Ver 600 #86
Merged
Ver 600 #86
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit represents a significant overhaul of the JWT handling and security features within the codebase. Key changes include: - General refactoring for improved readability and maintainability, including updates to comments, variable types, and class names. - Introduction of the `JwtSettings` class, replacing `JwtOptions`, to provide a more flexible configuration setup for JWT handling. - Enhanced null safety with the addition of nullable annotations across various properties. - Creation of the `Genocs.Auth.Options` namespace to centralize authentication-related configurations. - Addition of the `SecurityKeyBuilder` class for generating RSA security keys from XML strings, enhancing security capabilities. - Updates to `JwtHandler` and related classes to work with the new `JwtSettings` class, indicating an overhaul of JWT handling logic. - New features or integrations for authentication, including methods and properties related to OpenID Connect and Firebase authentication. - Code quality improvements through added summaries and better parameter documentation. - Introduction of conditional `ItemGroup` elements in the `.csproj` file to support multiple .NET versions and optimize dependencies. - Configuration and deployment adjustments, including a new `secrets` section in `appsettings.json` and updates in the `README.md` to reflect the library's new focus on security. - Removal of the deprecated `JwtOptions` class and cleanup of outdated comments and code segments. These changes collectively aim to enhance the security features, improve code quality, and ensure compatibility with multiple .NET versions, marking a significant update to the library's authentication and security configurations.
- Introduced namespaces `Genocs.Auth.Options` and `Genocs.Security.Services` for better organization. - Replaced hardcoded "jwt" with `JwtSettings.Position` for dynamic JWT config. - Renamed `options` to `jwtSettings` in methods for clarity. - Updated token validation to use `jwtSettings`, improving readability. - Enhanced certificate loading using `jwtSettings`. - Added `AddPrivateKeyJwt` method for private key JWT auth support. - Included `Genocs.Security` project reference in `Genocs.Auth.csproj`. - Modified `JwtSettings` and adjusted default section names in configs. - Cleaned up code, standardized method signatures, and updated documentation. - Replaced `MessagingOptions` with `MessagingSettings` and updated usage. - Managed project references and package dependencies for `Genocs.Security`. - Introduced `BaseAggregate` class for common entity properties. - Made minor adjustments for code quality improvements.
- Added `Genocs.Auth` project reference and package to `Genocs.Core.Demo.WebApi.csproj` for authentication support.
- Included `Genocs.Auth` namespace in `Program.cs` for direct usage of its classes and members.
- Enhanced service registration in `Program.cs` with `.AddPrivateKeyJwt()` for JWT authentication setup.
- Created `AuthorizedController` with `[ApiController]`, `[Route("[controller]")]`, and `[Authorize]` attributes for secured API endpoints.
- Implemented asynchronous action `PostSubmitDemoCommand` in `AuthorizedController`, utilizing `System.Net.Mime.MediaTypeNames.Application.Json`.
- Introduced `Genocs.Core.Demo.WebApi.Options.VerificationServiceOptions` for API key configuration. - Added `IVerificationServiceClient` interface and `VerificationServiceClient` class in `Genocs.Core.Demo.WebApi.Infrastructure.Services` for user verification. - Implemented models `VerificationApiRequest`, `VerificationApiResponse`, and `PersonDetailsRequest` for request/response handling. - `VerificationServiceClient` handles HTTP communication with external verification service, including request serialization, header setting, and response deserialization. - Added error handling in `VerificationServiceClient` constructor for parameter validation and URL verification. - Configured dependency injection for `VerificationServiceClient` and its configurations. - Utilized `Newtonsoft.Json` for JSON serialization and deserialization. - Abstracted HTTP communication through `IHttpClient` to facilitate testing and decouple from concrete HTTP client library.
- Standardized namespace changes from `Options` to `Configurations` for clarity. - Enhanced README_NUGET.md for better NuGet package documentation. - Introduced and updated settings classes for logging, security, Swagger, and more. - Added and refined configuration builders for services like Jaeger, Redis, and Azure Key Vault. - Removed obsolete classes and settings to streamline configuration management. - Adopted nullable reference types for improved code robustness. - Updated GitHub Actions to support CI on both main and develop branches. - Enhanced project files for .NET 8 compatibility and incremental build optimizations. - Simplified logging setup with `StaticLogger.EnsureInitialized()`. - Refactored and enhanced settings for JWT, external services, and service discovery. - General cleanup, including removal of unused using directives and minor code adjustments.
This commit encompasses a broad range of changes aimed at improving the clarity, consistency, and flexibility of configuration management within the application. Key changes include: - Renaming the `Genocs.Core.Demo.WebApi.Options` namespace to `Genocs.Core.Demo.WebApi.Configurations` to standardize the naming convention for configuration-related classes. - Updating property descriptions in options classes (e.g., `JwtOptions`, `AppOptions`) to more accurately reflect their purposes and adding a new property `AllowAnonymousEndpoints` to `JwtOptions`. - Modifying the `Position` constants in various options classes to use camelCase, aligning with common JSON and configuration naming conventions. - Updating references in `BuilderExtensions.cs`, `ServiceCollectionExtensions.cs`, and various client classes to use the new `Configurations` namespace. - Renaming settings classes to options (e.g., `AzureServiceBusQueueSettings` to `AzureServiceBusQueueOptions`, `SecuritySettings` to `SecurityOptions`) across the application to follow a consistent naming convention. - Introducing new configuration classes (`JaegerOptions`, `SecurityOptions`, `SwaggerOptions`, `WebApiConfigureOptions`) to better structure and manage configurations for Jaeger tracing, security, Swagger documentation, and Web API settings. - Removing or renaming various settings and builder classes related to metrics, Redis, and Azure Key Vault to reflect a shift in configuration management strategy. These changes aim to enhance the application's configuration management by adopting best practices for naming conventions and configuration patterns, thereby making the codebase easier to understand and maintain.
- Updated various package versions across multiple projects to ensure the latest features and security patches are utilized. This includes major updates for `Serilog.Sinks.*` packages and minor updates for others like `System.IdentityModel.Tokens.Jwt`, `MassTransit.RabbitMQ`, and `MongoDB.Driver`. - Introduced wildcard versioning for `Microsoft.AspNetCore.Authentication.JwtBearer` and `Microsoft.Extensions.Hosting.Abstractions` to adopt more flexible dependency management. - Refactored namespaces and using directives in `HomeController.cs` and `Program.cs`, moving from `.Options` to `.Configurations` to improve project structure clarity. - General maintenance to keep dependencies up-to-date and refactor project organization for better readability and functionality.
- Added new logger configuration with detailed settings for console and file logging, including log rotation and exclusions for specific paths. Placeholder for Azure logging added but disabled. - Introduced monitoring configuration with Jaeger for distributed tracing. - Updated JWT configuration for improved token validation. - Standardized configuration keys to camelCase for RabbitMQ, Azure Service Bus Topic, and Queue without altering their values. - Enhanced MongoDB configuration with tracing capabilities. - Enabled Azure Key Vault integration for secure management of secrets. - Removed and replaced outdated configurations to streamline and adopt new naming conventions.
- Updated the README.md to clearly list basic infrastructure components including RabbitMQ, Redis, MongoDB, and Postgres. - Standardized MongoDB configuration keys to lowercase in appsettings.json for consistency. - Added Azure Key Vault configuration settings for secure management of secrets. - Modified JWT options in JwtOptions.cs for enhanced flexibility in configuration. - Refactored Prometheus metrics configuration for clarity and set default enabled state to false in development settings. - Enhanced appsettings.json with application instance/version info, improved logging levels, and disabled Prometheus metrics endpoint across configurations for a clearer, more secure, and better-monitored application setup.
- Updated README.md to improve documentation formatting, clarity, and added proper markdown links for MongoDB, Postgres, Prometheus, Grafana, InfluxDB, Jaeger, and Seq. Enhanced descriptions for `infrastructure-monitoring.yml`, `infrastructure-scaling.yml`, and `infrastructure-security.yml`. - Removed unused `using` directives in Extensions.cs and commented out in Program.cs for cleanup. - Removed `System.IdentityModel.Tokens.Jwt` package from Genocs.Auth.csproj, indicating a shift in JWT handling. - Added `UseFirebaseAuthentication` extension method in ServiceCollectionExtensions.cs and updated Program.cs to guide its conditional use, marking a significant update in the application's authentication strategy towards Firebase. - Introduced FirebaseAuthenticationMiddleware.cs to implement Firebase JWT token authentication, integrating Firebase into the application's security mechanisms. - Replaced direct Serilog configuration with `StaticLogger.EnsureInitialized()` in Program.cs for centralized logging setup.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.