safeguard against security policy builder execution order change

FastEndpoints · Dec 7, 2022 · c7c065f · c7c065f
1 parent 488f1b8
commit c7c065f
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 4 deletions.
diff --git a/Src/Directory.Build.props b/Src/Directory.Build.props
@@ -1,7 +1,7 @@
 <Project>
   <PropertyGroup>
 
-    <Version>5.4.1.6-beta</Version>
+    <Version>5.4.1.7-beta</Version>
 
     <TargetFrameworks>net6.0;net7.0</TargetFrameworks>
     <LangVersion>latest</LangVersion>

diff --git a/Src/Library/Endpoint/Auxiliary/EndpointDefinition.cs b/Src/Library/Endpoint/Auxiliary/EndpointDefinition.cs
@@ -47,6 +47,7 @@ public sealed class EndpointDefinition
     internal HitCounter? HitCounter { get; private set; }
     internal Action<RouteHandlerBuilder> InternalConfigAction;
     internal bool ImplementsConfigure;
+    internal bool IsInitiazlied;
     internal object? RequestBinder;
     internal List<object> PreProcessorList = new();
     internal List<object> PostProcessorList = new();

diff --git a/Src/Library/Endpoint/Auxiliary/EndpointExtensions.cs b/Src/Library/Endpoint/Auxiliary/EndpointExtensions.cs
@@ -54,6 +54,7 @@ internal static void Initialize(this EndpointDefinition def, BaseEndpoint instan
                 }
             }
         }
+        def.IsInitiazlied = true;
     }
 
     private static readonly Regex rgx = new("(@[\\w]*)", RegexOptions.Compiled);

diff --git a/Src/Library/Main/MainExtensions.cs b/Src/Library/Main/MainExtensions.cs
@@ -33,7 +33,7 @@ public static IServiceCollection AddFastEndpoints(this IServiceCollection servic
         var opts = new EndpointDiscoveryOptions();
         options?.Invoke(opts);
         Endpoints ??= new(opts); //prevent duplicate runs
-        services.AddAuthorization(BuildSecurityPoliciesForEndpoints); //this method doesn't block
+        services.AddAuthorization(async o => await BuildSecurityPoliciesForEndpoints(o)); //this method doesn't block
         services.AddHttpContextAccessor();
         services.TryAddSingleton<IServiceResolver, ServiceResolver>();
         services.TryAddSingleton<IEndpointFactory, EndpointFactory>();
@@ -263,10 +263,15 @@ private static IAuthorizeData[] BuildAuthorizeAttributes(EndpointDefinition ep)
         }).ToArray();
     }
 
-    private static void BuildSecurityPoliciesForEndpoints(AuthorizationOptions opts)
+    private static async Task BuildSecurityPoliciesForEndpoints(AuthorizationOptions opts)
     {
         foreach (var ep in Endpoints.Found)
         {
+            while (!ep.IsInitiazlied) //this usually won't happen unless somehow this method is executed before MapFastEndpoints()
+            {
+                await Task.Delay(100);
+            }
+
             if (ep.AllowedRoles is null && ep.AllowedPermissions is null && ep.AllowedClaimTypes is null && ep.AuthSchemeNames is null)
                 continue;
 

diff --git a/Src/Library/changelog.md b/Src/Library/changelog.md
@@ -5,4 +5,5 @@
 
 ### IMPROVEMENTS
 - tighten up even handling to support long-running processes
-- upgrade fluentvalidations pkg to latest
+- upgrade fluentvalidations pkg to latest
+- add safeguard against security policiy builder execution order change