BasketApi: Add authorizationHeader (pass bearer from Swagger Ui to authorize request...).

MVC: Solve some design feedback (filter selector in catalog)

CatalogApi: Move models from infrastructure to Model folder.

add-firewall-docker.ps1

@@ -0,0 +1,23 @@
+param([switch]$Elevated)
+function Check-Admin {
+$currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
+$currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
+}
+if ((Check-Admin) -eq $false)  {
+if ($elevated)
+{
+# could not elevate, quit
+}
+ 
+else {
+ 
+Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
+}
+exit
+}
+$reglas = Get-NetFirewallRule -DisplayName 'EshopDocker'
+if ($reglas.Length -gt 0)
+{
+    New-NetFirewallRule -DisplayName EshopDocker -Confirm -Description "Eshop on Containers" -LocalAddress Any -LocalPort Any -Protocol tcp -RemoteAddress Any -RemotePort 5100-5105 -Direction Inbound
+    New-NetFirewallRule -DisplayName EshopDocker -Confirm -Description "Eshop on Containers" -LocalAddress Any -LocalPort Any -Protocol tcp -RemoteAddress Any -RemotePort 5100-5105 -Direction Outbound
+}

docker-compose.override.yml

@@ -14,19 +14,22 @@ services:
       - CatalogUrl=http://catalog.api
       - OrderingUrl=http://ordering.api:5102
       #- IdentityUrl=http://13.88.8.119:5105           #Remote: VM Needs to have public access at 5105. 
-      #- IdentityUrl=http://10.0.75.1:5105              #Local: You need to open windows firewall at range 5100-5105. 
-      - IdentityUrl=http://identity.service:5105        #Local: You need a entry in windows host file to run identity in local docker. 
+      - IdentityUrl=http://10.0.75.1:5105              #Local: You need to open windows firewall at range 5100-5105. 
+      #- IdentityUrl=http://identity.service:5105      #Local: You need a entry in windows host file to run identity in local docker. 
       - BasketUrl=http://basket.api:5103
     ports:
       - "5100:5100"
+    links:
+      - identity.service:10.0.75.1
 
   webspa:
     environment:
       - CatalogUrl=http://catalog.api
       - OrderingUrl=http://ordering.api
-      #- IdentityUrl=http://13.88.8.119:5105           #Remote: VM Needs to have public access at 5105. 
-      - IdentityUrl=http://identity.service:5105        #Local: You need a entry in windows host file to run identity in local docker. 
-      - BasketUrl=http://basket.api:5103
+      #- IdentityUrl=http://13.88.8.119:5105            #Remote: VM Needs to have public access at 5105. 
+      #- IdentityUrl=http://identity.service:5105       #Local: You need a entry in windows host file to run identity in local docker. 
+      - IdentityUrl=http://10.0.75.1:5105               #Local: You need to open windows firewall at range 5100-5105. 
+      - BasketUrl=http://basket.api:5103                
     ports:
       - "5104:80"
 
@@ -34,7 +37,8 @@ services:
     environment:
       - ConnectionString=basket.data
       #- identityUrl=http://13.88.8.119:5105             #Remote
-      - identityUrl=http://identity.service:5105        #Local: You need a entry in windows host file to run identity in local docker. 
+      #- identityUrl=http://identity.service:5105        #Local: You need a entry in windows host file to run identity in local docker. 
+      - identityUrl=http://10.0.75.1:5105                #Local: You need to open windows firewall at range 5100-5105. 
     ports:
       - "5103:5103"
 
@@ -47,8 +51,9 @@ services:
   ordering.api:
     environment:
       - ConnectionString=Server=sql.data;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word
-      - identityUrl=http://identity.service:5105    #local
-      #- identityUrl=http://13.88.8.119:5105           #remote
+      #- identityUrl=http://13.88.8.119:5105             #Remote: VM Needs to have public access at 5105. 
+      #- identityUrl=http://identity.service:5105        #Local: You need a entry in windows host file to run identity in local docker. 
+      - identityUrl=http://10.0.75.1:5105                #Local: You need to open windows firewall at range 5100-5105. 
     ports:
       - "5102:5102"
 
@@ -56,9 +61,9 @@ services:
     environment:
       - SpaClient=http://localhost:5104
       - ConnectionStrings__DefaultConnection=Server=sql.data;Database=Microsoft.eShopOnContainers.Service.IdentityDb;User Id=sa;Password=Pass@word
-      #- MvcClient=http://13.88.8.119:5100             #Remote: VM Needs to have public access at 5105. 
+      #- MvcClient=http://13.88.8.119:5100              #Remote: VM Needs to have public access at 5105. 
       - MvcClient=http://localhost:5100                 #Local: You need a entry in windows host file to run identity in local docker. 
-                                                        #10.0.75.1:5105 CCE/TODO: try to avoid host entry. 
+      - MvcClient=http://10.0.75.1:5100                 #Local: You need to open windows firewall at range 5100-5105. 
     ports:
       - "5105:5105"
 

src/Services/Basket/Basket.API/Auth/Client/enable-token-client.js

@@ -0,0 +1,28 @@
+(function ($, swaggerUi) {
+    $(function () {
+        var settings = {
+            authority: 'https://localhost:5105',
+            client_id: 'js',
+            popup_redirect_uri: window.location.protocol
+                + '//'
+                + window.location.host
+                + '/tokenclient/popup.html',
+
+            response_type: 'id_token token',
+            scope: 'openid profile basket',
+
+            filter_protocol_claims: true
+        },
+        manager = new OidcTokenManager(settings),
+        $inputApiKey = $('#input_apiKey');
+
+        $inputApiKey.on('dblclick', function () {
+            manager.openPopupForTokenAsync()
+                .then(function () {
+                    $inputApiKey.val(manager.access_token).change();
+                }, function (error) {
+                    console.error(error);
+                });
+        });
+    });
+})(jQuery, window.swaggerUi);

src/Services/Basket/Basket.API/Auth/Client/popup.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title></title>
+    <meta charset="utf-8" />
+</head>
+<body>
+    <script type="text/javascript" src="oidc-token-manager.min.js"></script>
+    <script type="text/javascript">
+    new OidcTokenManager().processTokenPopup();
+    </script>
+</body>
+</html> 

src/Services/Basket/Basket.API/Auth/Server/AuthorizationHeaderParameterOperationFilter.cs

@@ -0,0 +1,35 @@
+using Microsoft.AspNetCore.Mvc.Authorization;
+using Swashbuckle.Swagger.Model;
+using Swashbuckle.SwaggerGen.Generator;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace Microsoft.eShopOnContainers.Services.Basket.API.Auth.Server
+{
+    public class AuthorizationHeaderParameterOperationFilter : IOperationFilter
+    {
+        public void Apply(Operation operation, OperationFilterContext context)
+        {
+            var filterPipeline = context.ApiDescription.ActionDescriptor.FilterDescriptors;
+            var isAuthorized = filterPipeline.Select(filterInfo => filterInfo.Filter).Any(filter => filter is AuthorizeFilter);
+            var allowAnonymous = filterPipeline.Select(filterInfo => filterInfo.Filter).Any(filter => filter is IAllowAnonymousFilter);
+
+            if (isAuthorized && !allowAnonymous)
+            {
+                if (operation.Parameters == null)
+                    operation.Parameters = new List<IParameter>();
+
+                operation.Parameters.Add(new NonBodyParameter
+                {
+                    Name = "Authorization",
+                    In = "header",
+                    Description = "access token",
+                    Required = true,
+                    Type = "string"
+                });
+            }
+        }
+    }
+}

src/Services/Basket/Basket.API/Auth/Server/IdentitySecurityScheme.cs

@@ -0,0 +1,23 @@
+using Swashbuckle.Swagger.Model;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace Microsoft.eShopOnContainers.Services.Basket.API.Auth.Server
+{
+    public class IdentitySecurityScheme:SecurityScheme
+    {
+        public IdentitySecurityScheme()
+        {
+            Type = "IdentitySecurityScheme";
+            Description = "Security definition that provides to the user of Swagger a mechanism to obtain a token from the identity service that secures the api";
+            Extensions.Add("authorizationUrl", "http://localhost:5103/Auth/Client/popup.html");
+            Extensions.Add("flow", "implicit");
+            Extensions.Add("scopes", new List<string>
+            {
+                "basket"
+            });
+        }
+    }
+}

src/Services/Basket/Basket.API/Startup.cs

@@ -11,6 +11,8 @@ using Microsoft.eShopOnContainers.Services.Basket.API.Model;
 using StackExchange.Redis;
 using Microsoft.Extensions.Options;
 using System.Net;
+using Swashbuckle.Swagger.Model;
+using Microsoft.eShopOnContainers.Services.Basket.API.Auth.Server;
 
 namespace Microsoft.eShopOnContainers.Services.Basket.API
 {
@@ -48,8 +50,11 @@ namespace Microsoft.eShopOnContainers.Services.Basket.API
             });
 
             services.AddSwaggerGen();
+            //var sch = new IdentitySecurityScheme();
             services.ConfigureSwaggerGen(options =>
             {
+                //options.AddSecurityDefinition("IdentityServer", sch);
+                options.OperationFilter<AuthorizationHeaderParameterOperationFilter>();
                 options.DescribeAllEnumsAsStrings();
                 options.SingleApiVersion(new Swashbuckle.Swagger.Model.Info()
                 {
@@ -79,6 +84,8 @@ namespace Microsoft.eShopOnContainers.Services.Basket.API
             loggerFactory.AddConsole(Configuration.GetSection("Logging"));
             loggerFactory.AddDebug();
 
+            app.UseStaticFiles();
+
             // Use frameworks
             app.UseCors("CorsPolicy");
 

src/Services/Catalog/Catalog.API/Controllers/CatalogController.cs

@@ -4,6 +4,7 @@ namespace Microsoft.eShopOnContainers.Services.Catalog.API.Controllers
     using Microsoft.AspNetCore.Mvc;
     using Microsoft.EntityFrameworkCore;
     using Microsoft.eShopOnContainers.Services.Catalog.API.Infrastructure;
+    using Model;
     using System;
     using System.Linq;
     using System.Threading.Tasks;

src/Services/Ordering/Ordering.API/Controllers/OrdersController.cs

@@ -11,7 +11,7 @@
     using System.Threading.Tasks;
 
     [Route("api/v1/[controller]")]
-    //[Authorize]
+    [Authorize]
     public class OrdersController : Controller
     {
         private readonly IMediator _mediator;

src/Services/Ordering/Ordering.API/Startup.cs

@@ -5,7 +5,6 @@
     using Infrastructure;
     using Infrastructure.AutofacModules;
     using Infrastructure.Filters;
-    using MediatR;
     using Microsoft.AspNetCore.Builder;
     using Microsoft.AspNetCore.Hosting;
     using Microsoft.EntityFrameworkCore;
@@ -15,8 +14,6 @@
     using Ordering.Infrastructure;
     using System;
     using System.Reflection;
-    using System.Threading;
-    using System.Threading.Tasks;
 
     public class Startup
     {
@@ -64,7 +61,7 @@
                     Title = "Ordering HTTP API",
                     Version = "v1",
                     Description = "The Ordering Service HTTP API",
-                    TermsOfService = "Terms Of Service"
+                    TermsOfService = "Terms Of Service" 
                 });
             });