Enforce anti-forgery keys in Appdomain.CurrentDomain.BaseDirectory

BantFlags/Controllers/FlagsController.cs

@@ -2,9 +2,6 @@
 using BantFlags.Data.Database;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using System;
-using System.Data.Common;
-using System.Linq;
 using System.Threading.Tasks;
 
 namespace BantFlags.Controllers
@@ -74,6 +71,9 @@ namespace BantFlags.Controllers
             return Ok(post);
         }
 
+        /// <summary>
+        /// Gets the list of supported flags.
+        /// </summary>
         [HttpGet]
         [Route("flags")]
         [ProducesResponseType(StatusCodes.Status200OK)]

BantFlags/Data/FlagModel.cs

@@ -39,7 +39,7 @@ namespace BantFlags.Data
 
             foreach (string flag in flags)
             {
-                if (!knownFlags.Contains(flag)) // Not ideal but it's better than doing it in the controller / passing the database here.
+                if (!knownFlags.Contains(flag)) // Not ideal but it's better than doing it in the controller or passing the database here.
                 {
                     flags = new string[] { "empty, or there were errors. Re-set your flags." };
                     break;

BantFlags/Data/MySqlConnectionPool.cs

@@ -35,6 +35,7 @@ namespace BantFlags.Data
         {
             return new PoolObject<MySqlConnection>(await Connections.TakeAsync(), obj =>
             {
+                // TODO: Why can't I use EnsureConnectionIsOpen() here?
                 if (obj.State != ConnectionState.Open)
                 {
                     obj.Open();

BantFlags/Program.cs

@@ -1,7 +1,6 @@
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Hosting;
-using System;
 using System.IO;
 
 namespace BantFlags
@@ -22,7 +21,7 @@ namespace BantFlags
                 .ConfigureAppConfiguration((host, config) =>
                 {
                     // Explicitly look for appsettings.json in the program's directory
-                    config.AddJsonFile(Path.Join(AppDomain.CurrentDomain.BaseDirectory + "appsettings.json"), optional: false, reloadOnChange: false);
+                    config.AddJsonFile(Path.Join(System.AppDomain.CurrentDomain.BaseDirectory + "appsettings.json"), optional: false, reloadOnChange: false);
                 });
     }
 }

BantFlags/Startup.cs

@@ -26,16 +26,16 @@ namespace BantFlags
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddControllers()
-                .AddNewtonsoftJson();
+            services.AddControllers().AddNewtonsoftJson();
 
             services.AddRazorPages();
 
+            // TODO: this shouldn't just be for Linux.
             if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) // For image upload during production.
             {
                 services.AddDataProtection()
                     .SetApplicationName("BantFlags")
-                    .PersistKeysToFileSystem(new DirectoryInfo(@"/var/www/dotnet/bantflags/wtf-keys/"));
+                    .PersistKeysToFileSystem(new DirectoryInfo(Path.Combine(System.AppDomain.CurrentDomain.BaseDirectory, "keys")));
             }
 
             services.AddSingleton(new DatabaseService(Configuration.GetSection("dbconfig").Get<DatabaseServiceConfig>()));