From 487bed02b26566c294808f3e181a43e1ca0ba736 Mon Sep 17 00:00:00 2001 From: JP Gouigoux Date: Thu, 11 Aug 2022 20:21:27 +0200 Subject: [PATCH] =?UTF-8?q?Passage=20du=20projet=20Server=20en=20mode=20Do?= =?UTF-8?q?cker=20avec=20gestion=20du=20param=C3=A9trage=20et=20ajout=20de?= =?UTF-8?q?=20la=20s=C3=A9curit=C3=A9=20sur=20le=20serveur=20RabbitMQ?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../PersonnesControllerBase.cs | 16 +++-- .../Server/ClaimsTransformer.cs | 4 +- TestOIDCBlazorWASM/Server/Dockerfile | 29 +++++++++ TestOIDCBlazorWASM/Server/Program.cs | 4 +- .../Server/Properties/launchSettings.json | 59 +++++++++++-------- .../Server/TestOIDCBlazorWASM.Server.csproj | 4 ++ TestOIDCBlazorWASM/Server/appsettings.json | 4 +- 7 files changed, 82 insertions(+), 38 deletions(-) create mode 100644 TestOIDCBlazorWASM/Server/Dockerfile diff --git a/TestOIDCBlazorWASM.Work/PersonnesControllerBase.cs b/TestOIDCBlazorWASM.Work/PersonnesControllerBase.cs index 5b816e1..b453939 100644 --- a/TestOIDCBlazorWASM.Work/PersonnesControllerBase.cs +++ b/TestOIDCBlazorWASM.Work/PersonnesControllerBase.cs @@ -24,20 +24,24 @@ public abstract class PersonnesControllerBase : Controller private IMongoCollection Collection; private string NomServeurMOM { get; init; } private string NomQueueMessages { get; init; } + private string NomUtilisateurMOM { get; init; } + private string MotDePasseMOM { get; init; } private string ModeleEnteteHTTPLocation { get; init; } public PersonnesControllerBase(IConfiguration config) { // Paramétrage base NoSQL - string conn = config.GetSection("PersistanceNoSQL").GetValue("PersonnesConnectionString"); - string NomBaseDeDonneesPersonnes = config.GetSection("PersistanceNoSQL").GetValue("PersonnesDatabaseName"); + string conn = config["PersistanceNoSQL__PersonnesConnectionString"]; + string NomBaseDeDonneesPersonnes = config["PersistanceNoSQL__PersonnesDatabaseName"]; Database = new MongoClient(conn).GetDatabase(NomBaseDeDonneesPersonnes); - NomCollectionPersonnes = config.GetSection("PersistanceNoSQL").GetValue("PersonnesCollectionName"); + NomCollectionPersonnes = config["PersistanceNoSQL__PersonnesCollectionName"]; Collection = Database.GetCollection("personnes"); // Paramétrage MOM - NomServeurMOM = config.GetSection("RabbitMQ")["HoteServeur"]; - NomQueueMessages = config.GetSection("RabbitMQ")["NomQueueMessagesCreationPersonnes"]; + NomServeurMOM = config["RabbitMQ__HoteServeur"]; + NomQueueMessages = config["RabbitMQ__NomQueueMessagesCreationPersonnes"]; + NomUtilisateurMOM = config["RabbitMQ__Utilisateur"] ?? "guest"; + MotDePasseMOM = config["RabbitMQ__MotDePasse"] ?? "guest"; // Paramétrage API ModeleEnteteHTTPLocation = config["ModeleEnteteHTTPLocation"]; @@ -95,7 +99,7 @@ public virtual IActionResult CreationPersonne([FromBody] DbPersonne personne) personne.ObjectId = Guid.NewGuid().ToString("N"); Collection.InsertOneAsync(personne); - var factory = new ConnectionFactory() { HostName = this.NomServeurMOM }; + var factory = new ConnectionFactory() { HostName = this.NomServeurMOM, UserName = this.NomUtilisateurMOM, Password = this.MotDePasseMOM }; using (var connection = factory.CreateConnection()) using (var channel = connection.CreateModel()) { diff --git a/TestOIDCBlazorWASM/Server/ClaimsTransformer.cs b/TestOIDCBlazorWASM/Server/ClaimsTransformer.cs index 66105d9..728ab23 100644 --- a/TestOIDCBlazorWASM/Server/ClaimsTransformer.cs +++ b/TestOIDCBlazorWASM/Server/ClaimsTransformer.cs @@ -1,4 +1,4 @@ - using Microsoft.AspNetCore.Authentication; +using Microsoft.AspNetCore.Authentication; using Newtonsoft.Json; using System.Security.Claims; using System.Text.Json; @@ -20,7 +20,7 @@ public ClaimsTransformer(IConfiguration config) string ModelePourRoleClaim = config.GetSection("OIDC")["ModelePourRoleClaim"]; PrefixeRoleClaim = ModelePourRoleClaim.Substring(0, ModelePourRoleClaim.IndexOf(".")); SuffixeRoleClaim = ModelePourRoleClaim.Substring(ModelePourRoleClaim.LastIndexOf(".") + 1); - OIDCClientId = config.GetSection("OIDC")["ClientId"]; + OIDCClientId = config["OIDC__ClientId"]; TargetUserRolesClaimName = config.GetSection("OIDC").GetValue("TargetUserRolesClaimName"); } diff --git a/TestOIDCBlazorWASM/Server/Dockerfile b/TestOIDCBlazorWASM/Server/Dockerfile new file mode 100644 index 0000000..875aa07 --- /dev/null +++ b/TestOIDCBlazorWASM/Server/Dockerfile @@ -0,0 +1,29 @@ +#See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging. + +FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base +WORKDIR /app +EXPOSE 80 +EXPOSE 443 + +FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build +WORKDIR /src +COPY ["TestOIDCBlazorWASM/Server/TestOIDCBlazorWASM.Server.csproj", "TestOIDCBlazorWASM/Server/"] +COPY ["TestOIDCBlazorWASM.Work/TestOIDCBlazorWASM.Work.csproj", "TestOIDCBlazorWASM.Work/"] +COPY ["TestOIDCBlazorWASM/Shared/TestOIDCBlazorWASM.Shared.csproj", "TestOIDCBlazorWASM/Shared/"] +COPY ["TestOIDCBlazorWASM/Client/TestOIDCBlazorWASM.Client.csproj", "TestOIDCBlazorWASM/Client/"] +RUN dotnet restore "TestOIDCBlazorWASM/Server/TestOIDCBlazorWASM.Server.csproj" +COPY . . +WORKDIR "/src/TestOIDCBlazorWASM/Server" +RUN dotnet build "TestOIDCBlazorWASM.Server.csproj" -c Release -o /app/build + +FROM build AS publish +RUN dotnet publish "TestOIDCBlazorWASM.Server.csproj" -c Release -o /app/publish + +FROM base AS final +WORKDIR /app +COPY --from=publish /app/publish . +ENV OIDC__TargetUserRolesClaimName=user_roles +ENV OIDC__Audience=account +ENV OIDC__NameClaimType=preferred_username +ENV OIDC__ModelePourRoleClaim=resource_access.${client_id}.roles +ENTRYPOINT ["dotnet", "TestOIDCBlazorWASM.Server.dll"] \ No newline at end of file diff --git a/TestOIDCBlazorWASM/Server/Program.cs b/TestOIDCBlazorWASM/Server/Program.cs index 6474347..da7046d 100644 --- a/TestOIDCBlazorWASM/Server/Program.cs +++ b/TestOIDCBlazorWASM/Server/Program.cs @@ -23,7 +23,7 @@ { // On doit pouvoir faire mieux avec un binder de configuration IConfigurationSection ConfigOIDC = builder.Configuration.GetSection("OIDC"); - o.Authority = ConfigOIDC["Authority"]; + o.Authority = builder.Configuration["OIDC__Authority"]; o.Audience = ConfigOIDC["Audience"]; // Les deux options à suivre ne sont à faire qu'en mode DEVELOPMENT, mais depuis que l'app doit être buildée // avant qu'on puisse avoir accès à app.Environment.IsDevelopment(), on ne peut plus utiliser ces codes @@ -34,7 +34,7 @@ o.RequireHttpsMetadata = false; //o.TokenValidationParameters.RoleClaimType = "user_roles"; - o.TokenValidationParameters.RoleClaimType = ConfigOIDC["ModelePourRoleClaim"].Replace("${client_id}", ConfigOIDC["ClientId"]); + o.TokenValidationParameters.RoleClaimType = ConfigOIDC["ModelePourRoleClaim"].Replace("${client_id}", builder.Configuration["OIDC__ClientId"]); o.TokenValidationParameters.NameClaimType = ConfigOIDC["NameClaimType"]; // Fait sens ici car côté serveur, on utiliserait le nom pour la traçabilité o.TokenValidationParameters.ValidateIssuer = true; //o.SaveToken = true; // A voir dans la doc pour l'utilisation précise diff --git a/TestOIDCBlazorWASM/Server/Properties/launchSettings.json b/TestOIDCBlazorWASM/Server/Properties/launchSettings.json index 6c2f59c..8eceb67 100644 --- a/TestOIDCBlazorWASM/Server/Properties/launchSettings.json +++ b/TestOIDCBlazorWASM/Server/Properties/launchSettings.json @@ -1,30 +1,39 @@ { - "iisSettings": { - "windowsAuthentication": false, - "anonymousAuthentication": true, - "iisExpress": { - "applicationUrl": "http://localhost:16082", - "sslPort": 44323 - } + "iisSettings": { + "windowsAuthentication": false, + "anonymousAuthentication": true, + "iisExpress": { + "applicationUrl": "http://localhost:16082", + "sslPort": 44323 + } + }, + "profiles": { + "TestOIDCBlazorWASM.Server": { + "commandName": "Project", + "launchBrowser": true, + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + }, + "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}", + "applicationUrl": "https://localhost:7070;http://localhost:5070", + "dotnetRunMessages": true }, - "profiles": { - "TestOIDCBlazorWASM.Server": { - "commandName": "Project", - "dotnetRunMessages": true, - "launchBrowser": true, - "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}", - "applicationUrl": "https://localhost:7070;http://localhost:5070", - "environmentVariables": { - "ASPNETCORE_ENVIRONMENT": "Development" - } + "IIS Express": { + "commandName": "IISExpress", + "launchBrowser": true, + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" }, - "IIS Express": { - "commandName": "IISExpress", - "launchBrowser": true, - "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}", - "environmentVariables": { - "ASPNETCORE_ENVIRONMENT": "Development" - } - } + "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}" + }, + "Docker": { + "commandName": "Docker", + "commandLineArgs": "--RabbitMQ__HoteServeur my-rabbit --RabbitMQ__NomQueueMessagesCreationPersonnes personnes --RabbitMQ__Utilisateur rapido --RabbitMQ__MotDePasse k5rXH6wmBhE2bukfXFsz --PersistanceNoSQL__PersonnesConnectionString mongodb://db:27017 --PersistanceNoSQL__PersonnesDatabaseName personnes --PersistanceNoSQL__PersonnesCollectionName personnes --OIDC__Authority http://localhost:8080/realms/LivreENI/ --OIDC__ClientId appli-eni", + "launchBrowser": true, + "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}", + "DockerfileRunArguments": "-p 7070:443 --network exerciceeni", + "publishAllPorts": true, + "useSSL": true } } +} \ No newline at end of file diff --git a/TestOIDCBlazorWASM/Server/TestOIDCBlazorWASM.Server.csproj b/TestOIDCBlazorWASM/Server/TestOIDCBlazorWASM.Server.csproj index ab369e5..3c0317f 100644 --- a/TestOIDCBlazorWASM/Server/TestOIDCBlazorWASM.Server.csproj +++ b/TestOIDCBlazorWASM/Server/TestOIDCBlazorWASM.Server.csproj @@ -4,6 +4,9 @@ net6.0 enable enable + b07f3fe9-33a1-4452-bf38-32eaf1af3a63 + Linux + ..\.. @@ -11,6 +14,7 @@ + diff --git a/TestOIDCBlazorWASM/Server/appsettings.json b/TestOIDCBlazorWASM/Server/appsettings.json index c9a2a4c..2760642 100644 --- a/TestOIDCBlazorWASM/Server/appsettings.json +++ b/TestOIDCBlazorWASM/Server/appsettings.json @@ -11,14 +11,12 @@ "NomQueueMessagesCreationPersonnes": "personnes" }, "PersistanceNoSQL": { - "PersonnesConnectionString": "mongodb://dbnosql:27017", + "PersonnesConnectionString": "mongodb://db:27017", "PersonnesDatabaseName": "personnes", "PersonnesCollectionName": "personnes" }, "OIDC": { "TargetUserRolesClaimName": "user_roles", - "Authority": "http://localhost:8080/realms/LivreENI/", - "ClientId": "appli-eni", "Audience": "account", "NameClaimType": "preferred_username", "ModelePourRoleClaim": "resource_access.${client_id}.roles"