add SecurityHeaders middleware

thangchung · thangchung · commit de9babddd6f8 · 2021-03-11T22:40:16.000+07:00
diff --git a/restclient.http b/restclient.http
@@ -1,13 +1,13 @@
 @host = http://localhost:5000
 
 ###
-GET {{host}}/product-api/products?api-version=1.0 HTTP/1.1
+GET {{host}}/product-api/v1/products HTTP/1.1
 content-type: {{contentType}}
 x-query: {"filters":[{"fieldName": "Name", "comparision": "Contains", "fieldValue": "test"}],"sorts":["nameDesc"],"page":1,"pageSize":20}
 
 ###
 @id = 23537dac-303f-446f-be2a-1dbea22b3eba
-GET {{host}}/product-api/products/{{id}}?api-version=1.0 HTTP/1.1
+GET {{host}}/product-api/v1/products/{{id}} HTTP/1.1
 content-type: {{contentType}}
 
 ###
@@ -16,7 +16,7 @@ GET {{host}}/setting-api/countries/{{country-id}} HTTP/1.1
 content-type: {{contentType}}
 
 ###
-POST {{host}}/product-api/products?api-version=1.0 HTTP/1.1
+POST {{host}}/product-api/v1/products HTTP/1.1
 content-type: {{contentType}}
 
 {
@@ -29,7 +29,7 @@ content-type: {{contentType}}
 }
 
 ###
-POST {{host}}/customer-api/customers?api-version=1.0 HTTP/1.1
+POST {{host}}/customer-api/v1/customers HTTP/1.1
 content-type: {{contentType}}
 
 {
diff --git a/src/BuildingBlocks/N8T.Core/Domain/CoreException.cs b/src/BuildingBlocks/N8T.Core/Domain/CoreException.cs
@@ -1,4 +1,4 @@
-﻿using System;
+using System;
 
 namespace N8T.Core.Domain
 {
@@ -10,22 +10,22 @@ public CoreException(string message) : base(message)
 
         public static CoreException Exception(string message)
         {
-            return new CoreException(message);
+            return new(message);
         }
 
         public static CoreException NullArgument(string arg)
         {
-            return new CoreException($"{arg} cannot be null");
+            return new($"{arg} cannot be null");
         }
 
         public static CoreException InvalidArgument(string arg)
         {
-            return new CoreException($"{arg} is invalid");
+            return new($"{arg} is invalid");
         }
 
         public static CoreException NotFound(string arg)
         {
-            return new CoreException($"{arg} was not found");
+            return new($"{arg} was not found");
         }
     }
-}
+}
diff --git a/src/BuildingBlocks/N8T.Infrastructure/Extensions.cs b/src/BuildingBlocks/N8T.Infrastructure/Extensions.cs
@@ -11,6 +11,7 @@
 using N8T.Infrastructure.Logging;
 using N8T.Infrastructure.Validator;
 using Newtonsoft.Json;
+using Newtonsoft.Json.Serialization;
 using Serilog;
 
 namespace N8T.Infrastructure
@@ -50,10 +51,12 @@ public static TResult SafeGetListQuery<TResult, TResponse>(this HttpContext http
             var queryModel = new TResult();
             if (!(string.IsNullOrEmpty(query) || query == "{}"))
             {
-                queryModel = JsonConvert.DeserializeObject<TResult>(query); 
+                queryModel = JsonConvert.DeserializeObject<TResult>(query);
             }
 
-            httpContext?.Response.Headers.Add("x-query", JsonConvert.SerializeObject(queryModel));
+            httpContext?.Response.Headers.Add("x-query",
+                JsonConvert.SerializeObject(queryModel,
+                    new JsonSerializerSettings {ContractResolver = new CamelCasePropertyNamesContractResolver()}));
 
             return queryModel;
         }
diff --git a/src/Customer/CustomerService.Application/V1/Endpoints/Commands/CreateCustomer.cs b/src/Customer/CustomerService.Application/V1/Endpoints/Commands/CreateCustomer.cs
@@ -14,18 +14,18 @@
 
 namespace CustomerService.Application.V1.Endpoints.Commands
 {
-    [ApiVersion( "1.0" )]
     public class CreateCustomer : BaseAsyncEndpoint.WithRequest<CreateCustomer.Command>.WithoutResponse
     {
-        [HttpPost("/api/customers")]
+        [ApiVersion( "1.0" )]
+        [HttpPost("/api/v{version:apiVersion}/customers")]
         public override async Task<ActionResult> HandleAsync(Command request, CancellationToken cancellationToken = new())
         {
             return Ok(await Mediator.Send(request, cancellationToken));
         }
 
         public record Command : ICreateCommand<Command.CreateCustomerModel, CustomerDto>
         {
-            public CreateCustomerModel Model { get; init; }
+            public CreateCustomerModel Model { get; init; } = default!;
 
             public record CreateCustomerModel(string FirstName, string LastName, string Email, Guid CountryId);
 
diff --git a/src/Gateways/AppGateway/AppGateway.csproj b/src/Gateways/AppGateway/AppGateway.csproj
@@ -6,6 +6,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.ReverseProxy" Version="1.0.0-preview.9.*" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="0.13.0" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Gateways/AppGateway/Program.cs b/src/Gateways/AppGateway/Program.cs
@@ -15,6 +15,7 @@ public static IHostBuilder CreateHostBuilder(string[] args) =>
                 .ConfigureWebHostDefaults(webBuilder =>
                 {
                     webBuilder.UseStartup<Startup>();
+                    webBuilder.UseKestrel(options => options.AddServerHeader = false);
                 });
     }
 }
diff --git a/src/Gateways/AppGateway/Startup.cs b/src/Gateways/AppGateway/Startup.cs
@@ -23,6 +23,8 @@ public void ConfigureServices(IServiceCollection services)
 
         public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
         {
+            app.UseSecurityHeaders();
+
             if (env.IsDevelopment())
             {
                 app.UseDeveloperExceptionPage();
diff --git a/src/Product/ProductService.Application/V1/Endpoints/Commands/CreateProduct.cs b/src/Product/ProductService.Application/V1/Endpoints/Commands/CreateProduct.cs
@@ -12,18 +12,18 @@
 
 namespace ProductService.Application.V1.Endpoints.Commands
 {
-    [ApiVersion( "1.0" )]
     public class CreateProduct : BaseAsyncEndpoint.WithRequest<CreateProduct.Command>.WithoutResponse
     {
-        [HttpPost("/api/products")]
+        [ApiVersion( "1.0" )]
+        [HttpPost("/api/v{version:apiVersion}/products")]
         public override async Task<ActionResult> HandleAsync(Command request, CancellationToken cancellationToken = new())
         {
             return Ok(await Mediator.Send(request, cancellationToken));
         }
 
         public record Command : ICreateCommand<Command.CreateProductModel, ProductDto>
         {
-            public CreateProductModel Model { get; init; }
+            public CreateProductModel Model { get; init; } = default!;
 
             public record CreateProductModel(string Name, int Quantity, decimal Cost, string ProductCodeName);
 
diff --git a/src/Product/ProductService.Application/V1/Endpoints/Queries/GetProductById.cs b/src/Product/ProductService.Application/V1/Endpoints/Queries/GetProductById.cs
@@ -14,10 +14,10 @@
 
 namespace ProductService.Application.V1.Endpoints.Queries
 {
-    [ApiVersion( "1.0" )]
     public class GetProductById : BaseAsyncEndpoint.WithRequest<Guid>.WithResponse<ProductDto>
     {
-        [HttpGet("/api/products/{id:guid}")]
+        [ApiVersion( "1.0" )]
+        [HttpGet("/api/v{version:apiVersion}/products/{id:guid}")]
         public override async Task<ActionResult<ProductDto>> HandleAsync(Guid id,
             CancellationToken cancellationToken = new())
         {
diff --git a/src/Product/ProductService.Application/V1/Endpoints/Queries/GetProducts.cs b/src/Product/ProductService.Application/V1/Endpoints/Queries/GetProducts.cs
@@ -16,10 +16,10 @@
 
 namespace ProductService.Application.V1.Endpoints.Queries
 {
-    [ApiVersion( "1.0" )]
     public class GetProducts : BaseAsyncEndpoint.WithRequest<string>.WithoutResponse
     {
-        [HttpGet("/api/products")]
+        [ApiVersion( "1.0" )]
+        [HttpGet("/api/v{version:apiVersion}/products")]
         public override async Task<ActionResult> HandleAsync([FromHeader(Name = "x-query")] string query,
             CancellationToken cancellationToken = new())
         {

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-using System;`
	`1`	`+using System;`
`2`	`2`
`3`	`3`	`namespace N8T.Core.Domain`
`4`	`4`	`{`
`@@ -10,22 +10,22 @@ public CoreException(string message) : base(message)`
`10`	`10`
`11`	`11`	`public static CoreException Exception(string message)`
`12`	`12`	`{`
`13`		`- return new CoreException(message);`
	`13`	`+ return new(message);`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`public static CoreException NullArgument(string arg)`
`17`	`17`	`{`
`18`		`- return new CoreException($"{arg} cannot be null");`
	`18`	`+ return new($"{arg} cannot be null");`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`public static CoreException InvalidArgument(string arg)`
`22`	`22`	`{`
`23`		`- return new CoreException($"{arg} is invalid");`
	`23`	`+ return new($"{arg} is invalid");`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`public static CoreException NotFound(string arg)`
`27`	`27`	`{`
`28`		`- return new CoreException($"{arg} was not found");`
	`28`	`+ return new($"{arg} was not found");`
`29`	`29`	`}`
`30`	`30`	`}`
`31`		`-}`
	`31`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@`
`11`	`11`	`using N8T.Infrastructure.Logging;`
`12`	`12`	`using N8T.Infrastructure.Validator;`
`13`	`13`	`using Newtonsoft.Json;`
	`14`	`+using Newtonsoft.Json.Serialization;`
`14`	`15`	`using Serilog;`
`15`	`16`
`16`	`17`	`namespace N8T.Infrastructure`
`@@ -50,10 +51,12 @@ public static TResult SafeGetListQuery<TResult, TResponse>(this HttpContext http`
`50`	`51`	`var queryModel = new TResult();`
`51`	`52`	`if (!(string.IsNullOrEmpty(query) \|\| query == "{}"))`
`52`	`53`	`{`
`53`		`- queryModel = JsonConvert.DeserializeObject<TResult>(query);`
	`54`	`+ queryModel = JsonConvert.DeserializeObject<TResult>(query);`
`54`	`55`	`}`
`55`	`56`
`56`		`- httpContext?.Response.Headers.Add("x-query", JsonConvert.SerializeObject(queryModel));`
	`57`	`+ httpContext?.Response.Headers.Add("x-query",`
	`58`	`+ JsonConvert.SerializeObject(queryModel,`
	`59`	`+ new JsonSerializerSettings {ContractResolver = new CamelCasePropertyNamesContractResolver()}));`
`57`	`60`
`58`	`61`	`return queryModel;`
`59`	`62`	`}`
Original file line number	Diff line number	Diff line change
`@@ -14,18 +14,18 @@`
`14`	`14`
`15`	`15`	`namespace CustomerService.Application.V1.Endpoints.Commands`
`16`	`16`	`{`
`17`		`- [ApiVersion( "1.0" )]`
`18`	`17`	`public class CreateCustomer : BaseAsyncEndpoint.WithRequest<CreateCustomer.Command>.WithoutResponse`
`19`	`18`	`{`
`20`		`- [HttpPost("/api/customers")]`
	`19`	`+ [ApiVersion( "1.0" )]`
	`20`	`+ [HttpPost("/api/v{version:apiVersion}/customers")]`
`21`	`21`	`public override async Task<ActionResult> HandleAsync(Command request, CancellationToken cancellationToken = new())`
`22`	`22`	`{`
`23`	`23`	`return Ok(await Mediator.Send(request, cancellationToken));`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`public record Command : ICreateCommand<Command.CreateCustomerModel, CustomerDto>`
`27`	`27`	`{`
`28`		`- public CreateCustomerModel Model { get; init; }`
	`28`	`+ public CreateCustomerModel Model { get; init; } = default!;`
`29`	`29`
`30`	`30`	`public record CreateCustomerModel(string FirstName, string LastName, string Email, Guid CountryId);`
`31`	`31`
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ public static IHostBuilder CreateHostBuilder(string[] args) =>`
`15`	`15`	`.ConfigureWebHostDefaults(webBuilder =>`
`16`	`16`	`{`
`17`	`17`	`webBuilder.UseStartup<Startup>();`
	`18`	`+ webBuilder.UseKestrel(options => options.AddServerHeader = false);`
`18`	`19`	`});`
`19`	`20`	`}`
`20`	`21`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,8 @@ public void ConfigureServices(IServiceCollection services)`
`23`	`23`
`24`	`24`	`public void Configure(IApplicationBuilder app, IWebHostEnvironment env)`
`25`	`25`	`{`
	`26`	`+ app.UseSecurityHeaders();`
	`27`	`+`
`26`	`28`	`if (env.IsDevelopment())`
`27`	`29`	`{`
`28`	`30`	`app.UseDeveloperExceptionPage();`
Original file line number	Diff line number	Diff line change
`@@ -12,18 +12,18 @@`
`12`	`12`
`13`	`13`	`namespace ProductService.Application.V1.Endpoints.Commands`
`14`	`14`	`{`
`15`		`- [ApiVersion( "1.0" )]`
`16`	`15`	`public class CreateProduct : BaseAsyncEndpoint.WithRequest<CreateProduct.Command>.WithoutResponse`
`17`	`16`	`{`
`18`		`- [HttpPost("/api/products")]`
	`17`	`+ [ApiVersion( "1.0" )]`
	`18`	`+ [HttpPost("/api/v{version:apiVersion}/products")]`
`19`	`19`	`public override async Task<ActionResult> HandleAsync(Command request, CancellationToken cancellationToken = new())`
`20`	`20`	`{`
`21`	`21`	`return Ok(await Mediator.Send(request, cancellationToken));`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`public record Command : ICreateCommand<Command.CreateProductModel, ProductDto>`
`25`	`25`	`{`
`26`		`- public CreateProductModel Model { get; init; }`
	`26`	`+ public CreateProductModel Model { get; init; } = default!;`
`27`	`27`
`28`	`28`	`public record CreateProductModel(string Name, int Quantity, decimal Cost, string ProductCodeName);`
`29`	`29`
Original file line number	Diff line number	Diff line change
`@@ -14,10 +14,10 @@`
`14`	`14`
`15`	`15`	`namespace ProductService.Application.V1.Endpoints.Queries`
`16`	`16`	`{`
`17`		`- [ApiVersion( "1.0" )]`
`18`	`17`	`public class GetProductById : BaseAsyncEndpoint.WithRequest<Guid>.WithResponse<ProductDto>`
`19`	`18`	`{`
`20`		`- [HttpGet("/api/products/{id:guid}")]`
	`19`	`+ [ApiVersion( "1.0" )]`
	`20`	`+ [HttpGet("/api/v{version:apiVersion}/products/{id:guid}")]`
`21`	`21`	`public override async Task<ActionResult<ProductDto>> HandleAsync(Guid id,`
`22`	`22`	`CancellationToken cancellationToken = new())`
`23`	`23`	`{`
Original file line number	Diff line number	Diff line change
`@@ -16,10 +16,10 @@`
`16`	`16`
`17`	`17`	`namespace ProductService.Application.V1.Endpoints.Queries`
`18`	`18`	`{`
`19`		`- [ApiVersion( "1.0" )]`
`20`	`19`	`public class GetProducts : BaseAsyncEndpoint.WithRequest<string>.WithoutResponse`
`21`	`20`	`{`
`22`		`- [HttpGet("/api/products")]`
	`21`	`+ [ApiVersion( "1.0" )]`
	`22`	`+ [HttpGet("/api/v{version:apiVersion}/products")]`
`23`	`23`	`public override async Task<ActionResult> HandleAsync([FromHeader(Name = "x-query")] string query,`
`24`	`24`	`CancellationToken cancellationToken = new())`
`25`	`25`	`{`