Updated configuration and dependencies to enhance security

Updated the configuration and dependencies of the StatusDashboard project to improve the security and environment suitability of the code. The main changes include removing the cookie policy configuration, enabling LettuceEncrypt only in non-development environments, updating the KeycloakWebApp method call parameters, and adding new package references and configuration entries to the project files and configuration. These changes are intended to optimize security configurations, improve HTTPS certificate management, and increase the flexibility and security of projects in different environments.
Aloento · Jun 27, 2024 · 87001ed · 87001ed
1 parent cddeeb9
commit 87001ed
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 12 deletions.
diff --git a/Program.cs b/Program.cs
@@ -15,19 +15,17 @@
     .ValidateDataAnnotations()
     .ValidateOnStart();
 
-builder.Services.Configure<CookiePolicyOptions>(x => {
-    x.CheckConsentNeeded = _ => true;
-    x.MinimumSameSitePolicy = SameSiteMode.Unspecified;
-});
+if (!builder.Environment.IsDevelopment())
+    builder.Services.AddLettuceEncrypt();
 
 builder.Services
     .AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
     .AddKeycloakWebApp(
         builder.Configuration.GetSection(KeycloakAuthenticationOptions.Section),
-        configureOpenIdConnectOptions: options => {
-            options.SaveTokens = true;
-            options.ResponseType = OpenIdConnectResponseType.Code;
-            options.Events = new() {
+        configureOpenIdConnectOptions: x => {
+            x.SaveTokens = true;
+            x.ResponseType = OpenIdConnectResponseType.Code;
+            x.Events = new() {
                 OnSignedOutCallbackRedirect = context => {
                     context.Response.Redirect("/");
                     context.HandleResponse();
@@ -70,7 +68,6 @@
 }
 
 app.UseHttpsRedirection();
-app.UseCookiePolicy();
 
 app.UseStaticFiles();
 app.UseAntiforgery();

diff --git a/StatusDashboard.csproj b/StatusDashboard.csproj
@@ -29,6 +29,7 @@
     <PackageReference Include="JetBrains.Annotations" Version="2023.3.0" />
     <PackageReference Include="Keycloak.AuthServices.Authentication" Version="2.5.2" />
     <PackageReference Include="Keycloak.AuthServices.Authorization" Version="2.5.2" />
+    <PackageReference Include="LettuceEncrypt" Version="1.3.3" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="8.0.6" />
     <PackageReference Include="Microsoft.FluentUI.AspNetCore.Components" Version="4.8.1" />
     <PackageReference Include="Microsoft.TypeScript.MSBuild" Version="5.4.5">

diff --git a/appsettings.Development.json b/appsettings.Development.json
@@ -6,5 +6,6 @@
       "Microsoft.EntityFrameworkCore": "Information",
       "Microsoft.Extensions.Http.DefaultHttpClientFactory": "Information"
     }
-  }
+  },
+  "AllowedHosts": "*"
 }
diff --git a/appsettings.Production.json b/appsettings.Production.json
@@ -1,3 +1,9 @@
 {
-  "urls": "http://*:3389"
+  "urls": "http://sd.aloen.to;https://sd.aloen.to",
+  "AllowedHosts": "sd.aloen.to",
+  "LettuceEncrypt": {
+    "AcceptTermsOfService": true,
+    "DomainNames": [ "sd.aloen.to" ],
+    "EmailAddress": "[email protected]"
+  }
 }
diff --git a/appsettings.json b/appsettings.json
@@ -8,7 +8,6 @@
       "Microsoft.EntityFrameworkCore": "Warning"
     }
   },
-  "AllowedHosts": "*",
   "ConnectionStrings": {
     "DefaultConnection": "DataSource=shared;mode=memory;cache=shared"
   },