Add a console/worker app for certificate auth (#391)

Author: TimHess

Security/src/AuthApi/Program.cs

@@ -1,4 +1,3 @@
-using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Steeltoe.Common.Certificates;
 using Steeltoe.Configuration.CloudFoundry;
 using Steeltoe.Configuration.CloudFoundry.ServiceBindings;
@@ -27,7 +26,7 @@
 builder.Configuration.AddAppInstanceIdentityCertificate(new Guid(orgId), new Guid(spaceId));
 
 // Steeltoe: Register Microsoft's JWT Bearer and Certificate libraries for authentication, configure JWT to work with UAA/Cloud Foundry.
-builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer().ConfigureJwtBearerForCloudFoundry().AddCertificate();
+builder.Services.AddAuthentication().AddJwtBearer().ConfigureJwtBearerForCloudFoundry().AddCertificate();
 
 // Steeltoe: Register Microsoft authorization services.
 builder.Services.AddAuthorizationBuilder()

Security/src/AuthApi/Steeltoe.Samples.AuthApi.csproj

@@ -2,8 +2,8 @@
 
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
-    <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
   </PropertyGroup>
 
   <ItemGroup>

Security/src/AuthApi/manifest-windows.yml

@@ -1,10 +1,10 @@
----
+---
 applications:
 - name: auth-server-sample
   buildpacks:
   - binary_buildpack
   command: cmd /c .\Steeltoe.Samples.AuthApi --urls=http://0.0.0.0:%PORT%
-  memory: 128M
+  memory: 256M
   stack: windows
   env:
     DOTNET_CLI_TELEMETRY_OPTOUT: "true"

Security/src/AuthApi/manifest.yml

@@ -1,9 +1,9 @@
----
+---
 applications:
 - name: auth-server-sample
   buildpacks:
   - dotnet_core_buildpack
-  memory: 128M
+  memory: 256M
   stack: cflinuxfs4
   env:
     DOTNET_CLI_TELEMETRY_OPTOUT: "true"

Security/src/AuthConsole/.cfignore

@@ -0,0 +1,34 @@
+# DotNet
+bin/
+obj/
+publish/
+
+# user-specific state
+*.user
+
+# VS Code
+.vscode/
+*.code-workspace
+
+# Visual Studio
+.vs/
+
+# JetBrains
+.idea/
+*.iws
+*.iml
+*.ipr
+
+# Test framework files
+scaffold/
+*.feature
+
+# Common files that don't need to be pushed
+config/
+*.http
+manifest*.yml
+*.md
+launchSettings.json
+
+# files specific this sample
+GeneratedCertificates

Security/src/AuthConsole/ApiClients/CertificateAuthorizationApiClient.cs

@@ -0,0 +1,17 @@
+using Steeltoe.Samples.AuthConsole.Models;
+
+namespace Steeltoe.Samples.AuthConsole.ApiClients;
+
+public sealed class CertificateAuthorizationApiClient(HttpClient httpClient)
+    : StringApiClient(httpClient)
+{
+    public async Task<AuthApiResponseModel> GetSameOrgAsync(CancellationToken cancellationToken)
+    {
+        return await GetAsync("api/certificate/SameOrg", cancellationToken);
+    }
+
+    public async Task<AuthApiResponseModel> GetSameSpaceAsync(CancellationToken cancellationToken)
+    {
+        return await GetAsync("api/certificate/SameSpace", cancellationToken);
+    }
+}

Security/src/AuthConsole/ApiClients/StringApiClient.cs

@@ -0,0 +1,38 @@
+using Steeltoe.Samples.AuthConsole.Models;
+
+namespace Steeltoe.Samples.AuthConsole.ApiClients;
+
+public abstract class StringApiClient(HttpClient httpClient)
+{
+    protected HttpClient HttpClient => httpClient;
+
+    protected async Task<AuthApiResponseModel> GetAsync(string requestUri, CancellationToken cancellationToken)
+    {
+        string fullRequestUri = httpClient.BaseAddress + requestUri;
+
+        try
+        {
+            using HttpResponseMessage response = await httpClient.GetAsync(requestUri, cancellationToken);
+            string responseBody = await response.Content.ReadAsStringAsync(cancellationToken);
+
+            if (response.IsSuccessStatusCode)
+            {
+                return new AuthApiResponseModel
+                {
+                    RequestUri = fullRequestUri,
+                    Message = responseBody
+                };
+            }
+
+            throw new HttpRequestException($"Request failed with status {(int)response.StatusCode}:{Environment.NewLine}{responseBody}");
+        }
+        catch (Exception exception)
+        {
+            return new AuthApiResponseModel
+            {
+                RequestUri = fullRequestUri,
+                Error = exception
+            };
+        }
+    }
+}

Security/src/AuthConsole/CloudFoundryConventions.cs

@@ -0,0 +1,10 @@
+namespace Steeltoe.Samples.AuthConsole;
+
+internal sealed class CloudFoundryConventions
+{
+    public const string ConfigurationPrefix = "CloudFoundryConventions";
+
+    public string ApiUriSegment { get; set; } = "";
+
+    public string AppsUriSegment { get; set; } = "";
+}

Security/src/AuthConsole/Directory.Build.props

@@ -0,0 +1,8 @@
+<Project>
+  <PropertyGroup>
+    <SteeltoeVersion>4.0.*-*</SteeltoeVersion>
+  </PropertyGroup>
+  <PropertyGroup>
+    <AspNetCoreVersion>8.0.*</AspNetCoreVersion>
+  </PropertyGroup>
+</Project>

Security/src/AuthConsole/HttpClientBuilderExtensions.cs

@@ -0,0 +1,45 @@
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Extensions.Http.Logging;
+
+namespace Steeltoe.Samples.AuthConsole;
+
+/// <summary>
+/// Provides simplified logging of outgoing HTTP requests.
+/// </summary>
+/// <remarks>
+/// Based on https://josef.codes/customize-the-httpclient-logging-dotnet-core/.
+/// </remarks>
+public static class HttpClientBuilderExtensions
+{
+    public static IHttpClientBuilder ConfigureLogging(this IHttpClientBuilder builder)
+    {
+        builder.Services.TryAddScoped<HttpLogger>();
+        return builder.RemoveAllLoggers().AddLogger<HttpLogger>(true);
+    }
+
+    private sealed class HttpLogger(ILogger<HttpLogger> logger) : IHttpClientLogger
+    {
+        private readonly ILogger<HttpLogger> _logger = logger;
+
+        public object? LogRequestStart(HttpRequestMessage request)
+        {
+            _logger.LogInformation("Sending '{Request.Method}' to '{Request.Host}{Request.Path}'", request.Method,
+                request.RequestUri?.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped), request.RequestUri?.PathAndQuery);
+
+            return null;
+        }
+
+        public void LogRequestStop(object? context, HttpRequestMessage request, HttpResponseMessage response, TimeSpan elapsed)
+        {
+            _logger.LogInformation("Received '{Response.StatusCodeInt} {Response.StatusCodeString}' after {Response.ElapsedMilliseconds}ms",
+                (int)response.StatusCode, response.StatusCode, elapsed.TotalMilliseconds.ToString("F1"));
+        }
+
+        public void LogRequestFailed(object? context, HttpRequestMessage request, HttpResponseMessage? response, Exception exception, TimeSpan elapsed)
+        {
+            _logger.LogError(exception, "Request towards '{Request.Host}{Request.Path}' failed after {Response.ElapsedMilliseconds}ms",
+                request.RequestUri?.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped), request.RequestUri!.PathAndQuery,
+                elapsed.TotalMilliseconds.ToString("F1"));
+        }
+    }
+}