BasketApi: Add authorizationHeader (pass bearer from Swagger Ui to authorize request...).

MVC: Solve some design feedback (filter selector in catalog) CatalogApi: Move models from infrastructure to Model folder.
2016-12-21 11:30:11 +01:00 · 2016-12-21 11:30:11 +01:00 · d8a0d9bb66
commit d8a0d9bb66
parent 17ee5d5989
12 changed files with 9044 additions and 16 deletions
--- a/add-firewall-docker.ps1
+++ b/add-firewall-docker.ps1
@ -0,0 +1,23 @@
 param([switch]$Elevated)
 function Check-Admin {
 $currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
 $currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
 }
 if ((Check-Admin) -eq $false)  {
 if ($elevated)
 {
 # could not elevate, quit
 }
 else {
 Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
 }
 exit
 }
 $reglas = Get-NetFirewallRule -DisplayName 'EshopDocker'
 if ($reglas.Length -gt 0)
 {
    New-NetFirewallRule -DisplayName EshopDocker -Confirm -Description "Eshop on Containers" -LocalAddress Any -LocalPort Any -Protocol tcp -RemoteAddress Any -RemotePort 5100-5105 -Direction Inbound
    New-NetFirewallRule -DisplayName EshopDocker -Confirm -Description "Eshop on Containers" -LocalAddress Any -LocalPort Any -Protocol tcp -RemoteAddress Any -RemotePort 5100-5105 -Direction Outbound
 }
--- a/docker-compose.override.yml
+++ b/docker-compose.override.yml
@ -14,18 +14,21 @@ services:
      - CatalogUrl=http://catalog.api
      - OrderingUrl=http://ordering.api:5102
      #- IdentityUrl=http://13.88.8.119:5105           #Remote: VM Needs to have public access at 5105. 
-      #- IdentityUrl=http://10.0.75.1:5105              #Local: You need to open windows firewall at range 5100-5105. 
+      - IdentityUrl=http://10.0.75.1:5105              #Local: You need to open windows firewall at range 5100-5105. 
-      - IdentityUrl=http://identity.service:5105        #Local: You need a entry in windows host file to run identity in local docker. 
+      #- IdentityUrl=http://identity.service:5105      #Local: You need a entry in windows host file to run identity in local docker. 
      - BasketUrl=http://basket.api:5103
    ports:
      - "5100:5100"
    links:
      - identity.service:10.0.75.1
  webspa:
    environment:
      - CatalogUrl=http://catalog.api
      - OrderingUrl=http://ordering.api
-      #- IdentityUrl=http://13.88.8.119:5105           #Remote: VM Needs to have public access at 5105. 
+      #- IdentityUrl=http://13.88.8.119:5105            #Remote: VM Needs to have public access at 5105. 
-      - IdentityUrl=http://identity.service:5105        #Local: You need a entry in windows host file to run identity in local docker. 
+      #- IdentityUrl=http://identity.service:5105       #Local: You need a entry in windows host file to run identity in local docker. 
      - IdentityUrl=http://10.0.75.1:5105               #Local: You need to open windows firewall at range 5100-5105. 
      - BasketUrl=http://basket.api:5103                
    ports:
      - "5104:80"
@ -34,7 +37,8 @@ services:
    environment:
      - ConnectionString=basket.data
      #- identityUrl=http://13.88.8.119:5105             #Remote
-      - identityUrl=http://identity.service:5105        #Local: You need a entry in windows host file to run identity in local docker. 
+      #- identityUrl=http://identity.service:5105        #Local: You need a entry in windows host file to run identity in local docker. 
      - identityUrl=http://10.0.75.1:5105                #Local: You need to open windows firewall at range 5100-5105. 
    ports:
      - "5103:5103"
@ -47,8 +51,9 @@ services:
  ordering.api:
    environment:
      - ConnectionString=Server=sql.data;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word
-      - identityUrl=http://identity.service:5105    #local
+      #- identityUrl=http://13.88.8.119:5105             #Remote: VM Needs to have public access at 5105. 
-      #- identityUrl=http://13.88.8.119:5105           #remote
+      #- identityUrl=http://identity.service:5105        #Local: You need a entry in windows host file to run identity in local docker. 
      - identityUrl=http://10.0.75.1:5105                #Local: You need to open windows firewall at range 5100-5105. 
    ports:
      - "5102:5102"
@ -56,9 +61,9 @@ services:
    environment:
      - SpaClient=http://localhost:5104
      - ConnectionStrings__DefaultConnection=Server=sql.data;Database=Microsoft.eShopOnContainers.Service.IdentityDb;User Id=sa;Password=Pass@word
-      #- MvcClient=http://13.88.8.119:5100             #Remote: VM Needs to have public access at 5105. 
+      #- MvcClient=http://13.88.8.119:5100              #Remote: VM Needs to have public access at 5105. 
      - MvcClient=http://localhost:5100                 #Local: You need a entry in windows host file to run identity in local docker. 
-                                                        #10.0.75.1:5105 CCE/TODO: try to avoid host entry. 
+      - MvcClient=http://10.0.75.1:5100                 #Local: You need to open windows firewall at range 5100-5105. 
    ports:
      - "5105:5105"
--- a/src/Services/Basket/Basket.API/Auth/Client/enable-token-client.js
+++ b/src/Services/Basket/Basket.API/Auth/Client/enable-token-client.js
@ -0,0 +1,28 @@
 (function ($, swaggerUi) {
    $(function () {
        var settings = {
            authority: 'https://localhost:5105',
            client_id: 'js',
            popup_redirect_uri: window.location.protocol
                + '//'
                + window.location.host
                + '/tokenclient/popup.html',
            response_type: 'id_token token',
            scope: 'openid profile basket',
            filter_protocol_claims: true
        },
        manager = new OidcTokenManager(settings),
        $inputApiKey = $('#input_apiKey');
        $inputApiKey.on('dblclick', function () {
            manager.openPopupForTokenAsync()
                .then(function () {
                    $inputApiKey.val(manager.access_token).change();
                }, function (error) {
                    console.error(error);
                });
        });
    });
 })(jQuery, window.swaggerUi);
--- a/src/Services/Basket/Basket.API/Auth/Client/oidc-token-manager.js
+++ b/src/Services/Basket/Basket.API/Auth/Client/oidc-token-manager.js
--- a/src/Services/Basket/Basket.API/Auth/Client/popup.html
+++ b/src/Services/Basket/Basket.API/Auth/Client/popup.html
@ -0,0 +1,13 @@
 <!DOCTYPE html>
 <html>
 <head>
    <title></title>
    <meta charset="utf-8" />
 </head>
 <body>
    <script type="text/javascript" src="oidc-token-manager.min.js"></script>
    <script type="text/javascript">
    new OidcTokenManager().processTokenPopup();
    </script>
 </body>
 </html> 
--- a/src/Services/Basket/Basket.API/Auth/Server/AuthorizationHeaderParameterOperationFilter.cs
+++ b/src/Services/Basket/Basket.API/Auth/Server/AuthorizationHeaderParameterOperationFilter.cs
@ -0,0 +1,35 @@
 using Microsoft.AspNetCore.Mvc.Authorization;
 using Swashbuckle.Swagger.Model;
 using Swashbuckle.SwaggerGen.Generator;
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
 namespace Microsoft.eShopOnContainers.Services.Basket.API.Auth.Server
 {
    public class AuthorizationHeaderParameterOperationFilter : IOperationFilter
    {
        public void Apply(Operation operation, OperationFilterContext context)
        {
            var filterPipeline = context.ApiDescription.ActionDescriptor.FilterDescriptors;
            var isAuthorized = filterPipeline.Select(filterInfo => filterInfo.Filter).Any(filter => filter is AuthorizeFilter);
            var allowAnonymous = filterPipeline.Select(filterInfo => filterInfo.Filter).Any(filter => filter is IAllowAnonymousFilter);
            if (isAuthorized && !allowAnonymous)
            {
                if (operation.Parameters == null)
                    operation.Parameters = new List<IParameter>();
                operation.Parameters.Add(new NonBodyParameter
                {
                    Name = "Authorization",
                    In = "header",
                    Description = "access token",
                    Required = true,
                    Type = "string"
                });
            }
        }
    }
 }
--- a/src/Services/Basket/Basket.API/Auth/Server/IdentitySecurityScheme.cs
+++ b/src/Services/Basket/Basket.API/Auth/Server/IdentitySecurityScheme.cs
@ -0,0 +1,23 @@
 using Swashbuckle.Swagger.Model;
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
 namespace Microsoft.eShopOnContainers.Services.Basket.API.Auth.Server
 {
    public class IdentitySecurityScheme:SecurityScheme
    {
        public IdentitySecurityScheme()
        {
            Type = "IdentitySecurityScheme";
            Description = "Security definition that provides to the user of Swagger a mechanism to obtain a token from the identity service that secures the api";
            Extensions.Add("authorizationUrl", "http://localhost:5103/Auth/Client/popup.html");
            Extensions.Add("flow", "implicit");
            Extensions.Add("scopes", new List<string>
            {
                "basket"
            });
        }
    }
 }
--- a/src/Services/Basket/Basket.API/Startup.cs
+++ b/src/Services/Basket/Basket.API/Startup.cs
@ -11,6 +11,8 @@ using Microsoft.eShopOnContainers.Services.Basket.API.Model;
 using StackExchange.Redis;
 using Microsoft.Extensions.Options;
 using System.Net;
 using Swashbuckle.Swagger.Model;
 using Microsoft.eShopOnContainers.Services.Basket.API.Auth.Server;
 namespace Microsoft.eShopOnContainers.Services.Basket.API
 {
@ -48,8 +50,11 @@ namespace Microsoft.eShopOnContainers.Services.Basket.API
            });
            services.AddSwaggerGen();
            //var sch = new IdentitySecurityScheme();
            services.ConfigureSwaggerGen(options =>
            {
                //options.AddSecurityDefinition("IdentityServer", sch);
                options.OperationFilter<AuthorizationHeaderParameterOperationFilter>();
                options.DescribeAllEnumsAsStrings();
                options.SingleApiVersion(new Swashbuckle.Swagger.Model.Info()
                {
@ -79,6 +84,8 @@ namespace Microsoft.eShopOnContainers.Services.Basket.API
            loggerFactory.AddConsole(Configuration.GetSection("Logging"));
            loggerFactory.AddDebug();
            app.UseStaticFiles();
            // Use frameworks
            app.UseCors("CorsPolicy");
--- a/src/Services/Catalog/Catalog.API/Controllers/CatalogController.cs
+++ b/src/Services/Catalog/Catalog.API/Controllers/CatalogController.cs
@ -4,6 +4,7 @@ namespace Microsoft.eShopOnContainers.Services.Catalog.API.Controllers
    using Microsoft.AspNetCore.Mvc;
    using Microsoft.EntityFrameworkCore;
    using Microsoft.eShopOnContainers.Services.Catalog.API.Infrastructure;
    using Model;
    using System;
    using System.Linq;
    using System.Threading.Tasks;
--- a/src/Services/Ordering/Ordering.API/Controllers/OrdersController.cs
+++ b/src/Services/Ordering/Ordering.API/Controllers/OrdersController.cs
@ -11,7 +11,7 @@
    using System.Threading.Tasks;
    [Route("api/v1/[controller]")]
-    //[Authorize]
+    [Authorize]
    public class OrdersController : Controller
    {
        private readonly IMediator _mediator;
--- a/src/Services/Ordering/Ordering.API/Startup.cs
+++ b/src/Services/Ordering/Ordering.API/Startup.cs
@ -5,7 +5,6 @@
    using Infrastructure;
    using Infrastructure.AutofacModules;
    using Infrastructure.Filters;
    using MediatR;
    using Microsoft.AspNetCore.Builder;
    using Microsoft.AspNetCore.Hosting;
    using Microsoft.EntityFrameworkCore;
@ -15,8 +14,6 @@
    using Ordering.Infrastructure;
    using System;
    using System.Reflection;
    using System.Threading;
    using System.Threading.Tasks;
    public class Startup
    {
--- a/src/Web/WebMVC/wwwroot/css/site.min.css
+++ b/src/Web/WebMVC/wwwroot/css/site.min.css