From a5f1018fda5572912c126b1e8dd656209fca0e46 Mon Sep 17 00:00:00 2001
From: ivarlovlie <git@ivarlovlie.no>
Date: Tue, 11 Aug 2020 21:16:02 +0200
Subject: persisted grants

---
 src/server/Startup.cs | 75 +++++++++++++++++++++++++++++++++++----------------
 1 file changed, 52 insertions(+), 23 deletions(-)

(limited to 'src/server/Startup.cs')

diff --git a/src/server/Startup.cs b/src/server/Startup.cs
index 7ebe86b..abc305d 100644
--- a/src/server/Startup.cs
+++ b/src/server/Startup.cs
@@ -1,4 +1,5 @@
 using System.IO;
+using System.Reflection;
 using System.Security.Cryptography.X509Certificates;
 using Dough.IdentityServer;
 using Microsoft.AspNetCore.Builder;
@@ -11,34 +12,37 @@ using Dough.Models;
 using Dough.Models.Database;
 using Dough.Services;
 using IdentityServer4.Configuration;
+using IdentityServer4.EntityFramework.DbContexts;
 using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Diagnostics.HealthChecks;
 
 namespace Dough
 {
     public class Startup
     {
-        public Startup(IConfiguration configuration)
-        {
-            Configuration = configuration;
-        }
-
-        public IConfiguration Configuration { get; }
+        private IConfiguration _configuration { get; }
+        private IWebHostEnvironment _environment { get; }
 
         private const string DefaultCorsPolicy = "DefaultCorsPolicy";
 
-        private string GetConnectionStringFromEnvironment()
+        public Startup(IConfiguration configuration, IWebHostEnvironment environment)
         {
-            var host = Configuration.GetValue<string>("DB_HOST");
-            var port = Configuration.GetValue<string>("DB_PORT");
-            var user = Configuration.GetValue<string>("DB_USER");
-            var password = Configuration.GetValue<string>("DB_PASSWORD");
-            var name = Configuration.GetValue<string>("DB_NAME");
-            return $"Server={host},{port};Database={name};User={user};Password={password}";
+            _configuration = configuration;
+            _environment = environment;
         }
 
-        private X509Certificate2 GetSigningCredentialFromPfx(string fileName)
+        private string GetConnectionStringFromEnvironment(string database)
         {
-            var path = Path.Combine(Directory.GetCurrentDirectory(), "AppData", fileName);
+            var host = _configuration.GetValue<string>("DB_HOST");
+            var port = _configuration.GetValue<string>("DB_PORT");
+            var user = _configuration.GetValue<string>("DB_USER");
+            var password = _configuration.GetValue<string>("DB_PASSWORD");
+            return $"Server={host},{port};Database={database};User={user};Password={password}";
+        }
+
+        private static X509Certificate2 GetSigningCredentialFromPfx(string fileName)
+        {
+            var path = Path.Combine(Directory.GetCurrentDirectory(), "AppData", "certs", fileName);
             return new X509Certificate2(path, string.Empty);
         }
 
@@ -63,9 +67,19 @@ namespace Dough
 
             services.AddDbContext<MainDbContext>(options =>
             {
-                options.UseMySql(GetConnectionStringFromEnvironment());
+                options.UseMySql(GetConnectionStringFromEnvironment("dough"),
+                    builder => { builder.EnableRetryOnFailure(); }
+                );
+                if (_environment.IsDevelopment())
+                {
+                    options.EnableSensitiveDataLogging();
+                }
             });
 
+            var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
+
+            services.AddAuthentication().AddLocalApi();
+
             services.AddIdentityServer(options =>
                 {
                     options.UserInteraction = new UserInteractionOptions
@@ -74,33 +88,48 @@ namespace Dough
                         ErrorUrl = "/error",
                     };
                 })
+                .AddOperationalStore<PersistedGrantDbContext>(options =>
+                {
+                    options.ConfigureDbContext = builder =>
+                    {
+                        builder.UseMySql(GetConnectionStringFromEnvironment("dough_tokens"),
+                            sql =>
+                            {
+                                sql.MigrationsAssembly(migrationsAssembly);
+                                sql.EnableRetryOnFailure();
+                            });
+                        if (_environment.IsDevelopment())
+                        {
+                            builder.EnableSensitiveDataLogging();
+                        }
+                    };
+                })
                 .AddInMemoryIdentityResources(Config.IdentityResources)
                 .AddInMemoryApiScopes(Config.ApiScopes)
+                .AddInMemoryClients(Config.Clients)
                 .AddSigningCredential(GetSigningCredentialFromPfx("example.pfx"))
-                .AddValidationKey(GetSigningCredentialFromPfx("example2.pfx"))
-                .AddProfileService<ProfileService>()
-                .AddInMemoryClients(Config.Clients);
-
+                .AddProfileService<ProfileService>();
+            
             services.AddSingleton<EmailService>();
 
             services.AddControllers();
             services.AddRazorPages().AddRazorRuntimeCompilation();
         }
 
-        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
+        public void Configure(IApplicationBuilder app)
         {
-            if (env.IsDevelopment())
+            if (_environment.IsDevelopment())
                 app.UseDeveloperExceptionPage();
 
             app.UseRouting();
             app.UseStaticFiles();
             app.UseCors(DefaultCorsPolicy);
-            app.UseHealthChecks("/health");
             app.UseStatusCodePages();
             app.UseIdentityServer();
             app.UseAuthorization();
             app.UseEndpoints(endpoints =>
             {
+                endpoints.MapHealthChecks("/health");
                 endpoints.MapRazorPages();
                 endpoints.MapControllers()
                     .RequireAuthorization();
-- 
cgit v1.3