feat: api resource isolation configuration

Aguafrommars · Jun 29, 2022 · 7e28899 · 7e28899
1 parent 488ff73
commit 7e28899
Show file tree

Hide file tree

Showing 16 changed files with 102 additions and 123 deletions.
diff --git a/src/Aguacongas.TheIdServer.Duende/Localization-fr.json b/src/Aguacongas.TheIdServer.Duende/Localization-fr.json
@@ -2126,5 +2126,9 @@
   {
     "key": "claims cache sliding expiration",
     "value": "expiration du glissement du cache des réclamations"
+  },
+  {
+    "key": "require resource indicator",
+    "value": "indicateur de resource requis"
   }
 ]
diff --git a/src/Aguacongas.TheIdServer.Shared/SeedData.cs b/src/Aguacongas.TheIdServer.Shared/SeedData.cs
@@ -207,6 +207,10 @@ private static void SeedApis(IConfiguration configuration, IServiceProvider prov
                         DisplayName = resource.DisplayName,
                         Enabled = resource.Enabled,
                         Id = resource.Name,
+
+#if DUENDE
+                        RequireResourceIndicator = resource.RequireResourceIndicator
+#endif
                     }).GetAwaiter().GetResult();
                 }
                 catch (ArgumentException)

diff --git a/src/BlazorApp/Aguacongas.TheIdServer.BlazorApp.Pages.Api/Api.razor b/src/BlazorApp/Aguacongas.TheIdServer.BlazorApp.Pages.Api/Api.razor
@@ -96,6 +96,13 @@ else
                             </div>
                         </div>
                         <ApiResources Collection="@Model.Resources" ResourceKind="@Entity.EntityResourceKind.Description"></ApiResources>
+                        <div class="mb-3 row">
+                            <label class="col col-form-label">
+                            </label>
+                            <div class="col-lg-10 col-sm-12">
+                                <AuthorizeCheckbox Name="requireResourceIndicator" Label="@Localizer["require resource indicator"]" @bind-Value="@Model.RequireResourceIndicator" />
+                            </div>
+                        </div>
                     </div>
                 </div>
                 <div id="secrets" class="card mb-3">

diff --git a/src/IdentityServer/Aguacongas.IdentityServer.Store/Entity/Api.cs b/src/IdentityServer/Aguacongas.IdentityServer.Store/Entity/Api.cs
@@ -56,6 +56,13 @@ public class ProtectResource : IAuditable, ICloneable<ProtectResource>, ILocaliz
         /// </value>
         public bool NonEditable { get; set; }
 
+        /// <summary>
+        /// Indicates if this API resource requires the resource indicator to request it,
+        /// and expects access tokens issued to it will only ever contain this API resource
+        /// as the audience.
+        /// </summary>
+        public bool RequireResourceIndicator { get; set; }
+
         /// <summary>
         /// Gets or sets the secrets.
         /// </summary>

diff --git a/...grations/Aguacongas.TheIdServer.MySql.Startup/Aguacongas.TheIdServer.MySql.Startup.csproj b/...grations/Aguacongas.TheIdServer.MySql.Startup/Aguacongas.TheIdServer.MySql.Startup.csproj
@@ -4,7 +4,6 @@
 		<OutputType>Exe</OutputType>
 		<TargetFramework>net6.0</TargetFramework>
 		<RootNamespace>Aguacongas.TheIdServer.MySql</RootNamespace>
-		<StartupObject>Aguacongas.TheIdServer.MySql.Program</StartupObject>
 		<Authors>Olivier Lefebvre</Authors>
 		<Copyright>Copyright (c) 2022 @Olivier Lefebvre</Copyright>
 		<PackageLicenseExpression>Apache-2.0</PackageLicenseExpression>

diff --git a/src/IdentityServer/Migrations/Aguacongas.TheIdServer.MySql.Startup/Program.cs b/src/IdentityServer/Migrations/Aguacongas.TheIdServer.MySql.Startup/Program.cs
@@ -2,36 +2,24 @@
 // Copyright (c) 2022 @Olivier Lefebvre
 using Aguacongas.IdentityServer.EntityFramework.Store;
 using Aguacongas.TheIdServer.Data;
-using Aguacongas.TheIdServer.Models;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using System;
-using System.Diagnostics.CodeAnalysis;
 
-namespace Aguacongas.TheIdServer.MySql
-{
-    [SuppressMessage("Major Code Smell", "S1118:Utility classes should not have public constructors", Justification = "<Pending>")]
-    public class Program
+var host = Host.CreateDefaultBuilder(args)
+    .ConfigureAppConfiguration(builder => builder.AddJsonFile("appsettings.json"))
+    .ConfigureServices((hostContext, services) =>
     {
-        public static void Main(string[] args)
-        {
-            CreateHostBuilder(args).Build().Run();
-        }
+        var cn = hostContext.Configuration.GetConnectionString("db");
 
-        public static IHostBuilder CreateHostBuilder(string[] args) =>
-            Host.CreateDefaultBuilder(args)
-                .ConfigureAppConfiguration(builder => builder.AddJsonFile("appsettings.json"))
-                .ConfigureServices((hostContext, services) =>
-                {
-                    var cn = hostContext.Configuration.GetConnectionString("db");
+        Action<DbContextOptionsBuilder> optionsAction = options => options.UseMySql(cn, ServerVersion.AutoDetect(cn), options => options.MigrationsAssembly("Aguacongas.TheIdServer.Migrations.MySql"));
+        services.AddDbContext<ApplicationDbContext>(optionsAction)
+            .AddDbContext<ConfigurationDbContext>(optionsAction)
+            .AddDbContext<OperationalDbContext>(optionsAction);
+    });
 
-                    Action<DbContextOptionsBuilder> optionsAction = options => options.UseMySql(cn, ServerVersion.AutoDetect(cn), options => options.MigrationsAssembly("Aguacongas.TheIdServer.Migrations.MySql"));
-                    services.AddDbContext<ApplicationDbContext>(optionsAction)
-                        .AddDbContext<ConfigurationDbContext>(optionsAction)
-                        .AddDbContext<OperationalDbContext>(optionsAction);
-                });
+var app = host.Build();
 
-    }
-}
+await app.RunAsync();
diff --git a/...ations/Aguacongas.TheIdServer.Oracle.Startup/Aguacongas.TheIdServer.Oracle.Startup.csproj b/...ations/Aguacongas.TheIdServer.Oracle.Startup/Aguacongas.TheIdServer.Oracle.Startup.csproj
@@ -4,7 +4,6 @@
 		<OutputType>Exe</OutputType>
 		<TargetFramework>net6.0</TargetFramework>
 		<RootNamespace>Aguacongas.TheIdServer.Oracle</RootNamespace>
-		<StartupObject>Aguacongas.TheIdServer.Oracle.Program</StartupObject>
 		<Authors>Olivier Lefebvre</Authors>
 		<Copyright>Copyright (c) 2022 @Olivier Lefebvre</Copyright>
 		<PackageLicenseExpression>Apache-2.0</PackageLicenseExpression>
@@ -13,7 +12,8 @@
 		<RepositoryType>git</RepositoryType>
     <IsPackable>false</IsPackable>
     <CodeAnalysisRuleSet>..\..\..\..\.sonarlint\aguacongas_theidservercsharp.ruleset</CodeAnalysisRuleSet>
-	</PropertyGroup>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>	</PropertyGroup>
 
 	<ItemGroup>
 	  <AdditionalFiles Include="..\..\..\..\.sonarlint\aguacongas_theidserver\CSharp\SonarLint.xml" Link="SonarLint.xml" />
@@ -31,4 +31,10 @@
 		<ProjectReference Include="..\Aguacongas.TheIdServer.Migrations.Oracle\Aguacongas.TheIdServer.Migrations.Oracle.csproj" />
 	</ItemGroup>
 
+	<ItemGroup>
+	  <None Update="appsettings.json">
+	    <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+	  </None>
+	</ItemGroup>
+
 </Project>
diff --git a/src/IdentityServer/Migrations/Aguacongas.TheIdServer.Oracle.Startup/Program.cs b/src/IdentityServer/Migrations/Aguacongas.TheIdServer.Oracle.Startup/Program.cs
@@ -2,36 +2,23 @@
 // Copyright (c) 2022 @Olivier Lefebvre
 using Aguacongas.IdentityServer.EntityFramework.Store;
 using Aguacongas.TheIdServer.Data;
-using Aguacongas.TheIdServer.Models;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
-using System;
-using System.Diagnostics.CodeAnalysis;
 
-namespace Aguacongas.TheIdServer.Oracle
-{
-    [SuppressMessage("Major Code Smell", "S1118:Utility classes should not have public constructors", Justification = "<Pending>")]
-    public class Program
+var host = Host.CreateDefaultBuilder(args)
+    .ConfigureAppConfiguration(builder => builder.AddJsonFile("appsettings.json"))
+    .ConfigureServices((hostContext, services) =>
     {
-        public static void Main(string[] args)
-        {
-            CreateHostBuilder(args).Build().Run();
-        }
+        var cn = hostContext.Configuration.GetConnectionString("db");
 
-        public static IHostBuilder CreateHostBuilder(string[] args) =>
-            Host.CreateDefaultBuilder(args)
-                .ConfigureAppConfiguration(builder => builder.AddJsonFile("appsettings.json"))
-                .ConfigureServices((hostContext, services) =>
-                {
-                    var cn = hostContext.Configuration.GetConnectionString("db");
+        Action<DbContextOptionsBuilder> optionsAction = options => options.UseOracle(cn, options => options.MigrationsAssembly("Aguacongas.TheIdServer.Migrations.Oracle"));
+        services.AddDbContext<ApplicationDbContext>(optionsAction)
+            .AddDbContext<ConfigurationDbContext>(optionsAction)
+            .AddDbContext<OperationalDbContext>(optionsAction);
+    });
 
-                    Action<DbContextOptionsBuilder> optionsAction = options => options.UseOracle(cn, options => options.MigrationsAssembly("Aguacongas.TheIdServer.Migrations.Oracle"));
-                    services.AddDbContext<ApplicationDbContext>(optionsAction)
-                        .AddDbContext<ConfigurationDbContext>(optionsAction)
-                        .AddDbContext<OperationalDbContext>(optionsAction);
-                });
+var app = host.Build();
 
-    }
-}
+await app.RunAsync();
diff --git a/src/IdentityServer/Migrations/Aguacongas.TheIdServer.Oracle.Startup/appsettings.json b/src/IdentityServer/Migrations/Aguacongas.TheIdServer.Oracle.Startup/appsettings.json
@@ -1,5 +1,5 @@
 {
   "ConnectionStrings": {
-    "db": "server=localhost;connect mode=SysDba;direct=True;service name=ORCLCDB.localdomain;user id=sys;password=Oradoc_db1"
+    "db": "server=localhost;connect mode=SysDba;direct=True;service name=ORCLCDB.localdomain;user id=sys;password=I2bnR1iD4X;License Key=utsgvkT8r1j0sszGsNKxQSBlvJuZ6IrsIc+y7aJ85Oh4/UJ9OYM0qT53OaInE8 qYosRr4YHX40ODF0BICuUXBO7zcBU0RMVULdANq2PlWZtS87MnuWXh4TcciW0j5Ttv39XGzwcaOWbh3fTNEZNn9dctxnB1gpQulQnmHAmh1kxMPAXZLF59tEkYJjWM3ajK4OI87C7NpNHpgQR/yOvychJggWxE4T1q7+xdBqop4b8Bq4+Xzni4//xloTZ8Jgu7y0V4m0NMGlpVAOE9OjgQyZI7dTpwK4DemhgZSmJxBZRtvy9hgdjBz+f2LlowVLYQ"
   }
 }
diff --git a/...guacongas.TheIdServer.PostgreSQL.Startup/Aguacongas.TheIdServer.PostgreSQL.Startup.csproj b/...guacongas.TheIdServer.PostgreSQL.Startup/Aguacongas.TheIdServer.PostgreSQL.Startup.csproj
@@ -4,7 +4,6 @@
 		<OutputType>Exe</OutputType>
 		<TargetFramework>net6.0</TargetFramework>
 		<RootNamespace>Aguacongas.TheIdServer.PostgreSQL</RootNamespace>
-		<StartupObject>Aguacongas.TheIdServer.PostgreSQL.Program</StartupObject>
 		<Authors>Olivier Lefebvre</Authors>
 		<Copyright>Copyright (c) 2022 @Olivier Lefebvre</Copyright>
 		<PackageLicenseExpression>Apache-2.0</PackageLicenseExpression>
@@ -31,4 +30,10 @@
 		<ProjectReference Include="..\Aguacongas.TheIdServer.Migrations.PostgreSQL\Aguacongas.TheIdServer.Migrations.PostgreSQL.csproj" />
 	</ItemGroup>
 
+	<ItemGroup>
+	  <None Update="appsettings.json">
+	    <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+	  </None>
+	</ItemGroup>
+
 </Project>
diff --git a/src/IdentityServer/Migrations/Aguacongas.TheIdServer.PostgreSQL.Startup/Program.cs b/src/IdentityServer/Migrations/Aguacongas.TheIdServer.PostgreSQL.Startup/Program.cs
@@ -2,36 +2,24 @@
 // Copyright (c) 2022 @Olivier Lefebvre
 using Aguacongas.IdentityServer.EntityFramework.Store;
 using Aguacongas.TheIdServer.Data;
-using Aguacongas.TheIdServer.Models;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using System;
-using System.Diagnostics.CodeAnalysis;
 
-namespace Aguacongas.TheIdServer.PostgreSQL
-{
-    [SuppressMessage("Major Code Smell", "S1118:Utility classes should not have public constructors", Justification = "<Pending>")]
-    public class Program
+var host = Host.CreateDefaultBuilder(args)
+    .ConfigureAppConfiguration(builder => builder.AddJsonFile("appsettings.json"))
+    .ConfigureServices((hostContext, services) =>
     {
-        public static void Main(string[] args)
-        {
-            CreateHostBuilder(args).Build().Run();
-        }
+        var cn = hostContext.Configuration.GetConnectionString("db");
 
-        public static IHostBuilder CreateHostBuilder(string[] args) =>
-            Host.CreateDefaultBuilder(args)
-                .ConfigureAppConfiguration(builder => builder.AddJsonFile("appsettings.json"))
-                .ConfigureServices((hostContext, services) =>
-                {
-                    var cn = hostContext.Configuration.GetConnectionString("db");
+        Action<DbContextOptionsBuilder> optionsAction = options => options.UseNpgsql(cn, options => options.MigrationsAssembly("Aguacongas.TheIdServer.Migrations.PostgreSQL"));
+        services.AddDbContext<ApplicationDbContext>(optionsAction)
+            .AddDbContext<ConfigurationDbContext>(optionsAction)
+            .AddDbContext<OperationalDbContext>(optionsAction);
+    });
 
-                    Action<DbContextOptionsBuilder> optionsAction = options => options.UseNpgsql(cn, options => options.MigrationsAssembly("Aguacongas.TheIdServer.Migrations.PostgreSQL"));
-                    services.AddDbContext<ApplicationDbContext>(optionsAction)
-                        .AddDbContext<ConfigurationDbContext>(optionsAction)
-                        .AddDbContext<OperationalDbContext>(optionsAction);
-                });
+var app = host.Build();
 
-    }
-}
+await app.RunAsync();
diff --git a/.../Aguacongas.TheIdServer.SqlServer.Startup/Aguacongas.TheIdServer.SqlServer.Startup.csproj b/.../Aguacongas.TheIdServer.SqlServer.Startup/Aguacongas.TheIdServer.SqlServer.Startup.csproj
@@ -4,7 +4,6 @@
 		<OutputType>Exe</OutputType>
 		<TargetFramework>net6.0</TargetFramework>
 		<RootNamespace>Aguacongas.TheIdServer.SqlServer</RootNamespace>
-		<StartupObject>Aguacongas.TheIdServer.SqlServer.Program</StartupObject>
 		<Authors>Olivier Lefebvre</Authors>
 		<Copyright>Copyright (c) 2022 @Olivier Lefebvre</Copyright>
 		<PackageLicenseExpression>Apache-2.0</PackageLicenseExpression>

diff --git a/src/IdentityServer/Migrations/Aguacongas.TheIdServer.SqlServer.Startup/Program.cs b/src/IdentityServer/Migrations/Aguacongas.TheIdServer.SqlServer.Startup/Program.cs
@@ -7,30 +7,19 @@
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using System;
-using System.Diagnostics.CodeAnalysis;
 
-namespace Aguacongas.TheIdServer.SqlServer
-{
-    [SuppressMessage("Major Code Smell", "S1118:Utility classes should not have public constructors", Justification = "<Pending>")]
-    public class Program
+var host = Host.CreateDefaultBuilder(args)
+    .ConfigureAppConfiguration(builder => builder.AddJsonFile("appsettings.json"))
+    .ConfigureServices((hostContext, services) =>
     {
-        public static void Main(string[] args)
-        {
-            CreateHostBuilder(args).Build().Run();
-        }
+        var cn = hostContext.Configuration.GetConnectionString("db");
 
-        public static IHostBuilder CreateHostBuilder(string[] args) =>
-            Host.CreateDefaultBuilder(args)
-                .ConfigureAppConfiguration(builder => builder.AddJsonFile("appsettings.json"))
-                .ConfigureServices((hostContext, services) =>
-                {
-                    var cn = hostContext.Configuration.GetConnectionString("db");
+        Action<DbContextOptionsBuilder> optionsAction = options => options.UseSqlServer(cn, options => options.MigrationsAssembly("Aguacongas.TheIdServer.Migrations.SqlServer"));
+        services.AddDbContext<ApplicationDbContext>(optionsAction)
+            .AddDbContext<ConfigurationDbContext>(optionsAction)
+            .AddDbContext<OperationalDbContext>(optionsAction);
+    });
 
-                    Action<DbContextOptionsBuilder> optionsAction = options => options.UseSqlServer(cn, options => options.MigrationsAssembly("Aguacongas.TheIdServer.Migrations.SqlServer"));
-                    services.AddDbContext<ApplicationDbContext>(optionsAction)
-                        .AddDbContext<ConfigurationDbContext>(optionsAction)
-                        .AddDbContext<OperationalDbContext>(optionsAction);
-                });
+var app = host.Build();
 
-    }
-}
+await app.RunAsync();
diff --git a/...ations/Aguacongas.TheIdServer.Sqlite.Startup/Aguacongas.TheIdServer.Sqlite.Startup.csproj b/...ations/Aguacongas.TheIdServer.Sqlite.Startup/Aguacongas.TheIdServer.Sqlite.Startup.csproj
@@ -4,7 +4,6 @@
 		<OutputType>Exe</OutputType>
 		<TargetFramework>net6.0</TargetFramework>
 		<RootNamespace>Aguacongas.TheIdServer.Sqlite</RootNamespace>
-		<StartupObject>Aguacongas.TheIdServer.Sqlite.Program</StartupObject>
 		<Authors>Olivier Lefebvre</Authors>
 		<Copyright>Copyright (c) 2022 @Olivier Lefebvre</Copyright>
 		<PackageLicenseExpression>Apache-2.0</PackageLicenseExpression>
@@ -31,4 +30,10 @@
 	  <ProjectReference Include="..\Aguacongas.TheIdServer.Migrations.Sqlite\Aguacongas.TheIdServer.Migrations.Sqlite.csproj" />
 	</ItemGroup>
 
+	<ItemGroup>
+	  <None Update="appsettings.json">
+	    <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+	  </None>
+	</ItemGroup>
+
 </Project>
diff --git a/src/IdentityServer/Migrations/Aguacongas.TheIdServer.Sqlite.Startup/Program.cs b/src/IdentityServer/Migrations/Aguacongas.TheIdServer.Sqlite.Startup/Program.cs
@@ -2,36 +2,24 @@
 // Copyright (c) 2022 @Olivier Lefebvre
 using Aguacongas.IdentityServer.EntityFramework.Store;
 using Aguacongas.TheIdServer.Data;
-using Aguacongas.TheIdServer.Models;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using System;
-using System.Diagnostics.CodeAnalysis;
 
-namespace Aguacongas.TheIdServer.Sqlite
-{
-    [SuppressMessage("Major Code Smell", "S1118:Utility classes should not have public constructors", Justification = "<Pending>")]
-    public class Program
+var host = Host.CreateDefaultBuilder(args)
+    .ConfigureAppConfiguration(builder => builder.AddJsonFile("appsettings.json"))
+    .ConfigureServices((hostContext, services) =>
     {
-        public static void Main(string[] args)
-        {
-            CreateHostBuilder(args).Build().Run();
-        }
+        var cn = hostContext.Configuration.GetConnectionString("db");
 
-        public static IHostBuilder CreateHostBuilder(string[] args) =>
-            Host.CreateDefaultBuilder(args)
-                .ConfigureAppConfiguration(builder => builder.AddJsonFile("appsettings.json"))
-                .ConfigureServices((hostContext, services) =>
-                {
-                    var cn = hostContext.Configuration.GetConnectionString("db");
+        Action<DbContextOptionsBuilder> optionsAction = options => options.UseSqlite(cn, options => options.MigrationsAssembly("Aguacongas.TheIdServer.Migrations.Sqlite"));
+        services.AddDbContext<ApplicationDbContext>(optionsAction)
+            .AddDbContext<ConfigurationDbContext>(optionsAction)
+            .AddDbContext<OperationalDbContext>(optionsAction);
+    });
 
-                    Action<DbContextOptionsBuilder> optionsAction = options => options.UseSqlite(cn, options => options.MigrationsAssembly("Aguacongas.TheIdServer.Migrations.Sqlite"));
-                    services.AddDbContext<ApplicationDbContext>(optionsAction)
-                        .AddDbContext<ConfigurationDbContext>(optionsAction)
-                        .AddDbContext<OperationalDbContext>(optionsAction);
-                });
+var app = host.Build();
 
-    }
-}
+await app.RunAsync();
diff --git a/src/IdentityServer/Shared/Aguacongas.IdentityServer.Shared/Extensions/EntityExtensions.cs b/src/IdentityServer/Shared/Aguacongas.IdentityServer.Shared/Extensions/EntityExtensions.cs
@@ -137,7 +137,10 @@ public static ApiResource ToApi(this Entity.ProtectResource api)
                 Name = api.Id,
                 Properties = api.Properties.ToDictionary(p => p.Key, p => p.Value),
                 Scopes = api.ApiScopes.Select(s => s.ApiScopeId).ToList(),
-                UserClaims = api.ApiClaims.Select(c => c.Type).ToList()
+                UserClaims = api.ApiClaims.Select(c => c.Type).ToList(),
+#if DUENDE
+                RequireResourceIndicator = api.RequireResourceIndicator
+#endif
             };
         }