using System.IO; using System.Reflection; using System.Linq; using System; using System.Collections.Generic; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Mvc.ApiExplorer; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; using Microsoft.EntityFrameworkCore; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.IdentityModel.Tokens; using Microsoft.Extensions.Hosting; using Microsoft.AspNetCore.Http; using Microsoft.OpenApi.Models; using Microsoft.Extensions.Options; using Swashbuckle.AspNetCore.SwaggerGen; using AyaNova.Models; using AyaNova.Util; using AyaNova.Generator; using AyaNova.Biz; using NLog.Web; using NLog.Targets; using NLog.Config; using NLog.Extensions.Logging; namespace AyaNova { public class Startup { ///////////////////////////////////////////////////////////// // public Startup( Microsoft.AspNetCore.Hosting.IWebHostEnvironment hostingEnvironment) {//ILogger logger, ILoggerFactory logFactory, // Get the factory for ILogger instances. var nlogLoggerProvider = new NLogLoggerProvider(); // Create an ILogger. _newLog = nlogLoggerProvider.CreateLogger(typeof(Startup).FullName); //x_log = logger; _hostingEnvironment = hostingEnvironment; //AyaNova.Util.ApplicationLogging.LoggerFactory = logFactory; //AyaNova.Util.ApplicationLogging.theLogger = _newLog; AyaNova.Util.ApplicationLogging.LoggerProvider=nlogLoggerProvider; //this must be set here ServerBootConfig.AYANOVA_CONTENT_ROOT_PATH = hostingEnvironment.ContentRootPath; } private readonly ILogger _newLog; // private readonly ILoggerx_log; private string _connectionString = ""; private readonly Microsoft.AspNetCore.Hosting.IWebHostEnvironment _hostingEnvironment; //////////////////////////////////////////////////////////// // This method gets called by the runtime. Use this method to add services to the container. // public void ConfigureServices(IServiceCollection services) { _newLog.LogDebug("BOOT: initializing services..."); //Server state service for shutting people out of api _newLog.LogDebug("BOOT: init ApiServerState service"); services.AddSingleton(new AyaNova.Api.ControllerHelpers.ApiServerState()); //Init controllers _newLog.LogDebug("BOOT: init controllers"); var MvcBuilder = services.AddControllers(config => { // config.Filters.Add(new AyaNova.Api.ControllerHelpers.ApiCustomExceptionFilter(AyaNova.Util.ApplicationLogging.LoggerFactory)); config.Filters.Add(new AyaNova.Api.ControllerHelpers.ApiCustomExceptionFilter(_newLog)); }); //Prevent default model binding automatic 400 page so we can consistently show *our* error to our specs //https://docs.microsoft.com/en-us/aspnet/core/web-api/index?view=aspnetcore-3.1#automatic-http-400-responses MvcBuilder.ConfigureApiBehaviorOptions(options => { options.SuppressModelStateInvalidFilter = true; }); _newLog.LogDebug("BOOT: init JSON"); MvcBuilder.AddNewtonsoftJson(options => { options.SerializerSettings.DateTimeZoneHandling = Newtonsoft.Json.DateTimeZoneHandling.Utc; }); //2019-10-17 METRICS will not work just yet with .netcore 3.1 see here https://github.com/AppMetrics/AppMetrics/issues/480 //awaiting a new release from them _newLog.LogDebug("BOOT: init Metrics service"); services.AddMetrics(); _newLog.LogDebug("BOOT: ensuring user and backup folders exist and are separate locations..."); FileUtil.EnsureUserAndUtilityFoldersExistAndAreNotIdentical(_hostingEnvironment.ContentRootPath); #region DATABASE _connectionString = ServerBootConfig.AYANOVA_DB_CONNECTION; //Check DB server exists and can be connected to _newLog.LogDebug("BOOT: Testing database server connection..."); //parse the connection string properly DbUtil.ParseConnectionString(_newLog, _connectionString); //Probe for database server //Will retry every 10 seconds for up to 5 minutes before bailing if (!DbUtil.DatabaseServerExists(_newLog, "BOOT: waiting for db server ")) { var err = $"BOOT: E1000 - AyaNova can't connect to the database server after trying for 5 minutes (connection string is:\"{DbUtil.DisplayableConnectionString}\")"; _newLog.LogCritical(err); throw new System.ApplicationException(err); } _newLog.LogInformation("BOOT: Connected to database server - {0}", DbUtil.DisplayableConnectionString); //ensure database is ready and present DbUtil.EnsureDatabaseExists(_newLog); bool LOG_SENSITIVE_DATA = false; #if (DEBUG) // LOG_SENSITIVE_DATA = true; #endif _newLog.LogDebug("BOOT: init EF service"); services.AddEntityFrameworkNpgsql().AddDbContext( options => options.UseNpgsql(_connectionString //,opt => opt.EnableRetryOnFailure()//REMOVED THIS BECAUSE IT WAS INTEFERING WITH TRANSACTIONS BUT THEN DIDN'T USE THE TRANSACTION BUT IT SEEMS FASTER WITHOUT IT AS WELL SO...?? )//http://www.npgsql.org/efcore/misc.html?q=execution%20strategy#execution-strategy .ConfigureWarnings(warnings => //https://livebook.manning.com/#!/book/entity-framework-core-in-action/chapter-12/v-10/85 warnings.Throw( //Throw an exception on client eval, not necessarily an error but a smell // Microsoft.EntityFrameworkCore.Diagnostics.RelationalEventId.QueryClientEvaluationWarning )) .EnableSensitiveDataLogging(LOG_SENSITIVE_DATA) ); #endregion // Add service and create Policy with options _newLog.LogDebug("BOOT: init CORS service"); services.AddCors(options => { options.AddPolicy("CorsPolicy", builder => builder.AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() //.AllowCredentials() ); }); #region Swagger services .AddApiVersioning(options => { options.AssumeDefaultVersionWhenUnspecified = true; options.DefaultApiVersion = Microsoft.AspNetCore.Mvc.ApiVersion.Parse("8.0"); options.ReportApiVersions = true; }); services.AddVersionedApiExplorer(options => options.GroupNameFormat = "'v'VVV"); services.AddTransient, ConfigureSwaggerOptions>(); services.AddSwaggerGen( c => { // integrate xml comments c.IncludeXmlComments(XmlCommentsFilePath); //https://stackoverflow.com/questions/56234504/migrating-to-swashbuckle-aspnetcore-version-5 //First we define the security scheme c.AddSecurityDefinition("Bearer", //Name the security scheme new OpenApiSecurityScheme { Description = "JWT Authorization header using the Bearer scheme.", Type = SecuritySchemeType.Http, //We set the scheme type to http since we're using bearer authentication Scheme = "bearer" //The name of the HTTP Authorization scheme to be used in the Authorization header. In this case "bearer". }); c.AddSecurityRequirement(new OpenApiSecurityRequirement{ { new OpenApiSecurityScheme{ Reference = new OpenApiReference{ Id = "Bearer", //The name of the previously defined security scheme. Type = ReferenceType.SecurityScheme } },new List() } }); } ); #endregion #region JWT AUTHENTICATION //get the key if specified var secretKey = ServerBootConfig.AYANOVA_JWT_SECRET; //If no key specified make a unique one //This means the jwt creds won't survive a server reboot //so in that case users need to specify an AyaNova_JWT_SECRET environment variable if (string.IsNullOrWhiteSpace(secretKey)) { secretKey = Util.Hasher.GenerateSalt(); } //WAS "UNLICENSED5G*QQJ8#bQ7$Xr_@sXfHq4" //If secretKey is less than 32 characters, pad it if (secretKey.Length < 32) { secretKey = secretKey.PadRight(32, '-'); } ServerBootConfig.AYANOVA_JWT_SECRET = secretKey; var signingKey = new SymmetricSecurityKey(System.Text.Encoding.ASCII.GetBytes(ServerBootConfig.AYANOVA_JWT_SECRET)); _newLog.LogDebug("BOOT: init Authorization service"); services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(options => { // options.AutomaticAuthenticate = true; // options.AutomaticChallenge = true; options.TokenValidationParameters = new TokenValidationParameters { // Token signature will be verified using a private key. ValidateIssuerSigningKey = true, RequireSignedTokens = true, IssuerSigningKey = signingKey, ValidateIssuer = true, ValidIssuer = "ayanova.com", ValidateAudience = false, //ValidAudience = "http://localhost:7575/" // Token will only be valid if not expired yet, with 5 minutes clock skew. ValidateLifetime = true, RequireExpirationTime = true, ClockSkew = new TimeSpan(0, 5, 0), }; }); #endregion _newLog.LogDebug("BOOT: init Generator service"); services.AddSingleton(); } //////////////////////////////////////////////////////////// // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. // public void Configure(IApplicationBuilder app, Microsoft.AspNetCore.Hosting.IWebHostEnvironment env, AyContext dbContext, IApiVersionDescriptionProvider provider, AyaNova.Api.ControllerHelpers.ApiServerState apiServerState, IServiceProvider serviceProvider) { _newLog.LogDebug("BOOT: configuring request pipeline..."); //this *may* be useful in the event of an issue so uncomment if necessary but errors during dev are handled equally by the logging, I think // if (env.IsDevelopment()) // { // app.UseDeveloperExceptionPage(); // } //Store a reference to the dependency injection service for static classes ServiceProviderProvider.Provider = app.ApplicationServices; //Enable ability to handle reverse proxy app.UseForwardedHeaders(new ForwardedHeadersOptions { ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedFor | Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedProto }); #region STATIC FILES _newLog.LogDebug("BOOT: pipeline - static files"); app.UseDefaultFiles(); app.UseStaticFiles(); //Might need the following if the page doesn't update in the client properly //however the vue build process will automatically uniquify each build file names so maybe not required // app.UseStaticFiles(new StaticFileOptions // { // OnPrepareResponse = context => // { // if (context.File.Name == "index.html") // { // context.Context.Response.Headers.Add("Cache-Control", "no-cache, no-store"); // context.Context.Response.Headers.Add("Expires", "-1"); // } // } // }); #endregion _newLog.LogDebug("BOOT: pipeline - ROUTING"); app.UseRouting();//this wasn't here for 2.2 but added for 3.0, needs to come before the stuff after _newLog.LogDebug("BOOT: pipeline - CORS"); app.UseCors("CorsPolicy"); #region AUTH / ROLES _newLog.LogDebug("BOOT: pipeline - authentication"); //Use authentication middleware app.UseAuthentication(); _newLog.LogDebug("BOOT: pipeline - authorization"); app.UseAuthorization(); //Custom middleware to get user roles and put them into the request so //they can be authorized in routes. app.Use(async (context, next) => { if (!context.User.Identity.IsAuthenticated) { context.Request.HttpContext.Items["AY_ROLES"] = 0; } else { //Get user ID from claims long userId = Convert.ToInt64(context.User.FindFirst(c => c.Type == "id").Value); //Get the database context var ct = context.RequestServices.GetService(); //get the user record var u = ct.User.AsNoTracking().Where(a => a.Id == userId).Select(m => new { roles = m.Roles, name = m.Name, id = m.Id, localeId = m.LocaleId }).First(); context.Request.HttpContext.Items["AY_ROLES"] = u.roles; context.Request.HttpContext.Items["AY_USERNAME"] = u.name; context.Request.HttpContext.Items["AY_USER_ID"] = u.id; context.Request.HttpContext.Items["AY_LOCALE_ID"] = u.localeId; } await next.Invoke(); }); #endregion _newLog.LogDebug("BOOT: pipeline - ENDPOINTS"); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); #region SWAGGER _newLog.LogDebug("BOOT: pipeline - api explorer"); // Enable middleware to serve generated Swagger as a JSON endpoint. app.UseSwagger(); app.UseSwaggerUI( options => { foreach (var description in provider.ApiVersionDescriptions) { options.SwaggerEndpoint( $"/swagger/{description.GroupName}/swagger.json", description.GroupName.ToUpperInvariant()); } options.DefaultModelsExpandDepth(-1);//This is meant to hide the Models section that would appear at the bottom of the swagger ui showing *all* models from the api options.DocumentTitle = "AyaNova API explorer"; options.RoutePrefix = "api-docs"; }); #endregion swagger // ****************************************************************** // ******************** TESTING WIPE DB ***************************** // //Set this to true to wipe the db and reinstall a trial license and re-seed the data var TESTING_REFRESH_DB = true;//####################################################################################### #if (DEBUG) //TESTING if (TESTING_REFRESH_DB) ServerBootConfig.AYANOVA_PERMANENTLY_ERASE_DATABASE = TESTING_REFRESH_DB; //TESTING #endif if (ServerBootConfig.AYANOVA_PERMANENTLY_ERASE_DATABASE) { _newLog.LogWarning("BOOT: AYANOVA_PERMANENTLY_ERASE_DATABASE is true, dropping and recreating database"); Util.DbUtil.DropAndRecreateDb(_newLog); AySchema.CheckAndUpdate(dbContext, _newLog); } //Check schema _newLog.LogDebug("BOOT: db schema check"); AySchema.CheckAndUpdate(dbContext, _newLog); //Check database integrity _newLog.LogDebug("BOOT: db integrity check"); DbUtil.CheckFingerPrint(AySchema.EXPECTED_COLUMN_COUNT, AySchema.EXPECTED_INDEX_COUNT, _newLog); //Initialize license AyaNova.Core.License.Initialize(apiServerState, dbContext, _newLog); //Ensure locales are present, not missing any keys and that there is a server default locale that exists LocaleBiz lb = new LocaleBiz(dbContext, 1, ServerBootConfig.AYANOVA_DEFAULT_LANGUAGE_ID, AuthorizationRoles.OpsAdminFull); lb.ValidateLocales(); #if (DEBUG) //TESTING if (TESTING_REFRESH_DB) { AyaNova.Core.License.Fetch(apiServerState, dbContext, _newLog); Util.Seeder.SeedDatabase(Util.Seeder.SeedLevel.SmallOneManShopTrialDataSet, -7);//############################################################################################# } //TESTING #endif //AUTOID VALUES INITIALIZATION ServerBootConfig.SetMostRecentAutoIdValuesFromDatabase(dbContext); //SPA FALLBACK ROUTE app.Use(async (context, next) => { //to support html5 pushstate routing in spa //this ensures that a refresh at the client will not 404 but rather force back to the index.html app page and then handled internally by the client await next(); if (!context.Response.HasStarted && context.Request.Path.Value != "/docs" && context.Response.StatusCode == 404 && !Path.HasExtension(context.Request.Path.Value)) { context.Request.Path = "/index.html"; context.Response.StatusCode = 200; context.Response.ContentType = "text/html"; await context.Response.SendFileAsync(Path.Combine(env.WebRootPath, "index.html")); } }); //Log the active user count so it's in the log record _newLog.LogInformation($"BOOT: Active techs - {UserBiz.ActiveCount}"); //Log the license info so it's on the record _newLog.LogInformation($"BOOT: License -\r\n=-=-=-=-=-=-=-=-=-=-\r\n{AyaNova.Core.License.LicenseInfo}=-=-=-=-=-=-=-=-=-=-"); //Open up the server for visitors apiServerState.SetOpen(); //final startup log _newLog.LogInformation("BOOT: COMPLETED - SERVER IS NOW OPEN"); } #region Swagger and API Versioning utilities static string XmlCommentsFilePath { get { var basePath = AppContext.BaseDirectory; var fileName = typeof(Startup).GetTypeInfo().Assembly.GetName().Name + ".xml"; return Path.Combine(basePath, fileName); } } #endregion } }