feat: add rate limiting and refactor DI setup with ServiceCollection extensions

Author: nanotaboada

.codacy.yml

@@ -24,6 +24,7 @@ exclude_paths:
   - '**/Configurations/**'
   - '**/Data/**'
   - '**/Enums/**'
+  - '**/Extensions/**'
   - '**/Mappings/**'
   - '**/Migrations/**'
   - '**/Models/**'

codecov.yml

@@ -58,6 +58,7 @@ ignore:
   - .*\/Configurations\/.*
   - .*\/Data\/.*
   - .*\/Enums\/.*
+  - .*\/Extensions\/.*
   - .*\/Mappings\/.*
   - .*\/Migrations\/.*
   - .*\/Models\/.*

src/Dotnet.Samples.AspNetCore.WebApi/Configurations/RateLimitingOptions.cs

@@ -0,0 +1,25 @@
+namespace Dotnet.Samples.AspNetCore.WebApi.Configurations;
+
+/// <summary>
+/// Configuration options for rate limiting.
+/// This class defines the parameters for request limits, time windows, and queuing.
+/// It is used to control the rate of incoming requests to the API.
+/// The options are typically loaded from the appsettings.json configuration file.
+/// </summary>
+public class RateLimitingOptions
+{
+    /// <summary>
+    /// Maximum number of requests allowed per window.
+    /// </summary>
+    public int PermitLimit { get; set; } = 10;
+
+    /// <summary>
+    /// Time window duration in seconds.
+    /// </summary>
+    public int WindowSeconds { get; set; } = 60;
+
+    /// <summary>
+    /// Maximum number of queued requests.
+    /// </summary>
+    public int QueueLimit { get; set; } = 0;
+}

src/Dotnet.Samples.AspNetCore.WebApi/Dotnet.Samples.AspNetCore.WebApi.csproj

@@ -8,6 +8,7 @@
   </PropertyGroup>
 
   <ItemGroup Label="Development dependencies">
+    <PackageReference Include="FluentValidation.DependencyInjectionExtensions" Version="12.0.0" />
     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="9.0.0">
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>

src/Dotnet.Samples.AspNetCore.WebApi/Extensions/ServiceCollectionExtensions.cs

@@ -0,0 +1,211 @@
+using System.Threading.RateLimiting;
+using Dotnet.Samples.AspNetCore.WebApi.Configurations;
+using Dotnet.Samples.AspNetCore.WebApi.Data;
+using Dotnet.Samples.AspNetCore.WebApi.Mappings;
+using Dotnet.Samples.AspNetCore.WebApi.Repositories;
+using Dotnet.Samples.AspNetCore.WebApi.Services;
+using Dotnet.Samples.AspNetCore.WebApi.Utilities;
+using Dotnet.Samples.AspNetCore.WebApi.Validators;
+using FluentValidation;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.OpenApi.Models;
+using Serilog;
+
+namespace Dotnet.Samples.AspNetCore.WebApi.Extensions;
+
+/// <summary>
+/// Extension methods for WebApplicationBuilder to encapsulate service configuration.
+/// </summary>
+public static class ServiceCollectionExtensions
+{
+    /// <summary>
+    /// Adds DbContextPool with SQLite configuration for PlayerDbContext.
+    /// </summary>
+    /// <param name="services">The IServiceCollection instance.</param>
+    /// <param name="environment">The web host environment.</param>
+    /// <returns>The IServiceCollection for method chaining.</returns>
+    public static IServiceCollection AddDbContextPoolWithSqlite(
+        this IServiceCollection services,
+        IWebHostEnvironment environment
+    )
+    {
+        services.AddDbContextPool<PlayerDbContext>(options =>
+        {
+            var dataSource = Path.Combine(
+                AppContext.BaseDirectory,
+                "storage",
+                "players-sqlite3.db"
+            );
+            options.UseSqlite($"Data Source={dataSource}");
+
+            if (environment.IsDevelopment())
+            {
+                options.EnableSensitiveDataLogging();
+                options.LogTo(Log.Logger.Information, LogLevel.Information);
+            }
+        });
+
+        return services;
+    }
+
+    /// <summary>
+    /// Adds a default CORS policy that allows any origin, method, and header.
+    /// <br />
+    /// <see href="https://learn.microsoft.com/en-us/aspnet/core/security/cors"/>
+    /// </summary>
+    /// <param name="services">The IServiceCollection instance.</param>
+    /// <returns>The IServiceCollection for method chaining.</returns>
+    public static IServiceCollection AddCorsDefaultPolicy(this IServiceCollection services)
+    {
+        services.AddCors(options =>
+        {
+            options.AddDefaultPolicy(corsBuilder =>
+            {
+                corsBuilder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();
+            });
+        });
+
+        return services;
+    }
+
+    /// <summary>
+    /// Adds rate limiting configuration with IP-based partitioning.
+    /// <br />
+    /// <see href="https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit"/>
+    /// </summary>
+    /// <param name="services">The IServiceCollection instance.</param>
+    /// <param name="configuration">The application configuration.</param>
+    /// <returns>The IServiceCollection for method chaining.</returns>
+    public static IServiceCollection AddRateLimiting(
+        this IServiceCollection services,
+        IConfiguration configuration
+    )
+    {
+        // Configure and register options
+        services.Configure<RateLimitingOptions>(configuration.GetSection("RateLimiting"));
+
+        var rateLimitingOptions =
+            configuration.GetSection("RateLimiting").Get<RateLimitingOptions>()
+            ?? new RateLimitingOptions();
+
+        services.AddRateLimiter(options =>
+        {
+            options.GlobalLimiter = PartitionedRateLimiter.Create<HttpContext, string>(
+                httpContext =>
+                {
+                    var partitionKey = RateLimitingUtilities.CreatePartitionKey(httpContext);
+
+                    return RateLimitPartition.GetFixedWindowLimiter(
+                        partitionKey: partitionKey,
+                        factory: _ => new FixedWindowRateLimiterOptions
+                        {
+                            PermitLimit = rateLimitingOptions.PermitLimit,
+                            Window = TimeSpan.FromSeconds(rateLimitingOptions.WindowSeconds),
+                            QueueProcessingOrder = QueueProcessingOrder.OldestFirst,
+                            QueueLimit = rateLimitingOptions.QueueLimit
+                        }
+                    );
+                }
+            );
+
+            options.RejectionStatusCode = StatusCodes.Status429TooManyRequests;
+
+            // Enhanced OnRejected handler with essential headers
+            options.OnRejected = (context, _) =>
+            {
+                var response = context.HttpContext.Response;
+
+                var windowSeconds = rateLimitingOptions.WindowSeconds;
+
+                // Essential headers for rate limiting
+                response.Headers.RetryAfter = windowSeconds.ToString();
+                response.Headers.Append(
+                    "X-RateLimit-Limit",
+                    rateLimitingOptions.PermitLimit.ToString()
+                );
+                response.Headers.Append("X-RateLimit-Remaining", "0");
+                response.Headers.Append("X-RateLimit-Window", windowSeconds.ToString());
+
+                return ValueTask.CompletedTask;
+            };
+        });
+
+        return services;
+    }
+
+    /// <summary>
+    /// Adds FluentValidation validators for Player models.
+    /// <br />
+    /// <see href="https://docs.fluentvalidation.net/en/latest/aspnet.html"/>
+    /// </summary>
+    /// <param name="services">The IServiceCollection instance.</param>
+    /// <returns>The IServiceCollection for method chaining.</returns>
+    public static IServiceCollection AddValidators(this IServiceCollection services)
+    {
+        services.AddValidatorsFromAssemblyContaining<PlayerRequestModelValidator>();
+        return services;
+    }
+
+    /// <summary>
+    /// Sets up Swagger documentation generation and UI for the API.
+    /// <br />
+    /// <see href="https://learn.microsoft.com/en-us/aspnet/core/tutorials/getting-started-with-swashbuckle" />
+    /// </summary>
+    /// <param name="services">The IServiceCollection instance.</param>
+    /// <param name="configuration">The application configuration.</param>
+    /// <returns>The IServiceCollection for method chaining.</returns>
+    public static IServiceCollection AddSwaggerConfiguration(
+        this IServiceCollection services,
+        IConfiguration configuration
+    )
+    {
+        services.AddSwaggerGen(options =>
+        {
+            options.SwaggerDoc("v1", configuration.GetSection("OpenApiInfo").Get<OpenApiInfo>());
+            options.IncludeXmlComments(SwaggerUtilities.ConfigureXmlCommentsFilePath());
+            options.AddSecurityDefinition("Bearer", SwaggerUtilities.ConfigureSecurityDefinition());
+            options.OperationFilter<AuthorizeCheckOperationFilter>();
+        });
+
+        return services;
+    }
+
+    /// <summary>
+    /// Registers the PlayerService with the DI container.
+    /// <br />
+    /// <see href="https://learn.microsoft.com/en-us/aspnet/core/fundamentals/dependency-injection"/>
+    /// </summary>
+    /// <param name="services">The IServiceCollection instance.</param>
+    /// <returns>The IServiceCollection for method chaining.</returns>
+    public static IServiceCollection RegisterPlayerService(this IServiceCollection services)
+    {
+        services.AddScoped<IPlayerService, PlayerService>();
+        return services;
+    }
+
+    /// <summary>
+    /// Adds AutoMapper configuration for Player mappings.
+    /// <br />
+    /// <see href="https://docs.automapper.io/en/latest/Dependency-injection.html#asp-net-core"/>
+    /// </summary>
+    /// <param name="services">The IServiceCollection instance.</param>
+    /// <returns>The IServiceCollection for method chaining.</returns>
+    public static IServiceCollection AddMappings(this IServiceCollection services)
+    {
+        services.AddAutoMapper(typeof(PlayerMappingProfile));
+        return services;
+    }
+
+    /// <summary>
+    /// Registers the PlayerRepository service with the DI container.
+    /// <br />
+    /// <see href="https://learn.microsoft.com/en-us/aspnet/core/fundamentals/dependency-injection"/>
+    /// </summary>
+    /// <param name="services">The IServiceCollection instance.</param>
+    /// <returns>The IServiceCollection for method chaining.</returns>
+    public static IServiceCollection RegisterPlayerRepository(this IServiceCollection services)
+    {
+        services.AddScoped<IPlayerRepository, PlayerRepository>();
+        return services;
+    }
+}

src/Dotnet.Samples.AspNetCore.WebApi/Program.cs

@@ -1,82 +1,59 @@
-using Dotnet.Samples.AspNetCore.WebApi.Configurations;
-using Dotnet.Samples.AspNetCore.WebApi.Data;
-using Dotnet.Samples.AspNetCore.WebApi.Mappings;
-using Dotnet.Samples.AspNetCore.WebApi.Models;
-using Dotnet.Samples.AspNetCore.WebApi.Repositories;
-using Dotnet.Samples.AspNetCore.WebApi.Services;
-using Dotnet.Samples.AspNetCore.WebApi.Validators;
-using FluentValidation;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.OpenApi.Models;
+using Dotnet.Samples.AspNetCore.WebApi.Extensions;
 using Serilog;
 
-var builder = WebApplication.CreateBuilder(args);
-
 /* -----------------------------------------------------------------------------
- * Configuration
+ * Web Application
+ * https://learn.microsoft.com/en-us/aspnet/core/fundamentals/startup
  * -------------------------------------------------------------------------- */
+
+var builder = WebApplication.CreateBuilder(args);
+
+/* Configurations ----------------------------------------------------------- */
+
 builder
     .Configuration.SetBasePath(AppContext.BaseDirectory)
     .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true)
     .AddEnvironmentVariables();
 
-/* -----------------------------------------------------------------------------
- * Logging
- * -------------------------------------------------------------------------- */
-Log.Logger = new LoggerConfiguration().ReadFrom.Configuration(builder.Configuration).CreateLogger();
+/* Logging ------------------------------------------------------------------ */
 
-/* Serilog ------------------------------------------------------------------ */
+Log.Logger = new LoggerConfiguration().ReadFrom.Configuration(builder.Configuration).CreateLogger();
 builder.Host.UseSerilog();
 
-/* -----------------------------------------------------------------------------
- * Services
- * -------------------------------------------------------------------------- */
+/* Controllers -------------------------------------------------------------- */
+
 builder.Services.AddControllers();
+builder.Services.AddCorsDefaultPolicy();
+builder.Services.AddRateLimiting(builder.Configuration);
+builder.Services.AddHealthChecks();
+builder.Services.AddValidators();
 
-/* Entity Framework Core ---------------------------------------------------- */
-builder.Services.AddDbContextPool<PlayerDbContext>(options =>
+if (builder.Environment.IsDevelopment())
 {
-    var dataSource = Path.Combine(AppContext.BaseDirectory, "storage", "players-sqlite3.db");
-
-    options.UseSqlite($"Data Source={dataSource}");
+    builder.Services.AddSwaggerConfiguration(builder.Configuration);
+}
 
-    if (builder.Environment.IsDevelopment())
-    {
-        options.EnableSensitiveDataLogging();
-        options.LogTo(Log.Logger.Information, LogLevel.Information);
-    }
-});
+/* Services ----------------------------------------------------------------- */
 
-builder.Services.AddScoped<IPlayerRepository, PlayerRepository>();
-builder.Services.AddScoped<IPlayerService, PlayerService>();
+builder.Services.RegisterPlayerService();
 builder.Services.AddMemoryCache();
-builder.Services.AddHealthChecks();
+builder.Services.AddMappings();
 
-/* AutoMapper --------------------------------------------------------------- */
-builder.Services.AddAutoMapper(typeof(PlayerMappingProfile));
+/* Repositories ------------------------------------------------------------- */
 
-/* FluentValidation --------------------------------------------------------- */
-builder.Services.AddScoped<IValidator<PlayerRequestModel>, PlayerRequestModelValidator>();
+builder.Services.RegisterPlayerRepository();
 
-if (builder.Environment.IsDevelopment())
-{
-    /* Swagger UI ----------------------------------------------------------- */
-    // https://learn.microsoft.com/en-us/aspnet/core/tutorials/getting-started-with-swashbuckle
-    builder.Services.AddSwaggerGen(options =>
-    {
-        options.SwaggerDoc("v1", builder.Configuration.GetSection("SwaggerDoc").Get<OpenApiInfo>());
-        options.IncludeXmlComments(SwaggerGenDefaults.ConfigureXmlCommentsFilePath());
-        options.AddSecurityDefinition("Bearer", SwaggerGenDefaults.ConfigureSecurityDefinition());
-        options.OperationFilter<AuthorizeCheckOperationFilter>();
-    });
-}
+/* Data --------------------------------------------------------------------- */
+
+builder.Services.AddDbContextPoolWithSqlite(builder.Environment);
 
 var app = builder.Build();
 
 /* -----------------------------------------------------------------------------
  * Middlewares
  * https://learn.microsoft.com/en-us/aspnet/core/fundamentals/middleware
  * -------------------------------------------------------------------------- */
+
 app.UseSerilogRequestLogging();
 
 if (app.Environment.IsDevelopment())
@@ -85,16 +62,10 @@
     app.UseSwaggerUI();
 }
 
-// https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl
 app.UseHttpsRedirection();
-
-// https://learn.microsoft.com/en-us/aspnet/core/security/cors
 app.UseCors();
-
-// https://learn.microsoft.com/en-us/aspnet/core/fundamentals/routing#endpoints
-app.MapControllers();
-
-// https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/health-checks
+app.UseRateLimiter();
 app.MapHealthChecks("/health");
+app.MapControllers();
 
 await app.RunAsync();