Enforce anti-forgery keys in Appdomain.CurrentDomain.BaseDirectory

dotnetflags
C-xC-c 5 years ago
parent d196c55a12
commit c66bc732af

@ -2,9 +2,6 @@
using BantFlags.Data.Database;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Data.Common;
using System.Linq;
using System.Threading.Tasks;
namespace BantFlags.Controllers
@ -74,6 +71,9 @@ namespace BantFlags.Controllers
return Ok(post);
}
/// <summary>
/// Gets the list of supported flags.
/// </summary>
[HttpGet]
[Route("flags")]
[ProducesResponseType(StatusCodes.Status200OK)]

@ -39,7 +39,7 @@ namespace BantFlags.Data
foreach (string flag in flags)
{
if (!knownFlags.Contains(flag)) // Not ideal but it's better than doing it in the controller / passing the database here.
if (!knownFlags.Contains(flag)) // Not ideal but it's better than doing it in the controller or passing the database here.
{
flags = new string[] { "empty, or there were errors. Re-set your flags." };
break;

@ -35,6 +35,7 @@ namespace BantFlags.Data
{
return new PoolObject<MySqlConnection>(await Connections.TakeAsync(), obj =>
{
// TODO: Why can't I use EnsureConnectionIsOpen() here?
if (obj.State != ConnectionState.Open)
{
obj.Open();

@ -1,7 +1,6 @@
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Hosting;
using System;
using System.IO;
namespace BantFlags
@ -22,7 +21,7 @@ namespace BantFlags
.ConfigureAppConfiguration((host, config) =>
{
// Explicitly look for appsettings.json in the program's directory
config.AddJsonFile(Path.Join(AppDomain.CurrentDomain.BaseDirectory + "appsettings.json"), optional: false, reloadOnChange: false);
config.AddJsonFile(Path.Join(System.AppDomain.CurrentDomain.BaseDirectory + "appsettings.json"), optional: false, reloadOnChange: false);
});
}
}

@ -26,16 +26,16 @@ namespace BantFlags
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers()
.AddNewtonsoftJson();
services.AddControllers().AddNewtonsoftJson();
services.AddRazorPages();
// TODO: this shouldn't just be for Linux.
if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) // For image upload during production.
{
services.AddDataProtection()
.SetApplicationName("BantFlags")
.PersistKeysToFileSystem(new DirectoryInfo(@"/var/www/dotnet/bantflags/wtf-keys/"));
.PersistKeysToFileSystem(new DirectoryInfo(Path.Combine(System.AppDomain.CurrentDomain.BaseDirectory, "keys")));
}
services.AddSingleton(new DatabaseService(Configuration.GetSection("dbconfig").Get<DatabaseServiceConfig>()));

Loading…
Cancel
Save