptionHandler(handler => handler.Run(async ctx =>
        {
            var exc = ctx.Features.Get<IExceptionHandlerPathFeature>();

            // handle common ISEs that are generated by invalid user input
            if (exc.Error.IsUserError())
            {
                ctx.Response.StatusCode = 400;
                await ctx.Response.WriteAsync("{\"message\":\"400: Bad Request\",\"code\":0}");
            }

            else if (exc.Error is not PKError)
            {
                ctx.Response.StatusCode = 500;
                await ctx.Response.WriteAsync("{\"message\":\"500: Internal Server Error\",\"code\":0}");
            }

            // for some reason, if we don't specifically cast to ModelParseError, it uses the base's ToJson method
            else if (exc.Error is ModelParseError fe)
            {
                ctx.Response.StatusCode = fe.ResponseCode;
                await ctx.Response.WriteAsync(JsonConvert.SerializeObject(fe.ToJson()));
            }

            else
            {
                var err = (PKError)exc.Error;
                ctx.Response.StatusCode = err.ResponseCode;

                var json = JsonConvert.SerializeObject(err.ToJson());
                await ctx.Response.WriteAsync(json);
            }

            await ctx.Response.CompleteAsync();
        }));

        app.UseMiddleware<AuthorizationTokenHandlerMiddleware>();

        //app.UseHttpsRedirection();
        app.UseCors(opts => opts.AllowAnyMethod().AllowAnyOrigin().WithHeaders("Content-Type", "Authorization"));

        app.UseRouting();
        app.UseAuthentication();
        app.UseAuthorization();
        app.UseEndpoints(endpoints => endpoints.MapControllers());

        // metrics
        app.UseMetricsAllMiddleware();
    }
}
Enable XML comment support for Swashbuckle 2020-05-07 04:09:55 +00:00			`using System.Reflection;`
Load proper config file for non-Docker API 2020-04-16 20:03:23 +00:00
			`using Autofac;`
Migrate DI container to Autofac 2020-01-26 00:27:45 +00:00
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`using Microsoft.AspNetCore.Authentication;`
			`using Microsoft.AspNetCore.Authorization;`
feat(apiv2): basic error handling 2021-10-12 07:01:02 +00:00			`using Microsoft.AspNetCore.Diagnostics;`
Add basic Swagger integration into ASP.NET Only enabled in Development mode for now. 2020-05-07 03:14:31 +00:00			`using Microsoft.OpenApi.Models;`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00
feat(apiv2): basic error handling 2021-10-12 07:01:02 +00:00			`using Newtonsoft.Json;`

feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`using PluralKit.Core;`

feat(apiv2): basic error handling 2021-10-12 07:01:02 +00:00			`using Serilog;`

feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`namespace PluralKit.API;`
Migrate DI container to Autofac 2020-01-26 00:27:45 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`public class Startup`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`public Startup(IConfiguration configuration)`
			`{`
			`Configuration = configuration;`
			`}`

			`public IConfiguration Configuration { get; }`

			`// This method gets called by the runtime. Use this method to add services to the container.`
			`public void ConfigureServices(IServiceCollection services)`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`services.AddCors();`
			`services.AddAuthentication("SystemToken")`
			`.AddScheme<SystemTokenAuthenticationHandler.Opts,`
			`SystemTokenAuthenticationHandler>("SystemToken", null);`

			`services.AddAuthorization(options =>`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`options.AddPolicy("EditSystem",`
			`p => p.RequireAuthenticatedUser().AddRequirements(new OwnSystemRequirement()));`
			`options.AddPolicy("EditMember",`
			`p => p.RequireAuthenticatedUser().AddRequirements(new OwnSystemRequirement()));`

			`options.AddPolicy("ViewMembers",`
			`p => p.AddRequirements(new PrivacyRequirement<PKSystem>(s => s.MemberListPrivacy)));`
			`options.AddPolicy("ViewFront",`
			`p => p.AddRequirements(new PrivacyRequirement<PKSystem>(s => s.FrontPrivacy)));`
			`options.AddPolicy("ViewFrontHistory",`
			`p => p.AddRequirements(new PrivacyRequirement<PKSystem>(s => s.FrontHistoryPrivacy)));`
			`});`
			`services.AddSingleton<IAuthenticationHandler, SystemTokenAuthenticationHandler>();`
			`services.AddSingleton<IAuthorizationHandler, MemberOwnerHandler>();`
			`services.AddSingleton<IAuthorizationHandler, SystemOwnerHandler>();`
			`services.AddSingleton<IAuthorizationHandler, SystemPrivacyHandler>();`

			`services.AddControllers()`
			`// sorry MS, this just does more`
			`.AddNewtonsoftJson(opts =>`
			`{`
			`// ... though by default it messes up timestamps in JSON`
			`opts.SerializerSettings.DateParseHandling = DateParseHandling.None;`
			`})`
			`.ConfigureApiBehaviorOptions(options =>`
			`options.InvalidModelStateResponseFactory = context =>`
			`throw Errors.GenericBadRequest`
			`);`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`services.AddSwaggerGen(c =>`
			`{`
			`c.SwaggerDoc("v1.0", new OpenApiInfo { Title = "PluralKit", Version = "1.0" });`
run dotnet format 2021-08-27 15:03:47 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`c.EnableAnnotations();`
			`c.AddSecurityDefinition("TokenAuth",`
			`new OpenApiSecurityScheme { Name = "Authorization", Type = SecuritySchemeType.ApiKey });`
run dotnet format 2021-08-27 15:03:47 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`// Exclude routes without a version, then fall back to group name matching (default behavior)`
			`c.DocInclusionPredicate((docName, apiDesc) =>`
Add basic Swagger integration into ASP.NET Only enabled in Development mode for now. 2020-05-07 03:14:31 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`if (!apiDesc.RelativePath.StartsWith("v1/")) return false;`
			`return apiDesc.GroupName == docName;`
Add basic Swagger integration into ASP.NET Only enabled in Development mode for now. 2020-05-07 03:14:31 +00:00			`});`
Fix database connection pool contention (maybe) Instead of acquiring a connection per service per request, we acquire connections more often but at a more granular level, meaning they're also disposed of more quickly instead of staying for a long time in case of long-running commands or leaks. 2019-07-11 19:25:23 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`// Set the comments path for the Swagger JSON and UI.`
			`// https://docs.microsoft.com/en-us/aspnet/core/tutorials/getting-started-with-swashbuckle?view=aspnetcore-3.1&tabs=visual-studio#customize-and-extend`
			`var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";`
			`var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);`
			`c.IncludeXmlComments(xmlPath);`
			`});`
			`services.AddSwaggerGenNewtonsoftSupport();`
feat: add Prometheus metrics for API 2022-03-24 00:09:25 +00:00
			`// metrics`
			`services.AddMetricsTrackingMiddleware();`
			`services.AddAppMetricsCollectors();`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`}`

			`public void ConfigureContainer(ContainerBuilder builder)`
			`{`
			`builder.RegisterInstance(InitUtils.BuildConfiguration(Environment.GetCommandLineArgs()).Build())`
			`.As<IConfiguration>();`
			`builder.RegisterModule(new ConfigModule<ApiConfig>("API"));`
			`builder.RegisterModule(new LoggingModule("api",`
chore: code cleanup (mostly whitespace / remove unused imports) 2022-03-30 08:36:22 +00:00			`cfg: new LoggerConfiguration().Filter.ByExcluding(`
			`exc => exc.Exception is PKError \|\| exc.Exception.IsUserError()`
			`)));`
feat: add Prometheus metrics for API 2022-03-24 00:09:25 +00:00			`// builder.RegisterModule(new MetricsModule("API"));`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`builder.RegisterModule<DataStoreModule>();`
			`builder.RegisterModule<APIModule>();`
			`}`

			`// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.`
			`public void Configure(IApplicationBuilder app, IWebHostEnvironment env)`
			`{`
			`if (env.IsDevelopment())`
Migrate DI container to Autofac 2020-01-26 00:27:45 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`app.UseDeveloperExceptionPage();`

			`// Only enable Swagger stuff when ASPNETCORE_ENVIRONMENT=Development (for now)`
			`app.UseSwagger();`
			`app.UseSwaggerUI(c => { c.SwaggerEndpoint("/swagger/v1.0/swagger.json", "PluralKit (v1)"); });`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`}`

feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`// add X-PluralKit-Version header`
			`app.Use((ctx, next) =>`
			`{`
feat: add git commit hash to Serilog context 2022-01-24 13:13:59 +00:00			`ctx.Response.Headers.Add("X-PluralKit-Version", BuildInfoService.FullVersion);`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`return next();`
			`});`

			`app.UseExceptionHandler(handler => handler.Run(async ctx =>`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`var exc = ctx.Features.Get<IExceptionHandlerPathFeature>();`

			`// handle common ISEs that are generated by invalid user input`
			`if (exc.Error.IsUserError())`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`ctx.Response.StatusCode = 400;`
			`await ctx.Response.WriteAsync("{\"message\":\"400: Bad Request\",\"code\":0}");`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`}`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00
			`else if (exc.Error is not PKError)`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`ctx.Response.StatusCode = 500;`
			`await ctx.Response.WriteAsync("{\"message\":\"500: Internal Server Error\",\"code\":0}");`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`}`

feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`// for some reason, if we don't specifically cast to ModelParseError, it uses the base's ToJson method`
			`else if (exc.Error is ModelParseError fe)`
feat(apiv2): stubs 2021-09-30 02:30:20 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`ctx.Response.StatusCode = fe.ResponseCode;`
			`await ctx.Response.WriteAsync(JsonConvert.SerializeObject(fe.ToJson()));`
			`}`
feat(apiv2): stubs 2021-09-30 02:30:20 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`else`
feat(apiv2): basic error handling 2021-10-12 07:01:02 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`var err = (PKError)exc.Error;`
			`ctx.Response.StatusCode = err.ResponseCode;`

			`var json = JsonConvert.SerializeObject(err.ToJson());`
			`await ctx.Response.WriteAsync(json);`
			`}`

			`await ctx.Response.CompleteAsync();`
			`}));`

			`app.UseMiddleware<AuthorizationTokenHandlerMiddleware>();`

			`//app.UseHttpsRedirection();`
			`app.UseCors(opts => opts.AllowAnyMethod().AllowAnyOrigin().WithHeaders("Content-Type", "Authorization"));`

			`app.UseRouting();`
			`app.UseAuthentication();`
			`app.UseAuthorization();`
			`app.UseEndpoints(endpoints => endpoints.MapControllers());`
feat: add Prometheus metrics for API 2022-03-24 00:09:25 +00:00
			`// metrics`
			`app.UseMetricsAllMiddleware();`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`}`
			`}`