PluralKit/PluralKit.API/Startup.cs

using System;
using System.IO;
using System.Reflection;

using Autofac;

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Diagnostics;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Versioning;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.OpenApi.Models;

using Newtonsoft.Json;

using Serilog;

using PluralKit.Core;

namespace PluralKit.API
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddCors();
            services.AddAuthentication("SystemToken")
                .AddScheme<SystemTokenAuthenticationHandler.Opts, SystemTokenAuthenticationHandler>("SystemToken", null);

            services.AddAuthorization(options =>
            {
                options.AddPolicy("EditSystem", p => p.RequireAuthenticatedUser().AddRequirements(new OwnSystemRequirement()));
                options.AddPolicy("EditMember", p => p.RequireAuthenticatedUser().AddRequirements(new OwnSystemRequirement()));

                options.AddPolicy("ViewMembers", p => p.AddRequirements(new PrivacyRequirement<PKSystem>(s => s.MemberListPrivacy)));
                options.AddPolicy("ViewFront", p => p.AddRequirements(new PrivacyRequirement<PKSystem>(s => s.FrontPrivacy)));
                options.AddPolicy("ViewFrontHistory", p => p.AddRequirements(new PrivacyRequirement<PKSystem>(s => s.FrontHistoryPrivacy)));
            });
            services.AddSingleton<IAuthenticationHandler, SystemTokenAuthenticationHandler>();
            services.AddSingleton<IAuthorizationHandler, MemberOwnerHandler>();
            services.AddSingleton<IAuthorizationHandler, SystemOwnerHandler>();
            services.AddSingleton<IAuthorizationHandler, SystemPrivacyHandler>();

            services.AddControllers()
                .SetCompatibilityVersion(CompatibilityVersion.Latest)
                // sorry MS, this just does *more*
                .AddNewtonsoftJson((opts) =>
                {
                    // ... though by default it messes up timestamps in JSON
                    opts.SerializerSettings.DateParseHandling = DateParseHandling.None;
                });

            services.AddApiVersioning();

            services.AddVersionedApiExplorer(c =>
            {
                c.GroupNameFormat = "'v'VV";
                c.ApiVersionParameterSource = new UrlSegmentApiVersionReader();
                c.SubstituteApiVersionInUrl = true;
            });

            services.AddSwaggerGen(c =>
            {
                c.SwaggerDoc("v1.0", new OpenApiInfo { Title = "PluralKit", Version = "1.0" });

                c.EnableAnnotations();
                c.AddSecurityDefinition("TokenAuth",
                    new OpenApiSecurityScheme { Name = "Authorization", Type = SecuritySchemeType.ApiKey });

                // Exclude routes without a version, then fall back to group name matching (default behavior)
                c.DocInclusionPredicate((docName, apiDesc) =>
                {
                    if (!apiDesc.RelativePath.StartsWith("v1/")) return false;
                    return apiDesc.GroupName == docName;
                });

                // Set the comments path for the Swagger JSON and UI.
                // https://docs.microsoft.com/en-us/aspnet/core/tutorials/getting-started-with-swashbuckle?view=aspnetcore-3.1&tabs=visual-studio#customize-and-extend
                var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
                var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
                c.IncludeXmlComments(xmlPath);
            });
            services.AddSwaggerGenNewtonsoftSupport();
        }

        public void ConfigureContainer(ContainerBuilder builder)
        {
            builder.RegisterInstance(InitUtils.BuildConfiguration(Environment.GetCommandLineArgs()).Build())
                .As<IConfiguration>();
            builder.RegisterModule(new ConfigModule<ApiConfig>("API"));
            builder.RegisterModule(new LoggingModule("api", cfg: new LoggerConfiguration().Filter.ByExcluding(exc => exc.Exception is PKError)));
            builder.RegisterModule(new MetricsModule("API"));
            builder.RegisterModule<DataStoreModule>();
            builder.RegisterModule<APIModule>();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();

                // Only enable Swagger stuff when ASPNETCORE_ENVIRONMENT=Development (for now)
                app.UseSwagger();
                app.UseSwaggerUI(c =>
                {
                    c.SwaggerEndpoint("/swagger/v1.0/swagger.json", "PluralKit (v1)");
                });
            }
            else
            {
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                //app.UseHsts();
            }

            // add X-PluralKit-Version header
            app.Use((ctx, next) =>
            {
                ctx.Response.Headers.Add("X-PluralKit-Version", BuildInfoService.Version);
                return next();
            });

            app.UseExceptionHandler(handler => handler.Run(async ctx =>
            {
                var exc = ctx.Features.Get<IExceptionHandlerPathFeature>();

                // handle common ISEs that are generated by invalid user input
                if (exc.Error.IsUserError())
                {
                    ctx.Response.StatusCode = 400;
                    await ctx.Response.WriteAsync("{\"message\":\"400: Bad Request\",\"code\":0}");
                    return;
                }

                if (exc.Error is not PKError)
                {
                    ctx.Response.StatusCode = 500;
                    await ctx.Response.WriteAsync("{\"message\":\"500: Internal Server Error\",\"code\":0}");
                    return;
                }

                // for some reason, if we don't specifically cast to ModelParseError, it uses the base's ToJson method
                if (exc.Error is ModelParseError fe)
                {
                    ctx.Response.StatusCode = fe.ResponseCode;
                    await ctx.Response.WriteAsync(JsonConvert.SerializeObject(fe.ToJson()));

                    return;
                }

                var err = (PKError)exc.Error;
                ctx.Response.StatusCode = err.ResponseCode;

                var json = JsonConvert.SerializeObject(err.ToJson());
                await ctx.Response.WriteAsync(json);
            }));

            app.UseMiddleware<AuthorizationTokenHandlerMiddleware>();

            //app.UseHttpsRedirection();
            app.UseCors(opts => opts.AllowAnyMethod().AllowAnyOrigin().WithHeaders("Content-Type", "Authorization"));

            app.UseRouting();
            app.UseAuthentication();
            app.UseAuthorization();
            app.UseEndpoints(endpoints => endpoints.MapControllers());
        }
    }
}
Enable XML comment support for Swashbuckle 2020-05-07 04:09:55 +00:00			`using System;`
			`using System.IO;`
			`using System.Reflection;`
Load proper config file for non-Docker API 2020-04-16 20:03:23 +00:00
			`using Autofac;`
Migrate DI container to Autofac 2020-01-26 00:27:45 +00:00
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`using Microsoft.AspNetCore.Authentication;`
			`using Microsoft.AspNetCore.Authorization;`
Migrate DI container to Autofac 2020-01-26 00:27:45 +00:00			`using Microsoft.AspNetCore.Builder;`
feat(apiv2): basic error handling 2021-10-12 07:01:02 +00:00			`using Microsoft.AspNetCore.Diagnostics;`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`using Microsoft.AspNetCore.Hosting;`
feat(apiv2): basic error handling 2021-10-12 07:01:02 +00:00			`using Microsoft.AspNetCore.Http;`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`using Microsoft.AspNetCore.Mvc;`
Add basic Swagger integration into ASP.NET Only enabled in Development mode for now. 2020-05-07 03:14:31 +00:00			`using Microsoft.AspNetCore.Mvc.Versioning;`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`using Microsoft.Extensions.Configuration;`
			`using Microsoft.Extensions.DependencyInjection;`
Upgrade to .NET Core 3.1 2019-12-21 23:40:57 +00:00			`using Microsoft.Extensions.Hosting;`
Add basic Swagger integration into ASP.NET Only enabled in Development mode for now. 2020-05-07 03:14:31 +00:00			`using Microsoft.OpenApi.Models;`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00
feat(apiv2): basic error handling 2021-10-12 07:01:02 +00:00			`using Newtonsoft.Json;`

			`using Serilog;`

Migrate DI container to Autofac 2020-01-26 00:27:45 +00:00			`using PluralKit.Core;`

Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`namespace PluralKit.API`
			`{`
			`public class Startup`
			`{`
			`public Startup(IConfiguration configuration)`
			`{`
			`Configuration = configuration;`
			`}`

			`public IConfiguration Configuration { get; }`

			`// This method gets called by the runtime. Use this method to add services to the container.`
			`public void ConfigureServices(IServiceCollection services)`
			`{`
Enable CORS for the API 2019-07-16 12:20:25 +00:00			`services.AddCors();`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`services.AddAuthentication("SystemToken")`
			`.AddScheme<SystemTokenAuthenticationHandler.Opts, SystemTokenAuthenticationHandler>("SystemToken", null);`
run dotnet format 2021-08-27 15:03:47 +00:00
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`services.AddAuthorization(options =>`
			`{`
			`options.AddPolicy("EditSystem", p => p.RequireAuthenticatedUser().AddRequirements(new OwnSystemRequirement()));`
			`options.AddPolicy("EditMember", p => p.RequireAuthenticatedUser().AddRequirements(new OwnSystemRequirement()));`
run dotnet format 2021-08-27 15:03:47 +00:00
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`options.AddPolicy("ViewMembers", p => p.AddRequirements(new PrivacyRequirement<PKSystem>(s => s.MemberListPrivacy)));`
			`options.AddPolicy("ViewFront", p => p.AddRequirements(new PrivacyRequirement<PKSystem>(s => s.FrontPrivacy)));`
			`options.AddPolicy("ViewFrontHistory", p => p.AddRequirements(new PrivacyRequirement<PKSystem>(s => s.FrontHistoryPrivacy)));`
			`});`
			`services.AddSingleton<IAuthenticationHandler, SystemTokenAuthenticationHandler>();`
			`services.AddSingleton<IAuthorizationHandler, MemberOwnerHandler>();`
			`services.AddSingleton<IAuthorizationHandler, SystemOwnerHandler>();`
			`services.AddSingleton<IAuthorizationHandler, SystemPrivacyHandler>();`
run dotnet format 2021-08-27 15:03:47 +00:00
Upgrade to .NET Core 3.1 2019-12-21 23:40:57 +00:00			`services.AddControllers()`
			`.SetCompatibilityVersion(CompatibilityVersion.Latest)`
feat(apiv2): switch endpoints 2021-10-13 09:29:33 +00:00			`// sorry MS, this just does more`
			`.AddNewtonsoftJson((opts) =>`
			`{`
			`// ... though by default it messes up timestamps in JSON`
			`opts.SerializerSettings.DateParseHandling = DateParseHandling.None;`
			`});`
Integrate ApiVersioning library for ASP.NET 2020-05-07 02:39:49 +00:00
Remove unversioned API endpoints 2020-07-28 17:59:28 +00:00			`services.AddApiVersioning();`
run dotnet format 2021-08-27 15:03:47 +00:00
Add basic Swagger integration into ASP.NET Only enabled in Development mode for now. 2020-05-07 03:14:31 +00:00			`services.AddVersionedApiExplorer(c =>`
			`{`
			`c.GroupNameFormat = "'v'VV";`
			`c.ApiVersionParameterSource = new UrlSegmentApiVersionReader();`
			`c.SubstituteApiVersionInUrl = true;`
			`});`
run dotnet format 2021-08-27 15:03:47 +00:00
Add basic Swagger integration into ASP.NET Only enabled in Development mode for now. 2020-05-07 03:14:31 +00:00			`services.AddSwaggerGen(c =>`
			`{`
run dotnet format 2021-08-27 15:03:47 +00:00			`c.SwaggerDoc("v1.0", new OpenApiInfo { Title = "PluralKit", Version = "1.0" });`

Add basic Swagger integration into ASP.NET Only enabled in Development mode for now. 2020-05-07 03:14:31 +00:00			`c.EnableAnnotations();`
			`c.AddSecurityDefinition("TokenAuth",`
run dotnet format 2021-08-27 15:03:47 +00:00			`new OpenApiSecurityScheme { Name = "Authorization", Type = SecuritySchemeType.ApiKey });`

Add basic Swagger integration into ASP.NET Only enabled in Development mode for now. 2020-05-07 03:14:31 +00:00			`// Exclude routes without a version, then fall back to group name matching (default behavior)`
			`c.DocInclusionPredicate((docName, apiDesc) =>`
			`{`
			`if (!apiDesc.RelativePath.StartsWith("v1/")) return false;`
			`return apiDesc.GroupName == docName;`
			`});`
run dotnet format 2021-08-27 15:03:47 +00:00
Enable XML comment support for Swashbuckle 2020-05-07 04:09:55 +00:00			`// Set the comments path for the Swagger JSON and UI.`
			`// https://docs.microsoft.com/en-us/aspnet/core/tutorials/getting-started-with-swashbuckle?view=aspnetcore-3.1&tabs=visual-studio#customize-and-extend`
			`var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";`
			`var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);`
			`c.IncludeXmlComments(xmlPath);`
Add basic Swagger integration into ASP.NET Only enabled in Development mode for now. 2020-05-07 03:14:31 +00:00			`});`
			`services.AddSwaggerGenNewtonsoftSupport();`
Migrate DI container to Autofac 2020-01-26 00:27:45 +00:00			`}`
Fix database connection pool contention (maybe) Instead of acquiring a connection per service per request, we acquire connections more often but at a more granular level, meaning they're also disposed of more quickly instead of staying for a long time in case of long-running commands or leaks. 2019-07-11 19:25:23 +00:00
Migrate DI container to Autofac 2020-01-26 00:27:45 +00:00			`public void ConfigureContainer(ContainerBuilder builder)`
			`{`
Add basic Swagger integration into ASP.NET Only enabled in Development mode for now. 2020-05-07 03:14:31 +00:00			`builder.RegisterInstance(InitUtils.BuildConfiguration(Environment.GetCommandLineArgs()).Build())`
			`.As<IConfiguration>();`
Add API listen port configuration 2020-08-27 21:35:47 +00:00			`builder.RegisterModule(new ConfigModule<ApiConfig>("API"));`
feat(apiv2): basic error handling 2021-10-12 07:01:02 +00:00			`builder.RegisterModule(new LoggingModule("api", cfg: new LoggerConfiguration().Filter.ByExcluding(exc => exc.Exception is PKError)));`
Migrate DI container to Autofac 2020-01-26 00:27:45 +00:00			`builder.RegisterModule(new MetricsModule("API"));`
			`builder.RegisterModule<DataStoreModule>();`
			`builder.RegisterModule<APIModule>();`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`}`

			`// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.`
Upgrade to .NET Core 3.1 2019-12-21 23:40:57 +00:00			`public void Configure(IApplicationBuilder app, IWebHostEnvironment env)`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`{`
			`if (env.IsDevelopment())`
			`{`
			`app.UseDeveloperExceptionPage();`
run dotnet format 2021-08-27 15:03:47 +00:00
Add basic Swagger integration into ASP.NET Only enabled in Development mode for now. 2020-05-07 03:14:31 +00:00			`// Only enable Swagger stuff when ASPNETCORE_ENVIRONMENT=Development (for now)`
			`app.UseSwagger();`
			`app.UseSwaggerUI(c =>`
			`{`
			`c.SwaggerEndpoint("/swagger/v1.0/swagger.json", "PluralKit (v1)");`
			`});`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`}`
			`else`
			`{`
			`// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.`
			`//app.UseHsts();`
			`}`

feat(apiv2): stubs 2021-09-30 02:30:20 +00:00			`// add X-PluralKit-Version header`
			`app.Use((ctx, next) =>`
			`{`
			`ctx.Response.Headers.Add("X-PluralKit-Version", BuildInfoService.Version);`
			`return next();`
			`});`

feat(apiv2): basic error handling 2021-10-12 07:01:02 +00:00			`app.UseExceptionHandler(handler => handler.Run(async ctx =>`
			`{`
			`var exc = ctx.Features.Get<IExceptionHandlerPathFeature>();`
feat(apiv2): ignore exception caused by invalid user-provided JSON return 400 bad request instead 2021-10-12 12:34:28 +00:00
			`// handle common ISEs that are generated by invalid user input`
refactor(apiv2): rename APIErrors to Errors, move IsUserError to helper method 2021-10-13 13:08:17 +00:00			`if (exc.Error.IsUserError())`
feat(apiv2): ignore exception caused by invalid user-provided JSON return 400 bad request instead 2021-10-12 12:34:28 +00:00			`{`
			`ctx.Response.StatusCode = 400;`
			`await ctx.Response.WriteAsync("{\"message\":\"400: Bad Request\",\"code\":0}");`
			`return;`
			`}`

feat(apiv2): basic error handling 2021-10-12 07:01:02 +00:00			`if (exc.Error is not PKError)`
			`{`
			`ctx.Response.StatusCode = 500;`
			`await ctx.Response.WriteAsync("{\"message\":\"500: Internal Server Error\",\"code\":0}");`
			`return;`
			`}`

feat(apiv2): better model validation error UX 2021-10-13 12:37:34 +00:00			`// for some reason, if we don't specifically cast to ModelParseError, it uses the base's ToJson method`
			`if (exc.Error is ModelParseError fe)`
			`{`
			`ctx.Response.StatusCode = fe.ResponseCode;`
			`await ctx.Response.WriteAsync(JsonConvert.SerializeObject(fe.ToJson()));`

			`return;`
			`}`

feat(apiv2): basic error handling 2021-10-12 07:01:02 +00:00			`var err = (PKError)exc.Error;`
			`ctx.Response.StatusCode = err.ResponseCode;`

			`var json = JsonConvert.SerializeObject(err.ToJson());`
			`await ctx.Response.WriteAsync(json);`
			`}));`

feat(apiv2): group stubs, authentication middleware, /systems/:id endpoint 2021-10-02 01:50:01 +00:00			`app.UseMiddleware<AuthorizationTokenHandlerMiddleware>();`

Disable HTTPS redirection on API server 2019-07-15 15:58:05 +00:00			`//app.UseHttpsRedirection();`
Send CORS allowed headers in API response (#114) Sends Access-Control-Allow-Headers Content-Type and Authorization in the API response headers 2019-07-17 11:39:07 +00:00			`app.UseCors(opts => opts.AllowAnyMethod().AllowAnyOrigin().WithHeaders("Content-Type", "Authorization"));`
run dotnet format 2021-08-27 15:03:47 +00:00
Upgrade to .NET Core 3.1 2019-12-21 23:40:57 +00:00			`app.UseRouting();`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`app.UseAuthentication();`
			`app.UseAuthorization();`
Upgrade to .NET Core 3.1 2019-12-21 23:40:57 +00:00			`app.UseEndpoints(endpoints => endpoints.MapControllers());`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`}`
			`}`
			`}`