Merge pull request #814 from ITfoxtec/dev_swagger_base

Dev swagger base

Kubernetes/k8s-foxids-deployment.yaml

@@ -87,6 +87,8 @@ spec:
               value: "http://+"
             - name: "Settings__UseHttp"
               value: "true"
+            - name: "Settings__TrustProxySchemeHeader"
+              value: "true"
             - name: "Settings__FoxIDsEndpoint"
               value: "https://id.itfoxtec.com" # change to your domain -  https://id.my-domain.com
             - name: "Settings__FoxIDsBackendEndpoint"

azuredeploy.json

@@ -379,6 +379,7 @@
         "DOCKER_ENABLE_CI": true,
         "ASPNETCORE_URLS": "http://+",
         "Settings__UseHttp": true,
+        "Settings__TrustProxySchemeHeader": true,
         "Settings__FoxIDsEndpoint": "[variables('foxidsSiteEndpoint')]",
         "Settings__FoxIDsControlEndpoint": "[variables('foxidsControlSiteEndpoint')]",
         "Settings__Options__Log": "ApplicationInsights",

docs/reverse-proxy.md

@@ -57,7 +57,7 @@ The FoxIDs site support reading the [custom domain](custom-domain.md) (host name
 
 > The host header is only read if access is restricted by the `X-FoxIDs-Secret` HTTP header or the `Settings__TrustProxyHeaders` setting is set to `true`.
 
-The FoxIDs site support to read the HTTP/HTTPS scheme if the `Settings__TrustProxySchemeHeader` setting is set to `true`. In the following HTTP headers in order of priority:
+The FoxIDs site and FoxIDs Control site support to read the HTTP/HTTPS scheme if the `Settings__TrustProxySchemeHeader` setting is set to `true`. In the following HTTP headers in order of priority:
 
  1. `X-Forwarded-Scheme`
  2. `X-Forwarded-Proto`

src/FoxIDs.Control/FoxIDs.Control.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net8.0</TargetFramework>
-		<Version>1.4.15</Version>
+		<Version>1.4.16</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>

src/FoxIDs.Control/Infrastructure/Hosting/ServiceCollectionExtensions.cs

@@ -153,7 +153,7 @@ public static IServiceCollection AddApiSwagger(this IServiceCollection services)
                     In = ParameterLocation.Header,
                     Type = SecuritySchemeType.ApiKey,
                     Scheme = "Bearer",
-                    BearerFormat = "JWT"
+                    BearerFormat = "JWT"              
                 });
                 c.AddSecurityRequirement(new OpenApiSecurityRequirement
                 {

src/FoxIDs.ControlClient/FoxIDs.ControlClient.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net8.0</TargetFramework>
-		<Version>1.4.15</Version>
+		<Version>1.4.16</Version>
 		<RootNamespace>FoxIDs.Client</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>

src/FoxIDs.ControlShared/FoxIDs.ControlShared.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net8.0</TargetFramework>
-		<Version>1.4.15</Version>
+		<Version>1.4.16</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>

src/FoxIDs.Shared/FoxIDs.Shared.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net8.0</TargetFramework>
-		<Version>1.4.15</Version>
+		<Version>1.4.16</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>

src/FoxIDs.Shared/Infrastructure/Hosting/ProxyHeadersMiddleware.cs

@@ -22,6 +22,7 @@ public virtual async Task Invoke(HttpContext context)
             if (!(IsHealthCheck(context) || IsLoopback(context)))
             {
                 ReadClientIp(context);
+                ReadSchemeFromHeader(context);
                 _ = ValidateProxySecret(context);
             }
 
@@ -85,5 +86,29 @@ protected void ReadClientIp(HttpContext context)
                 }
             }
         }
+
+        protected void ReadSchemeFromHeader(HttpContext context)
+        {
+            var settings = context.RequestServices.GetService<Settings>();
+            if (settings.TrustProxySchemeHeader)
+            {
+                string schemeHeader = context.Request.Headers["X-Forwarded-Scheme"];
+                if (schemeHeader.IsNullOrWhiteSpace())
+                {
+                    schemeHeader = context.Request.Headers["X-Forwarded-Proto"];
+                }
+                if (!schemeHeader.IsNullOrWhiteSpace())
+                {
+                    if (schemeHeader.Equals(Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase))
+                    {
+                        context.Request.Scheme = Uri.UriSchemeHttp;
+                    }
+                    else if (schemeHeader.Equals(Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase))
+                    {
+                        context.Request.Scheme = Uri.UriSchemeHttps;
+                    }
+                }
+            }
+        }
     }
 }

src/FoxIDs.Shared/Models/Config/Settings.cs

@@ -80,6 +80,11 @@ public class Settings : IValidatableObject
         /// </summary>
         public string ProxySecret { get; set; }
 
+        /// <summary>
+        /// Optional trust proxy scheme header (HTTP/HTTPS). Default false.
+        /// </summary>
+        public bool TrustProxySchemeHeader { get; set; }
+
         public virtual IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
         {
             var results = new List<ValidationResult>();

src/FoxIDs.SharedBase/FoxIDs.SharedBase.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net8.0</TargetFramework>
-		<Version>1.4.15</Version>
+		<Version>1.4.16</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>

src/FoxIDs/FoxIDs.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 	<PropertyGroup>
 		<TargetFramework>net8.0</TargetFramework>
-		<Version>1.4.15</Version>
+		<Version>1.4.16</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>

src/FoxIDs/Infrastructure/Hosting/FoxIDsProxyHeadersMiddleware.cs

@@ -82,29 +82,5 @@ private string ReadHostFromHeader(HttpContext context)
 
             return string.Empty;
         }
-
-        private void ReadSchemeFromHeader(HttpContext context)
-        {
-            var settings = context.RequestServices.GetService<FoxIDsSettings>();
-            if (settings.TrustProxySchemeHeader)
-            {
-                string schemeHeader = context.Request.Headers["X-Forwarded-Scheme"];
-                if (schemeHeader.IsNullOrWhiteSpace())
-                {
-                    schemeHeader = context.Request.Headers["X-Forwarded-Proto"];
-                }
-                if (!schemeHeader.IsNullOrWhiteSpace())
-                {
-                    if (schemeHeader.Equals(Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase))
-                    {
-                        context.Request.Scheme = Uri.UriSchemeHttp;
-                    }
-                    else if(schemeHeader.Equals(Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase))
-                    {
-                        context.Request.Scheme = Uri.UriSchemeHttps;
-                    }
-                }
-            }
-        }
     }
 }

src/FoxIDs/Models/Config/FoxIDsSettings.cs

@@ -84,11 +84,6 @@ public class FoxIDsSettings : Settings
         /// </summary>
         public bool TrustProxyHeaders { get; set; }
 
-        /// <summary>
-        /// Optional trust proxy scheme header (HTTP/HTTPS). Default false.
-        /// </summary>
-        public bool TrustProxySchemeHeader { get; set; }
-
         /// <summary>
         /// Read the HTTP request domain and use it as custom domain if configured on a tenant.
         /// </summary>