public void ConfigureServices(IServiceCollection services)
{
services.AddApplicationInsightsTelemetry(Configuration);
var provider = services.BuildServiceProvider();
// Options
services.AddOptions();
// Settings
var globalSettings = new GlobalSettings();
ConfigurationBinder.Bind(Configuration.GetSection("GlobalSettings"), globalSettings);
services.AddSingleton(s => globalSettings);
services.Configure<IpRateLimitOptions>(Configuration.GetSection("IpRateLimitOptions"));
services.Configure<IpRateLimitPolicies>(Configuration.GetSection("IpRateLimitPolicies"));
// Repositories
services.AddSingleton<IUserRepository, Repos.UserRepository>();
services.AddSingleton<ICipherRepository, Repos.CipherRepository>();
services.AddSingleton<IDeviceRepository, Repos.DeviceRepository>();
// Context
services.AddScoped<CurrentContext>();
// Caching
services.AddMemoryCache();
// Rate limiting
services.AddSingleton<IIpPolicyStore, MemoryCacheIpPolicyStore>();
services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
// Identity
services.AddTransient<ILookupNormalizer, LowerInvariantLookupNormalizer>();
services.AddJwtBearerIdentity(options =>
{
options.User = new UserOptions
{
RequireUniqueEmail = true,
AllowedUserNameCharacters = null // all
};
options.Password = new PasswordOptions
{
RequireDigit = false,
RequireLowercase = false,
RequiredLength = 8,
RequireNonAlphanumeric = false,
RequireUppercase = false
};
options.ClaimsIdentity = new ClaimsIdentityOptions
{
SecurityStampClaimType = "securitystamp",
UserNameClaimType = ClaimTypes.Email
};
options.Tokens.ChangeEmailTokenProvider = TokenOptions.DefaultEmailProvider;
}, jwtBearerOptions =>
{
jwtBearerOptions.Audience = "bitwarden";
jwtBearerOptions.Issuer = "bitwarden";
jwtBearerOptions.TokenLifetime = TimeSpan.FromDays(10 * 365);
jwtBearerOptions.TwoFactorTokenLifetime = TimeSpan.FromMinutes(10);
var keyBytes = Encoding.ASCII.GetBytes(globalSettings.JwtSigningKey);
jwtBearerOptions.SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(keyBytes), SecurityAlgorithms.HmacSha256);
})
.AddUserStore<UserStore>()
.AddRoleStore<RoleStore>()
.AddTokenProvider<AuthenticatorTokenProvider>("Authenticator")
.AddTokenProvider<EmailTokenProvider<User>>(TokenOptions.DefaultEmailProvider);
var jwtIdentityOptions = provider.GetRequiredService<IOptions<JwtBearerIdentityOptions>>().Value;
services.AddAuthorization(config =>
{
config.AddPolicy("Application", new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().RequireClaim(ClaimTypes.AuthenticationMethod, jwtIdentityOptions.AuthenticationMethod).Build());
config.AddPolicy("TwoFactor", new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().RequireClaim(ClaimTypes.AuthenticationMethod, jwtIdentityOptions.TwoFactorAuthenticationMethod).Build());
});
services.AddScoped<AuthenticatorTokenProvider>();
// Services
services.AddSingleton<IMailService, SendGridMailService>();
services.AddSingleton<ICipherService, CipherService>();
services.AddScoped<IUserService, UserService>();
services.AddScoped<IPushService, PushSharpPushService>();
services.AddScoped<IDeviceService, DeviceService>();
services.AddScoped<IBlockIpService, AzureQueueBlockIpService>();
// Cors
services.AddCors(config =>
{
config.AddPolicy("All", policy =>
policy.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin().SetPreflightMaxAge(TimeSpan.FromDays(1)));
});
// MVC
services.AddMvc(config =>
{
config.Filters.Add(new ExceptionHandlerFilterAttribute());
config.Filters.Add(new ModelStateValidationFilterAttribute());
// Allow JSON of content type "text/plain" to avoid cors preflight
var textPlainMediaType = MediaTypeHeaderValue.Parse("text/plain");
foreach(var jsonFormatter in config.InputFormatters.OfType<JsonInputFormatter>())
{
jsonFormatter.SupportedMediaTypes.Add(textPlainMediaType);
}
}).AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver()); ;
}