using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; using Bit.Api.Utilities; using Bit.Core; using Bit.Core.Context; using Bit.Core.Identity; using Bit.Core.Settings; using Newtonsoft.Json.Serialization; using AspNetCoreRateLimit; using Stripe; using Bit.Core.Utilities; using IdentityModel; using System.Globalization; using Microsoft.IdentityModel.Logging; using Microsoft.Extensions.Hosting; using Microsoft.OpenApi.Models; using System.Collections.Generic; using System; #if !OSS using Bit.CommCore.Utilities; #endif namespace Bit.Api { public class Startup { public Startup(IWebHostEnvironment env, IConfiguration configuration) { CultureInfo.DefaultThreadCurrentCulture = new CultureInfo("en-US"); Configuration = configuration; Environment = env; } public IConfiguration Configuration { get; private set; } public IWebHostEnvironment Environment { get; set; } public void ConfigureServices(IServiceCollection services) { // Options services.AddOptions(); // Settings var globalSettings = services.AddGlobalSettingsServices(Configuration); if (!globalSettings.SelfHosted) { services.Configure(Configuration.GetSection("IpRateLimitOptions")); services.Configure(Configuration.GetSection("IpRateLimitPolicies")); } // Data Protection services.AddCustomDataProtectionServices(Environment, globalSettings); // Event Grid if (!string.IsNullOrWhiteSpace(globalSettings.EventGridKey)) { ApiHelpers.EventGridKey = globalSettings.EventGridKey; } // Stripe Billing StripeConfiguration.ApiKey = globalSettings.StripeApiKey; // Repositories services.AddSqlServerRepositories(globalSettings); // Context services.AddScoped(); // Caching services.AddMemoryCache(); // BitPay services.AddSingleton(); if (!globalSettings.SelfHosted) { // Rate limiting services.AddSingleton(); services.AddSingleton(); } // Identity services.AddCustomIdentityServices(globalSettings); services.AddIdentityAuthenticationServices(globalSettings, Environment, config => { config.AddPolicy("Application", policy => { policy.RequireAuthenticatedUser(); policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application", "external"); policy.RequireClaim(JwtClaimTypes.Scope, "api"); }); config.AddPolicy("Web", policy => { policy.RequireAuthenticatedUser(); policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application", "external"); policy.RequireClaim(JwtClaimTypes.Scope, "api"); policy.RequireClaim(JwtClaimTypes.ClientId, "web"); }); config.AddPolicy("Push", policy => { policy.RequireAuthenticatedUser(); policy.RequireClaim(JwtClaimTypes.Scope, "api.push"); }); config.AddPolicy("Licensing", policy => { policy.RequireAuthenticatedUser(); policy.RequireClaim(JwtClaimTypes.Scope, "api.licensing"); }); config.AddPolicy("Organization", policy => { policy.RequireAuthenticatedUser(); policy.RequireClaim(JwtClaimTypes.Scope, "api.organization"); }); }); services.AddScoped(); // Services services.AddBaseServices(); services.AddDefaultServices(globalSettings); services.AddCoreLocalizationServices(); #if OSS services.AddOosServices(); #else services.AddCommCoreServices(); #endif // MVC services.AddMvc(config => { config.Conventions.Add(new ApiExplorerGroupConvention()); config.Conventions.Add(new PublicApiControllersModelConvention()); }).AddNewtonsoftJson(options => { if (Environment.IsProduction() && Configuration["swaggerGen"] != "true") { options.SerializerSettings.ContractResolver = new DefaultContractResolver(); } }); services.AddSwagger(globalSettings); Jobs.JobsHostedService.AddJobsServices(services); services.AddHostedService(); if (globalSettings.SelfHosted) { // Jobs service Jobs.JobsHostedService.AddJobsServices(services); services.AddHostedService(); } if (CoreHelpers.SettingHasValue(globalSettings.ServiceBus.ConnectionString) && CoreHelpers.SettingHasValue(globalSettings.ServiceBus.ApplicationCacheTopicName)) { services.AddHostedService(); } } public void Configure( IApplicationBuilder app, IWebHostEnvironment env, IHostApplicationLifetime appLifetime, GlobalSettings globalSettings, ILogger logger) { IdentityModelEventSource.ShowPII = true; app.UseSerilog(env, appLifetime, globalSettings); // Default Middleware app.UseDefaultMiddleware(env, globalSettings); if (!globalSettings.SelfHosted) { // Rate limiting app.UseMiddleware(); } else { app.UseForwardedHeaders(globalSettings); } // Add localization app.UseCoreLocalization(); // Add static files to the request pipeline. app.UseStaticFiles(); // Add routing app.UseRouting(); // Add Cors app.UseCors(policy => policy.SetIsOriginAllowed(o => CoreHelpers.IsCorsOriginAllowed(o, globalSettings)) .AllowAnyMethod().AllowAnyHeader().AllowCredentials()); // Add authentication and authorization to the request pipeline. app.UseAuthentication(); app.UseAuthorization(); // Add current context app.UseMiddleware(); // Add endpoints to the request pipeline. app.UseEndpoints(endpoints => endpoints.MapDefaultControllerRoute()); // Add Swagger if (Environment.IsDevelopment() || globalSettings.SelfHosted) { app.UseSwagger(config => { config.RouteTemplate = "specs/{documentName}/swagger.json"; config.PreSerializeFilters.Add((swaggerDoc, httpReq) => swaggerDoc.Servers = new List { new OpenApiServer { Url = globalSettings.BaseServiceUri.Api } }); }); app.UseSwaggerUI(config => { config.DocumentTitle = "Bitwarden API Documentation"; config.RoutePrefix = "docs"; config.SwaggerEndpoint($"{globalSettings.BaseServiceUri.Api}/specs/public/swagger.json", "Bitwarden Public API"); config.OAuthClientId("accountType.id"); config.OAuthClientSecret("secretKey"); }); } // Log startup logger.LogInformation(Constants.BypassFiltersEventId, globalSettings.ProjectName + " started."); } } }