mirror of
https://github.com/QuotifyTeam/QuotifyBE.git
synced 2025-12-16 19:20:06 +01:00
feat: experimental cors support
This commit is contained in:
@@ -5,11 +5,13 @@ using QuotifyBE.Entities;
|
|||||||
using QuotifyBE.DTOs;
|
using QuotifyBE.DTOs;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using QuotifyBE.Mapping;
|
using QuotifyBE.Mapping;
|
||||||
|
using Microsoft.AspNetCore.Cors;
|
||||||
|
|
||||||
namespace QuotifyBE.Controllers;
|
namespace QuotifyBE.Controllers;
|
||||||
|
|
||||||
|
|
||||||
[ApiController]
|
[ApiController]
|
||||||
|
[EnableCors]
|
||||||
[Route("api/v1/auth")]
|
[Route("api/v1/auth")]
|
||||||
[Produces("application/json")]
|
[Produces("application/json")]
|
||||||
public class AuthController : ControllerBase
|
public class AuthController : ControllerBase
|
||||||
@@ -42,6 +44,7 @@ public class AuthController : ControllerBase
|
|||||||
/// <response code="401">Returned on request with unknown pair of email and password (wrong password)</response>
|
/// <response code="401">Returned on request with unknown pair of email and password (wrong password)</response>
|
||||||
/// <response code="404">Returned on request with unknwon email</response>
|
/// <response code="404">Returned on request with unknwon email</response>
|
||||||
[HttpPost("login")]
|
[HttpPost("login")]
|
||||||
|
[EnableCors]
|
||||||
[ProducesResponseType(typeof(SuccessfulLoginDTO), 200)]
|
[ProducesResponseType(typeof(SuccessfulLoginDTO), 200)]
|
||||||
[ProducesResponseType(typeof(ErrorDTO), 400)]
|
[ProducesResponseType(typeof(ErrorDTO), 400)]
|
||||||
[ProducesResponseType(typeof(ErrorDTO), 401)]
|
[ProducesResponseType(typeof(ErrorDTO), 401)]
|
||||||
@@ -87,6 +90,7 @@ public class AuthController : ControllerBase
|
|||||||
/// <response code="401">Returned on request with invalid JWT</response>
|
/// <response code="401">Returned on request with invalid JWT</response>
|
||||||
[HttpGet("some_values")]
|
[HttpGet("some_values")]
|
||||||
[Authorize]
|
[Authorize]
|
||||||
|
[EnableCors]
|
||||||
[ProducesResponseType(200)]
|
[ProducesResponseType(200)]
|
||||||
[ProducesResponseType(401)]
|
[ProducesResponseType(401)]
|
||||||
public IActionResult GetValues()
|
public IActionResult GetValues()
|
||||||
|
|||||||
@@ -1,11 +1,12 @@
|
|||||||
using Microsoft.AspNetCore.Mvc;
|
|
||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
using Microsoft.AspNetCore.Cors;
|
||||||
|
using Microsoft.AspNetCore.Mvc;
|
||||||
|
using Microsoft.EntityFrameworkCore;
|
||||||
using QuotifyBE.Data;
|
using QuotifyBE.Data;
|
||||||
using QuotifyBE.DTOs;
|
using QuotifyBE.DTOs;
|
||||||
using QuotifyBE.Entities;
|
using QuotifyBE.Entities;
|
||||||
using QuotifyBE.Mapping;
|
using QuotifyBE.Mapping;
|
||||||
using System.Security.Claims;
|
using System.Security.Claims;
|
||||||
using Microsoft.EntityFrameworkCore;
|
|
||||||
|
|
||||||
namespace QuotifyBE.Controllers;
|
namespace QuotifyBE.Controllers;
|
||||||
|
|
||||||
@@ -29,12 +30,17 @@ public class QuotesController : ControllerBase
|
|||||||
/// <summary>
|
/// <summary>
|
||||||
/// Get a page of quotes
|
/// Get a page of quotes
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <remarks>A page of quotes consists of 10 quotes or less. If a page does not contain any quotes, 404 is returned.</remarks>
|
/// <remarks>
|
||||||
|
/// A page of quotes consists of 10 quotes or less.
|
||||||
|
/// If a page does not contain any quotes, 404 is returned.
|
||||||
|
/// Important! Has CORS set, unlike e.g. GET /api/v1/quote/{id} or GET /api/v1/quote/random.
|
||||||
|
/// </remarks>
|
||||||
/// <param name="page_no">The page number</param>
|
/// <param name="page_no">The page number</param>
|
||||||
/// <returns>A page (10 quotes)</returns>
|
/// <returns>A page (10 quotes)</returns>
|
||||||
/// <response code="200">Returned on valid request</response>
|
/// <response code="200">Returned on valid request</response>
|
||||||
/// <response code="404">Returned when requested page is invalid</response>
|
/// <response code="404">Returned when requested page is invalid</response>
|
||||||
[HttpGet("page/{page_no}")]
|
[HttpGet("page/{page_no}")]
|
||||||
|
[EnableCors]
|
||||||
[ProducesResponseType(typeof(List<QuoteShortDTO>), 200)]
|
[ProducesResponseType(typeof(List<QuoteShortDTO>), 200)]
|
||||||
[ProducesResponseType(typeof(ErrorDTO), 404)]
|
[ProducesResponseType(typeof(ErrorDTO), 404)]
|
||||||
public async Task<IActionResult> GetQuotePage(int page_no)
|
public async Task<IActionResult> GetQuotePage(int page_no)
|
||||||
@@ -102,6 +108,7 @@ public class QuotesController : ControllerBase
|
|||||||
/// <response code="403">Returned when user's id does not match the creator's id</response>
|
/// <response code="403">Returned when user's id does not match the creator's id</response>
|
||||||
[HttpPost("new")]
|
[HttpPost("new")]
|
||||||
[Authorize]
|
[Authorize]
|
||||||
|
[EnableCors]
|
||||||
[ProducesResponseType(201)] // ? FIXME
|
[ProducesResponseType(201)] // ? FIXME
|
||||||
[ProducesResponseType(typeof(ErrorDTO), 400)]
|
[ProducesResponseType(typeof(ErrorDTO), 400)]
|
||||||
[ProducesResponseType(typeof(ErrorDTO), 403)]
|
[ProducesResponseType(typeof(ErrorDTO), 403)]
|
||||||
|
|||||||
16
Program.cs
16
Program.cs
@@ -21,6 +21,22 @@ var JwtSecret = builder.Configuration["JwtSecret"]
|
|||||||
var DomainName = builder.Configuration["DomainName"]
|
var DomainName = builder.Configuration["DomainName"]
|
||||||
?? throw new InvalidOperationException("Domain name is not configured!!! Please configure DomainName in appsettings.json!");
|
?? throw new InvalidOperationException("Domain name is not configured!!! Please configure DomainName in appsettings.json!");
|
||||||
|
|
||||||
|
var CorsOrigins = builder.Configuration.GetSection("CorsOrigins").Get<List<string>>()
|
||||||
|
?? throw new InvalidOperationException("CORS is not configured!!! Please configure CorsOrigins in appsettings.json!");
|
||||||
|
|
||||||
|
// Add default CORS policy
|
||||||
|
builder.Services.AddCors(options =>
|
||||||
|
{
|
||||||
|
|
||||||
|
options.AddDefaultPolicy(
|
||||||
|
policy =>
|
||||||
|
{
|
||||||
|
policy
|
||||||
|
.WithOrigins(CorsOrigins.ToArray())
|
||||||
|
.AllowAnyHeader(); // this might not be the greatest idea
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
// Configure JWT authentication
|
// Configure JWT authentication
|
||||||
// https://medium.com/@solomongetachew112/jwt-authentication-in-net-8-a-complete-guide-for-secure-and-scalable-applications-6281e5e8667c
|
// https://medium.com/@solomongetachew112/jwt-authentication-in-net-8-a-complete-guide-for-secure-and-scalable-applications-6281e5e8667c
|
||||||
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
||||||
|
|||||||
@@ -1,6 +1,9 @@
|
|||||||
{
|
{
|
||||||
"JwtSecret": "this is a sample jwt secret token required for quotify - it needs to have at least 256 bits (32 bytes long)",
|
"JwtSecret": "this is a sample jwt secret token required for quotify - it needs to have at least 256 bits (32 bytes long)",
|
||||||
"DomainName": "example.com",
|
"DomainName": "example.com",
|
||||||
|
"CorsOrigins": [
|
||||||
|
"http://localhost:5259", "http://localhost:5258", "http://example.com"
|
||||||
|
],
|
||||||
"ConnectionStrings": {
|
"ConnectionStrings": {
|
||||||
"DefaultConnection": "Server=server-host;Database=db-name;Username=quotify-user;Password=user-secret"
|
"DefaultConnection": "Server=server-host;Database=db-name;Username=quotify-user;Password=user-secret"
|
||||||
},
|
},
|
||||||
|
|||||||
Reference in New Issue
Block a user