using WIDESEAWCS_Core.Helper; using WIDESEAWCS_Core.Extensions; using WIDESEAWCS_Core.Middlewares; using System.Reflection; using WIDESEAWCS_Core.Filter; using Newtonsoft.Json.Converters; using Newtonsoft.Json.Serialization; using Newtonsoft.Json; using System.Text; using Microsoft.AspNetCore.Mvc.Controllers; using Microsoft.Extensions.DependencyInjection.Extensions; using Microsoft.AspNetCore.Mvc.ModelBinding.Validation; using WIDESEAWCS_Core; using WIDESEAWCS_Core.BaseServices; using Autofac.Extensions.DependencyInjection; using Autofac; using WIDESEAWCS_WCSServer.Filter; using WIDESEAWCS_Core.Authorization; using WIDESEAWCS_Core.Core; using WIDESEAWCS_QuartzJob.Seed; using Autofac.Core; using WIDESEAWCS_QuartzJob.QuartzExtensions; using Microsoft.AspNetCore.Builder; using WIDESEAWCS_Server.HostedService; using WIDESEAWCS_Server.Filter; using WIDESEAWCS_Tasks.OHT; using Baidu.Aip.Face; var builder = WebApplication.CreateBuilder(args); builder.Host.UseServiceProviderFactory(new AutofacServiceProviderFactory()).ConfigureContainer(builder => { builder.RegisterModule(new AutofacModuleRegister()); builder.RegisterModule(new QuartzJobAutofacModuleRegister()); builder.RegisterModule();// }).ConfigureAppConfiguration((hostingContext, config) => { hostingContext.Configuration.ConfigureApplication(); config.Sources.Clear(); config.AddJsonFile("appsettings.json", optional: true, reloadOnChange: false); }); ; builder.ConfigureApplication(); // 2�����÷��� builder.Services.AddSingleton(new AppSettings(builder.Configuration)); builder.Services.AddAllOptionRegister();//��ȡ�����ļ� builder.Services.AddMemoryCacheSetup();//���� builder.Services.AddSqlsugarSetup();//SqlSugar �������� //builder.Services.AddInitializationHostServiceSetup();//创建数据库的时候打开 builder.Services.AddHostedService(); builder.Services.AddDbSetup();//Db �������� builder.Services.AddScoped(); builder.Services.AddHostedService(); builder.Services.AddWebSocketSetup(); builder.Services.AddHostedService(); builder.Services.AddAutoMapperSetup(); builder.Services.AddCorsSetup(); builder.Services.AddMiniProfilerSetup(); builder.Services.AddSwaggerSetup(); builder.Services.AddJobSetup();//������� �������� builder.Services.AddHttpContextSetup(); builder.Services.AddHostedService(); builder.Services.AddMvc(options => { options.Filters.Add(typeof(ApiAuthorizeFilter)); options.Filters.Add(typeof(ActionExecuteFilter)); }); builder.Services.AddAuthorizationSetup(); builder.Services.AddIpPolicyRateLimitSetup(builder.Configuration);//IPLimit���� �������� builder.Services.AddScoped(); builder.Services.AddSession(); builder.Services.AddHttpClient(); builder.Services.AddControllers(o => { o.Filters.Add(typeof(GlobalExceptionsFilter)); }) .AddNewtonsoftJson(options => { options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Serialize; //options.SerializerSettings.ContractResolver = new DefaultContractResolver(); options.SerializerSettings.ContractResolver = new Newtonsoft.Json.Serialization.CamelCasePropertyNamesContractResolver(); options.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss"; options.SerializerSettings.NullValueHandling = NullValueHandling.Include; options.SerializerSettings.DateTimeZoneHandling = DateTimeZoneHandling.Local; options.SerializerSettings.Converters.Add(new StringEnumConverter()); }); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.Replace(ServiceDescriptor.Transient()); Encoding.RegisterProvider(CodePagesEncodingProvider.Instance); //解决服务器在HTTP响应中自动添加了一些不必要的标头 builder.WebHost.ConfigureKestrel(serverOptions => { serverOptions.AddServerHeader = false; }); var app = builder.Build(); // 3�������м�� app.UseMiniProfiler();//���ܷ����� app.ConfigureApplication();//�����ļ� app.UseApplicationSetup();//�������� app.UseAllServicesMiddle(builder.Services); //FaceAI.Face.sdk_init(null);//人脸识别 app.UseSession(); if (app.Environment.IsDevelopment()) { //todo app.UseSwaggerAuthorized(); app.UseSwaggerMiddle(() => Assembly.GetExecutingAssembly().GetManifestResourceStream("WIDESEAWCS_Server.index.html") ?? throw new Exception("未找到WIDESEAWCS_Server.index.html文件")); }////判断是否需要打开swagger //X-Content-Type-Options”头缺失或不安全 // 使用 AddDefaultSecurityHeaders 方法添加一组推荐的安全标头 app.UseSecurityHeaders(policies => policies .AddFrameOptionsDeny() // 添加 X-Frame-Options: DENY .AddContentTypeOptionsNoSniff() // 这就是你需要的 X-Content-Type-Options: nosniff .AddXssProtectionBlock() // 添加 X-XSS-Protection: 1; mode=block .AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365) // 添加 HSTS 头 // 移除服务器信息头 //.AddCustomHeader("X-Powered-By", string.Empty) // 注意是 AddCustomHeader //解决Content-Security-Policy缺失 .AddContentSecurityPolicy(builder => { builder.AddDefaultSrc().Self(); builder.AddScriptSrc().Self(); builder.AddStyleSrc().Self(); builder.AddImgSrc().Self().Data(); builder.AddFontSrc().Self(); }) ); // 手动移除多余响应头(旧版包必须) app.Use(async (context, next) => { context.Response.Headers.Remove("Server"); context.Response.Headers.Remove("X-Powered-By"); context.Response.Headers.Remove("x-miniprofiler-ids"); // MiniProfiler 的指标头 await next(); }); // 拦截敏感路径,返回 404 app.Use(async (context, next) => { var path = context.Request.Path.Value ?? string.Empty; var blacklist = new[] { "/.git", "/.svn", "/.env", "/backup", "/backups", "/config", "/database", "/.idea", "/.vscode", "/node_modules" }; if (path.Contains("..") || blacklist.Any(b => path.StartsWith(b, StringComparison.OrdinalIgnoreCase))) { context.Response.StatusCode = StatusCodes.Status404NotFound; await context.Response.WriteAsync("Not Found"); return; } await next(); }); //应用程序指标数据暴露 app.Use(async (context, next) => { var path = context.Request.Path.Value ?? string.Empty; // 需要保护的端点前缀 var sensitivePrefixes = new[] { "/metrics", "/health", "/actuator", "/diagnostics", "/debug", "/metrics/prometheus" }; if (sensitivePrefixes.Any(p => path.StartsWith(p, StringComparison.OrdinalIgnoreCase))) { var secret = app.Configuration["Internal:MetricsKey"]; // 在 appsettings.json 或 环境变量里配置 if (string.IsNullOrWhiteSpace(secret)) { // 未配置密钥:为了安全拒绝访问 context.Response.StatusCode = StatusCodes.Status403Forbidden; await context.Response.WriteAsync("Forbidden"); return; } if (!context.Request.Headers.TryGetValue("X-Internal-Secret", out var provided) || provided != secret) { context.Response.StatusCode = StatusCodes.Status401Unauthorized; await context.Response.WriteAsync("Unauthorized"); return; } } await next(); }); app.UseHttpsRedirection(); app.UseIpLimitMiddle(); app.UseApiLogMiddleware(); //todo //app.UseRecordAccessLogsMiddle(); app.UseCors(AppSettings.Get(new string[] { "Cors", "PolicyName" })); DefaultFilesOptions defaultFilesOptions = new DefaultFilesOptions(); defaultFilesOptions.DefaultFileNames.Clear(); defaultFilesOptions.DefaultFileNames.Add("index.html"); app.UseDefaultFiles(defaultFilesOptions); app.UseMiddleware(); app.UseStaticFiles(); app.UseCookiePolicy(); app.UseStatusCodePages(); app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); app.Run();