Enforce anti-forgery keys in Appdomain.CurrentDomain.BaseDirectory

dotnetflags
C-xC-c 5 years ago
parent d196c55a12
commit c66bc732af

@ -2,9 +2,6 @@
using BantFlags.Data.Database; using BantFlags.Data.Database;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using System;
using System.Data.Common;
using System.Linq;
using System.Threading.Tasks; using System.Threading.Tasks;
namespace BantFlags.Controllers namespace BantFlags.Controllers
@ -74,6 +71,9 @@ namespace BantFlags.Controllers
return Ok(post); return Ok(post);
} }
/// <summary>
/// Gets the list of supported flags.
/// </summary>
[HttpGet] [HttpGet]
[Route("flags")] [Route("flags")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]

@ -39,7 +39,7 @@ namespace BantFlags.Data
foreach (string flag in flags) foreach (string flag in flags)
{ {
if (!knownFlags.Contains(flag)) // Not ideal but it's better than doing it in the controller / passing the database here. if (!knownFlags.Contains(flag)) // Not ideal but it's better than doing it in the controller or passing the database here.
{ {
flags = new string[] { "empty, or there were errors. Re-set your flags." }; flags = new string[] { "empty, or there were errors. Re-set your flags." };
break; break;

@ -35,6 +35,7 @@ namespace BantFlags.Data
{ {
return new PoolObject<MySqlConnection>(await Connections.TakeAsync(), obj => return new PoolObject<MySqlConnection>(await Connections.TakeAsync(), obj =>
{ {
// TODO: Why can't I use EnsureConnectionIsOpen() here?
if (obj.State != ConnectionState.Open) if (obj.State != ConnectionState.Open)
{ {
obj.Open(); obj.Open();

@ -1,7 +1,6 @@
using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Hosting;
using System;
using System.IO; using System.IO;
namespace BantFlags namespace BantFlags
@ -22,7 +21,7 @@ namespace BantFlags
.ConfigureAppConfiguration((host, config) => .ConfigureAppConfiguration((host, config) =>
{ {
// Explicitly look for appsettings.json in the program's directory // Explicitly look for appsettings.json in the program's directory
config.AddJsonFile(Path.Join(AppDomain.CurrentDomain.BaseDirectory + "appsettings.json"), optional: false, reloadOnChange: false); config.AddJsonFile(Path.Join(System.AppDomain.CurrentDomain.BaseDirectory + "appsettings.json"), optional: false, reloadOnChange: false);
}); });
} }
} }

@ -26,16 +26,16 @@ namespace BantFlags
// This method gets called by the runtime. Use this method to add services to the container. // This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services) public void ConfigureServices(IServiceCollection services)
{ {
services.AddControllers() services.AddControllers().AddNewtonsoftJson();
.AddNewtonsoftJson();
services.AddRazorPages(); services.AddRazorPages();
// TODO: this shouldn't just be for Linux.
if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) // For image upload during production. if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) // For image upload during production.
{ {
services.AddDataProtection() services.AddDataProtection()
.SetApplicationName("BantFlags") .SetApplicationName("BantFlags")
.PersistKeysToFileSystem(new DirectoryInfo(@"/var/www/dotnet/bantflags/wtf-keys/")); .PersistKeysToFileSystem(new DirectoryInfo(Path.Combine(System.AppDomain.CurrentDomain.BaseDirectory, "keys")));
} }
services.AddSingleton(new DatabaseService(Configuration.GetSection("dbconfig").Get<DatabaseServiceConfig>())); services.AddSingleton(new DatabaseService(Configuration.GetSection("dbconfig").Get<DatabaseServiceConfig>()));

Loading…
Cancel
Save