MeiXinLaiRui/ShenSuoGanNew.git

			@@ -48,7 +48,7 @@
			builder.Services.AddMemoryCacheSetup();//ç¼å
			builder.Services.AddSqlsugarSetup();//SqlSugar å¯å¨æå¡
			if (AppSettings.GetValue("DBSeedEnable").ObjToBool())
			builder.Services.AddInitializationHostServiceSetup();//åºç¨åå§åæå¡æ³¨å¥
			builder.Services.AddInitializationHostServiceSetup();//åºç¨åå§åæå¡æ³¨å¥ åå»ºæ°æ®åº
			builder.Services.AddHostedService<SeedDataHostedService>();
			builder.Services.AddDbSetup();//Db å¯å¨æå¡

			@@ -111,6 +111,11 @@
			builder.Services.Replace(ServiceDescriptor.Transient<IControllerActivator, ServiceBasedControllerActivator>());
			Encoding.RegisterProvider(CodePagesEncodingProvider.Instance);

			//è§£å³æå¡å¨å¨HTTPååºä¸èªå¨æ·»å äºä¸äºä¸å¿è¦çæ å¤´
			builder.WebHost.ConfigureKestrel(serverOptions =>
			{
			serverOptions.AddServerHeader = false;
			});

			var app = builder.Build();

			@@ -122,7 +127,7 @@
			app.UseAllServicesMiddle(builder.Services);
			//FaceAI.Face.sdk_init(null);//äººè¸è¯å«
			app.UseSession();
			//if (app.Environment.IsDevelopment())
			if (app.Environment.IsDevelopment())
			{
			//todo
			app.UseSwaggerAuthorized();
			@@ -157,6 +162,91 @@
			//éç½®è®¿é®èæç®å½æ¶æä»¶å¤¹å«å
			RequestPath = "/Record"
			});

			//X-Content-Type-Optionsâå¤´ç¼ºå¤±æä¸å®å¨
			// ä½¿ç¨ AddDefaultSecurityHeaders æ¹æ³æ·»å ä¸ç»æ¨èçå®å¨æ å¤´
			app.UseSecurityHeaders(policies => policies
			.AddFrameOptionsDeny() // æ·»å X-Frame-Options: DENY
			.AddContentTypeOptionsNoSniff() // è¿å°±æ¯ä½ éè¦ç X-Content-Type-Options: nosniff
			.AddXssProtectionBlock() // æ·»å X-XSS-Protection: 1; mode=block
			.AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365) // æ·»å HSTS å¤´
			// ç§»é¤æå¡å¨ä¿¡æ¯å¤´
			//.AddCustomHeader("X-Powered-By", string.Empty) // æ³¨ææ¯ AddCustomHeader
			//è§£å³Content-Security-Policyç¼ºå¤±
			.AddContentSecurityPolicy(builder =>
			{
			builder.AddDefaultSrc().Self();
			builder.AddScriptSrc().Self();
			builder.AddStyleSrc().Self();
			builder.AddImgSrc().Self().Data();
			builder.AddFontSrc().Self();
			})

			);
			// æå¨ç§»é¤å¤ä½ååºå¤´ï¼æ§çåå¿é¡»ï¼
			app.Use(async (context, next) =>
			{
			context.Response.Headers.Remove("Server");
			context.Response.Headers.Remove("X-Powered-By");
			context.Response.Headers.Remove("x-miniprofiler-ids");//miniprofilerçææ å¤´
			await next();
			});

			// æ¦æªææè·¯å¾ï¼è¿å 404
			app.Use(async (context, next) =>
			{
			var path = context.Request.Path.Value ?? string.Empty;

			var blacklist = new[]
			{
			"/.git", "/.svn", "/.env", "/backup", "/backups", "/config", "/database", "/.idea", "/.vscode", "/node_modules"
			};

			if (path.Contains("..") \|\| blacklist.Any(b => path.StartsWith(b, StringComparison.OrdinalIgnoreCase)))
			{
			context.Response.StatusCode = StatusCodes.Status404NotFound;
			await context.Response.WriteAsync("Not Found");
			return;
			}

			await next();
			});

			//åºç¨ç¨åºææ æ°æ®æ´é²
			app.Use(async (context, next) =>
			{
			var path = context.Request.Path.Value ?? string.Empty;
			// éè¦ä¿æ¤çç«¯ç¹åç¼
			var sensitivePrefixes = new[]
			{
			"/metrics", "/health", "/actuator", "/diagnostics", "/debug", "/metrics/prometheus"
			};

			if (sensitivePrefixes.Any(p => path.StartsWith(p, StringComparison.OrdinalIgnoreCase)))
			{
			var secret = app.Configuration["Internal:MetricsKey"]; // å¨ appsettings.json æ ç¯å¢åéééç½®
			if (string.IsNullOrWhiteSpace(secret))
			{
			// æªéç½®å¯é¥ï¼ä¸ºäºå®å¨æç»è®¿é®
			context.Response.StatusCode = StatusCodes.Status403Forbidden;
			await context.Response.WriteAsync("Forbidden");
			return;
			}

			if (!context.Request.Headers.TryGetValue("X-Internal-Secret", out var provided) \|\| provided != secret)
			{
			context.Response.StatusCode = StatusCodes.Status401Unauthorized;
			await context.Response.WriteAsync("Unauthorized");
			return;
			}
			}

			await next();
			});
			app.UseHttpsRedirection();



			app.UseCookiePolicy();
			app.UseStatusCodePages();