diff --git a/EssentialCSharp.Web/Controllers/HomeController.cs b/EssentialCSharp.Web/Controllers/HomeController.cs index 2d36d2cb..21b9d903 100644 --- a/EssentialCSharp.Web/Controllers/HomeController.cs +++ b/EssentialCSharp.Web/Controllers/HomeController.cs @@ -9,8 +9,10 @@ namespace EssentialCSharp.Web.Controllers; public class HomeController(ILogger logger, IWebHostEnvironment hostingEnvironment, ISiteMappingService siteMappingService, IHttpContextAccessor httpContextAccessor) : Controller { - public IActionResult Index(string key) + public IActionResult Index() { + string? key = Request.Path.Value?.TrimStart('/'); + // if no key (default case), then load up home page SiteMapping? siteMapping = siteMappingService.SiteMappings.Find(key); diff --git a/EssentialCSharp.Web/Program.cs b/EssentialCSharp.Web/Program.cs index 310ed18f..134c57be 100644 --- a/EssentialCSharp.Web/Program.cs +++ b/EssentialCSharp.Web/Program.cs @@ -17,7 +17,20 @@ public partial class Program { private static void Main(string[] args) { - WebApplicationBuilder builder = WebApplication.CreateBuilder(args); + WebApplicationBuilder builder = WebApplication.CreateBuilder(args); + + builder.Services.Configure(options => + { + options.ForwardedHeaders = + ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; + + // Only loopback proxies are allowed by default. + // Clear that restriction because forwarders are enabled by explicit + // configuration. + options.KnownNetworks.Clear(); + options.KnownProxies.Clear(); + }); + ConfigurationManager configuration = builder.Configuration; string connectionString = builder.Configuration.GetConnectionString("EssentialCSharpWebContextConnection") ?? throw new InvalidOperationException("Connection string 'EssentialCSharpWebContextConnection' not found."); @@ -126,13 +139,11 @@ private static void Main(string[] args) { microsoftoptions.ClientId = configuration["authentication:microsoft:clientid"] ?? throw new InvalidOperationException("authentication:microsoft:clientid unexpectedly null"); microsoftoptions.ClientSecret = configuration["authentication:microsoft:clientsecret"] ?? throw new InvalidOperationException("authentication:microsoft:clientsecret unexpectedly null"); - microsoftoptions.CallbackPath = "/signin-microsoft"; }) .AddGitHub(o => { o.ClientId = configuration["authentication:github:clientId"] ?? throw new InvalidOperationException("github:clientId unexpectedly null"); o.ClientSecret = configuration["authentication:github:clientSecret"] ?? throw new InvalidOperationException("github:clientSecret unexpectedly null"); - o.CallbackPath = "/signin-github"; // Grants access to read a user's profile data. // https://docs.github.com/en/developers/apps/building-oauth-apps/scopes-for-oauth-apps @@ -140,24 +151,23 @@ private static void Main(string[] args) }); } - builder.Services.Configure(options => - { - options.ForwardedHeaders = - ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; - }); - - WebApplication app = builder.Build(); - app.UseForwardedHeaders(); + WebApplication app = builder.Build(); // Configure the HTTP request pipeline. if (!app.Environment.IsDevelopment()) { app.UseExceptionHandler("/Error"); + app.UseForwardedHeaders(); app.UseHsts(); app.UseSecurityHeadersMiddleware(new SecurityHeadersBuilder() .AddDefaultSecurePolicy()); } + else + { + app.UseDeveloperExceptionPage(); + app.UseForwardedHeaders(); + } app.MapHealthChecks("/healthz"); @@ -169,20 +179,12 @@ private static void Main(string[] args) app.UseAuthentication(); app.UseAuthorization(); app.UseMiddleware(); - - app.Use((context, next) => - { - context.Request.Scheme = "https"; - return next(context); - }); - app.MapDefaultControllerRoute(); - app.MapRazorPages(); - app.MapControllerRoute( - name: "slug", - pattern: "{*key}", - defaults: new { controller = "Home", action = "Index" }); + app.MapRazorPages(); + app.MapDefaultControllerRoute(); + + app.MapFallbackToController("Index", "Home"); app.Run(); }