xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch to signed cookie auth and stop leaking player IDs

Browse Source
This commit is contained in:
Frank Tovar
2026-02-05 16:28:22 +01:00
parent 67453d0756
commit a6265e8656
12 changed files with 100 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
Program.cs
View File

@@ -1,6 +1,8 @@
using GameList.Data;
using GameList.Endpoints;
using GameList.Infrastructure;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.Data.Sqlite;
using Microsoft.EntityFrameworkCore;
@@ -10,6 +12,8 @@ var builder = WebApplication.CreateBuilder(args);
var dataDirectory = Path.Combine(builder.Environment.ContentRootPath, "App_Data");
Directory.CreateDirectory(dataDirectory);
var dataProtectionDirectory = Path.Combine(dataDirectory, "keys");
Directory.CreateDirectory(dataProtectionDirectory);
var configuredConnection = builder.Configuration.GetConnectionString("Default");
var dbPath = Path.Combine(dataDirectory, "gamelist.db");
@@ -38,6 +42,27 @@ builder.Services.ConfigureHttpJsonOptions(options =>
});
builder.Services.AddHttpClient();
builder.Services.AddDataProtection()
.PersistKeysToFileSystem(new DirectoryInfo(dataProtectionDirectory));
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.Name = PlayerIdentityExtensions.PlayerCookieName;
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.SecurePolicy = builder.Environment.IsDevelopment()
? CookieSecurePolicy.SameAsRequest
: CookieSecurePolicy.Always;
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromDays(30);
});
builder.Services.AddAuthorization(options =>
{
options.AddPolicy(PlayerIdentityExtensions.AdminPolicy, policy =>
policy.RequireClaim(PlayerIdentityExtensions.AdminClaim, "true"));
});
var app = builder.Build();
@@ -53,6 +78,8 @@ if (!string.IsNullOrWhiteSpace(basePath))
}
app.UseGlobalExceptionLogging();
app.UseAuthentication();
app.UseAuthorization();
// Ensure database and migrations are applied on startup
using (var scope = app.Services.CreateScope())
@@ -63,7 +90,6 @@ using (var scope = app.Services.CreateScope())
app.UseDefaultFiles();
app.UseStaticFiles();
app.UsePlayerIdentity();
app.MapHealthChecks();
app.MapAuthEndpoints();