using WIDESEAWCS_Core.Helper;
|
using WIDESEAWCS_Core.Extensions;
|
using WIDESEAWCS_Core.Middlewares;
|
using System.Reflection;
|
using WIDESEAWCS_Core.Filter;
|
using Newtonsoft.Json.Converters;
|
using Newtonsoft.Json.Serialization;
|
using Newtonsoft.Json;
|
using System.Text;
|
using Microsoft.AspNetCore.Mvc.Controllers;
|
using Microsoft.Extensions.DependencyInjection.Extensions;
|
using Microsoft.AspNetCore.Mvc.ModelBinding.Validation;
|
using WIDESEAWCS_Core;
|
using WIDESEAWCS_Core.BaseServices;
|
using Autofac.Extensions.DependencyInjection;
|
using Autofac;
|
using WIDESEAWCS_WCSServer.Filter;
|
using WIDESEAWCS_Core.Authorization;
|
using WIDESEAWCS_Core.Core;
|
using WIDESEAWCS_QuartzJob.Seed;
|
using Autofac.Core;
|
using WIDESEAWCS_QuartzJob.QuartzExtensions;
|
using Microsoft.AspNetCore.Builder;
|
using WIDESEAWCS_Server.HostedService;
|
using WIDESEAWCS_Server.Filter;
|
using WIDESEAWCS_Tasks.OHT;
|
using Baidu.Aip.Face;
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
builder.Host.UseServiceProviderFactory(new AutofacServiceProviderFactory()).ConfigureContainer<ContainerBuilder>(builder =>
|
{
|
builder.RegisterModule(new AutofacModuleRegister());
|
builder.RegisterModule(new QuartzJobAutofacModuleRegister());
|
builder.RegisterModule<AutofacPropertityModuleReg>();//
|
}).ConfigureAppConfiguration((hostingContext, config) =>
|
{
|
hostingContext.Configuration.ConfigureApplication();
|
config.Sources.Clear();
|
config.AddJsonFile("appsettings.json", optional: true, reloadOnChange: false);
|
}); ;
|
builder.ConfigureApplication();
|
|
// 2�����÷���
|
builder.Services.AddSingleton(new AppSettings(builder.Configuration));
|
builder.Services.AddAllOptionRegister();//��ȡ�����ļ�
|
builder.Services.AddMemoryCacheSetup();//����
|
builder.Services.AddSqlsugarSetup();//SqlSugar ��������
|
//builder.Services.AddInitializationHostServiceSetup();//创建数据库的时候打开
|
builder.Services.AddHostedService<SeedDataHostedService>();
|
builder.Services.AddDbSetup();//Db ��������
|
|
builder.Services.AddScoped<QuartzJobCreateDataTabel>();
|
builder.Services.AddHostedService<QuartzJobDataTableHostedService>();
|
|
builder.Services.AddWebSocketSetup();
|
|
builder.Services.AddHostedService<WebSocketHostService>();
|
|
builder.Services.AddAutoMapperSetup();
|
|
builder.Services.AddCorsSetup();
|
|
builder.Services.AddMiniProfilerSetup();
|
|
builder.Services.AddSwaggerSetup();
|
|
builder.Services.AddJobSetup();//������� ��������
|
|
builder.Services.AddHttpContextSetup();
|
|
builder.Services.AddHostedService<QuartzJobHostedService>();
|
|
builder.Services.AddMvc(options =>
|
{
|
options.Filters.Add(typeof(ApiAuthorizeFilter));
|
options.Filters.Add(typeof(ActionExecuteFilter));
|
});
|
|
builder.Services.AddAuthorizationSetup();
|
|
builder.Services.AddIpPolicyRateLimitSetup(builder.Configuration);//IPLimit���� ��������
|
|
builder.Services.AddScoped<UseServiceDIAttribute>();
|
|
builder.Services.AddSession();
|
|
builder.Services.AddHttpClient();
|
|
builder.Services.AddControllers(o =>
|
{
|
o.Filters.Add(typeof(GlobalExceptionsFilter));
|
})
|
.AddNewtonsoftJson(options =>
|
{
|
options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Serialize;
|
//options.SerializerSettings.ContractResolver = new DefaultContractResolver();
|
options.SerializerSettings.ContractResolver = new Newtonsoft.Json.Serialization.CamelCasePropertyNamesContractResolver();
|
options.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss";
|
options.SerializerSettings.NullValueHandling = NullValueHandling.Include;
|
options.SerializerSettings.DateTimeZoneHandling = DateTimeZoneHandling.Local;
|
options.SerializerSettings.Converters.Add(new StringEnumConverter());
|
});
|
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
|
builder.Services.AddEndpointsApiExplorer();
|
|
builder.Services.Replace(ServiceDescriptor.Transient<IControllerActivator, ServiceBasedControllerActivator>());
|
Encoding.RegisterProvider(CodePagesEncodingProvider.Instance);
|
|
//解决服务器在HTTP响应中自动添加了一些不必要的标头
|
builder.WebHost.ConfigureKestrel(serverOptions =>
|
{
|
serverOptions.AddServerHeader = false;
|
});
|
|
var app = builder.Build();
|
|
// 3��������
|
app.UseMiniProfiler();//���ܷ�����
|
app.ConfigureApplication();//�����ļ�
|
app.UseApplicationSetup();//��������
|
|
app.UseAllServicesMiddle(builder.Services);
|
//FaceAI.Face.sdk_init(null);//人脸识别
|
app.UseSession();
|
if (app.Environment.IsDevelopment())
|
{
|
//todo
|
app.UseSwaggerAuthorized();
|
app.UseSwaggerMiddle(() => Assembly.GetExecutingAssembly().GetManifestResourceStream("WIDESEAWCS_Server.index.html") ?? throw new Exception("未找到WIDESEAWCS_Server.index.html文件"));
|
}////判断是否需要打开swagger
|
|
|
//X-Content-Type-Options”头缺失或不安全
|
// 使用 AddDefaultSecurityHeaders 方法添加一组推荐的安全标头
|
app.UseSecurityHeaders(policies => policies
|
.AddFrameOptionsDeny() // 添加 X-Frame-Options: DENY
|
.AddContentTypeOptionsNoSniff() // 这就是你需要的 X-Content-Type-Options: nosniff
|
.AddXssProtectionBlock() // 添加 X-XSS-Protection: 1; mode=block
|
.AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365) // 添加 HSTS 头
|
// 移除服务器信息头
|
//.AddCustomHeader("X-Powered-By", string.Empty) // 注意是 AddCustomHeader
|
//解决Content-Security-Policy缺失
|
.AddContentSecurityPolicy(builder =>
|
{
|
builder.AddDefaultSrc().Self();
|
builder.AddScriptSrc().Self();
|
builder.AddStyleSrc().Self();
|
builder.AddImgSrc().Self().Data();
|
builder.AddFontSrc().Self();
|
})
|
|
);
|
// 手动移除多余响应头(旧版包必须)
|
app.Use(async (context, next) =>
|
{
|
context.Response.Headers.Remove("Server");
|
context.Response.Headers.Remove("X-Powered-By");
|
context.Response.Headers.Remove("x-miniprofiler-ids"); // MiniProfiler 的指标头
|
await next();
|
});
|
// 拦截敏感路径,返回 404
|
app.Use(async (context, next) =>
|
{
|
var path = context.Request.Path.Value ?? string.Empty;
|
|
var blacklist = new[]
|
{
|
"/.git", "/.svn", "/.env", "/backup", "/backups", "/config", "/database", "/.idea", "/.vscode", "/node_modules"
|
};
|
|
if (path.Contains("..") || blacklist.Any(b => path.StartsWith(b, StringComparison.OrdinalIgnoreCase)))
|
{
|
context.Response.StatusCode = StatusCodes.Status404NotFound;
|
await context.Response.WriteAsync("Not Found");
|
return;
|
}
|
await next();
|
});
|
//应用程序指标数据暴露
|
app.Use(async (context, next) =>
|
{
|
var path = context.Request.Path.Value ?? string.Empty;
|
// 需要保护的端点前缀
|
var sensitivePrefixes = new[]
|
{
|
"/metrics", "/health", "/actuator", "/diagnostics", "/debug", "/metrics/prometheus"
|
};
|
|
if (sensitivePrefixes.Any(p => path.StartsWith(p, StringComparison.OrdinalIgnoreCase)))
|
{
|
var secret = app.Configuration["Internal:MetricsKey"]; // 在 appsettings.json 或 环境变量里配置
|
if (string.IsNullOrWhiteSpace(secret))
|
{
|
// 未配置密钥:为了安全拒绝访问
|
context.Response.StatusCode = StatusCodes.Status403Forbidden;
|
await context.Response.WriteAsync("Forbidden");
|
return;
|
}
|
|
if (!context.Request.Headers.TryGetValue("X-Internal-Secret", out var provided) || provided != secret)
|
{
|
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
|
await context.Response.WriteAsync("Unauthorized");
|
return;
|
}
|
}
|
|
await next();
|
});
|
app.UseHttpsRedirection();
|
|
app.UseIpLimitMiddle();
|
app.UseApiLogMiddleware();
|
//todo
|
//app.UseRecordAccessLogsMiddle();
|
|
app.UseCors(AppSettings.Get(new string[] { "Cors", "PolicyName" }));
|
|
DefaultFilesOptions defaultFilesOptions = new DefaultFilesOptions();
|
defaultFilesOptions.DefaultFileNames.Clear();
|
defaultFilesOptions.DefaultFileNames.Add("index.html");
|
app.UseDefaultFiles(defaultFilesOptions);
|
app.UseMiddleware<HttpRequestMiddleware>();
|
app.UseStaticFiles();
|
app.UseCookiePolicy();
|
app.UseStatusCodePages();
|
|
app.UseRouting();
|
|
app.UseAuthentication();
|
app.UseAuthorization();
|
|
app.MapControllers();
|
|
app.Run();
|
