soroushdes/flatrender
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
flatrender/services/identity/FlatRender.IdentitySvc/Program.cs
T
soroush.asadi 675b60d858
Build backend images / build content-svc (push) Failing after 1m2s
Details
Build backend images / build file-svc (push) Failing after 3m11s
Details
Build backend images / build gateway (push) Failing after 5m39s
Details
Build backend images / build identity-svc (push) Failing after 38s
Details
Build backend images / build notification-svc (push) Failing after 2m0s
Details
Build backend images / build render-svc (push) Failing after 58s
Details
Build backend images / build studio-svc (push) Failing after 58s
Details
feat(auth+admin): Sign in with Google (OAuth) + Integrations config panel 
Backend (identity-svc):
- oauth_config table (mig 22) + OAuthConfig entity
- OAuthService: admin config CRUD + Google authorization-code flow (build consent
  URL, exchange code, fetch userinfo, find/create RegisterMode.Google user, issue
  session via AuthService.IssueOAuthSessionAsync)
- AuthController: GET /v1/auth/google/{start,callback} (public); tokens handed to
  frontend via URL fragment
- AdminController: GET/PUT /v1/admin/oauth/{provider} (admin, secret masked)

Frontend:
- "ورود با گوگل" button on /auth → identity start endpoint
- /auth/callback reads fragment tokens → /api/auth/oauth-session sets httpOnly cookies
- /admin/integrations: Google client_id/secret/redirect_uri + enable, with setup guide
- nav + fa/en labels

Client ID/Secret are configured entirely in the admin panel — no redeploy needed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-03 00:08:21 +03:30

179 lines
7.7 KiB
C#
Raw Permalink Blame History

using System.Text;
using FlatRender.IdentitySvc.Application.Services;
using FlatRender.IdentitySvc.Application.Services.Interfaces;
using FlatRender.IdentitySvc.Domain.Enums;
using FlatRender.IdentitySvc.Infrastructure.Data;
using FlatRender.IdentitySvc.Middleware;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.EntityFrameworkCore;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models;
using Npgsql;
var builder = WebApplication.CreateBuilder(args);
// ── Database ──────────────────────────────────────────────────────────────
var connectionString = builder.Configuration.GetConnectionString("DefaultConnection")
?? throw new InvalidOperationException("ConnectionStrings:DefaultConnection is required");
// Native PostgreSQL enums are mapped on the EF provider so Npgsql can read/write them
// at runtime (HasPostgresEnum in the model alone is not enough on Npgsql 8+). EF builds
// the data source with these mappings. PG labels are PascalCase and match the C# enum
// member names, so a preserve-case name translator is used for the values.
var enumTr = PreserveCaseNameTranslator.Instance;
builder.Services.AddDbContext<IdentityDbContext>(options =>
options.UseNpgsql(
connectionString,
npgsql =>
{
npgsql.MigrationsHistoryTable("__ef_migrations", "identity");
npgsql.MapEnum<TenantStatus>("tenant_status", "identity", enumTr);
npgsql.MapEnum<TenantKind>("tenant_kind", "identity", enumTr);
npgsql.MapEnum<RegisterMode>("register_mode", "identity", enumTr);
npgsql.MapEnum<GenderKind>("gender_kind", "identity", enumTr);
npgsql.MapEnum<TokenPurpose>("token_purpose", "identity", enumTr);
npgsql.MapEnum<MfaFactorType>("mfa_factor_type", "identity", enumTr);
npgsql.MapEnum<PlanScope>("plan_scope", "identity", enumTr);
npgsql.MapEnum<BillingPeriod>("billing_period", "identity", enumTr);
npgsql.MapEnum<PaymentGateway>("payment_gateway", "identity", enumTr);
npgsql.MapEnum<PaymentStatus>("payment_status", "identity", enumTr);
npgsql.MapEnum<PaymentAction>("payment_action", "identity", enumTr);
npgsql.MapEnum<DiscountKind>("discount_kind", "identity", enumTr);
npgsql.MapEnum<QuestType>("quest_type", "identity", enumTr);
npgsql.MapEnum<PrizeType>("prize_type", "identity", enumTr);
npgsql.MapEnum<GiftType>("gift_type", "identity", enumTr);
}
)
.UseSnakeCaseNamingConvention()
);
// ── JWT Auth ──────────────────────────────────────────────────────────────
var jwtSecret = builder.Configuration["Jwt:Secret"]
?? throw new InvalidOperationException("Jwt:Secret is required");
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSecret)),
ValidateIssuer = true,
ValidIssuer = builder.Configuration["Jwt:Issuer"] ?? "flatrender-identity",
ValidateAudience = true,
ValidAudience = builder.Configuration["Jwt:Audience"] ?? "flatrender",
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero,
};
});
builder.Services.AddAuthorization();
// ── Services ──────────────────────────────────────────────────────────────
builder.Services.AddScoped<ITokenService, TokenService>();
builder.Services.AddScoped<AuthService>();
builder.Services.AddScoped<IAuthService>(sp => sp.GetRequiredService<AuthService>());
builder.Services.AddScoped<IUserService, UserService>();
builder.Services.AddScoped<ITenantService, TenantService>();
builder.Services.AddScoped<IPlanService, PlanService>();
builder.Services.AddScoped<IDiscountService, DiscountService>();
builder.Services.AddScoped<IGamificationService, GamificationService>();
builder.Services.AddScoped<IPaymentService, PaymentService>();
builder.Services.AddScoped<AdminService>();
builder.Services.AddScoped<OAuthService>();
builder.Services.AddHttpClient();
// ── HTTP clients ───────────────────────────────────────────────────────────
builder.Services.AddHttpClient("zarinpal", client =>
{
client.DefaultRequestHeaders.Accept.Add(
new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
client.Timeout = TimeSpan.FromSeconds(10);
});
builder.Services.AddHttpClient("snappay", client =>
{
client.DefaultRequestHeaders.Accept.Add(
new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
client.Timeout = TimeSpan.FromSeconds(15); // SnapPay token exchange can be slow
});
builder.Services.AddHttpClient("tara", client =>
{
client.DefaultRequestHeaders.Accept.Add(
new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
client.Timeout = TimeSpan.FromSeconds(10);
});
// ── Routing ───────────────────────────────────────────────────────────────
builder.Services.AddRouting(opts =>
{
opts.LowercaseUrls = true;
opts.AppendTrailingSlash = false;
});
// ── Controllers + Swagger ─────────────────────────────────────────────────
builder.Services.AddControllers()
.AddJsonOptions(o => o.JsonSerializerOptions.PropertyNamingPolicy =
System.Text.Json.JsonNamingPolicy.SnakeCaseLower);
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "FlatRender Identity Service", Version = "v1" });
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
Description = "JWT Bearer token. Format: Bearer {token}",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey,
Scheme = "Bearer",
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "Bearer" }
},
Array.Empty<string>()
}
});
});
builder.Services.AddCors(options =>
options.AddDefaultPolicy(policy =>
policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader()));
builder.Services.AddHealthChecks()
.AddCheck("db", () =>
{
// actual DB ping happens at startup migration; just return healthy here
return Microsoft.Extensions.Diagnostics.HealthChecks.HealthCheckResult.Healthy();
});
var app = builder.Build();
app.UseMiddleware<ExceptionMiddleware>();
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
app.UseCors();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.MapHealthChecks("/health");
if (app.Environment.IsDevelopment())
{
using var scope = app.Services.CreateScope();
var db = scope.ServiceProvider.GetRequiredService<IdentityDbContext>();
db.Database.Migrate();
}
app.Run();
Reference in New Issue View Git Blame Copy Permalink