forked from HarlieTran/SecureFileHub
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathProgram.cs
More file actions
127 lines (109 loc) · 4.79 KB
/
Copy pathProgram.cs
File metadata and controls
127 lines (109 loc) · 4.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
using Microsoft.EntityFrameworkCore;
using SecureFileHub.Data;
using SecureFileHub.Models;
using SecureFileHub.Services;
namespace SecureFileHub
{
public class Program
{
public static void Main(string[] args)
{
var builder = WebApplication.CreateBuilder(args);
// Load .env for secrets that can't go in appsettings.json
if (File.Exists(".env"))
DotNetEnv.Env.Load();
var encryptionKey = Environment.GetEnvironmentVariable("ENCRYPTION_KEY");
// Add services to the container.
builder.Services.AddControllersWithViews();
// Kestrel allows up to 100MB so oversized files reach the controller
// The controller enforces the real 10MB business limit with a friendly message
builder.Services.Configure<Microsoft.AspNetCore.Http.Features.FormOptions>(options =>
{
options.MultipartBodyLengthLimit = 100 * 1024 * 1024;
});
builder.WebHost.ConfigureKestrel(options =>
{
options.Limits.MaxRequestBodySize = 100 * 1024 * 1024;
});
// SQL Server connection
builder.Services.AddDbContext<AppDbContext>(
options => options.UseSqlite(
builder.Configuration.GetConnectionString("DefaultConnection")
)
);
// Session support (for login state)
builder.Services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(
builder.Configuration.GetValue<int>("AppSettings:SessionTimeoutMinutes"));
options.Cookie.HttpOnly = true;
options.Cookie.IsEssential = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.Strict;
});
builder.Services.AddHttpContextAccessor();
builder.Services.AddScoped<AuditService>();
builder.Services.AddSingleton<EncryptionService>();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.Use(async (context, next) =>
{
context.Response.Headers["X-Content-Type-Options"] = "nosniff";
context.Response.Headers["X-Frame-Options"] = "DENY";
context.Response.Headers["Content-Security-Policy"] =
"default-src 'self'; " +
"script-src 'self'; " +
"style-src 'self' 'unsafe-inline'; " +
"img-src 'self' data:; " +
"frame-ancestors 'none';";
context.Response.Headers["Referrer-Policy"] = "strict-origin-when-cross-origin";
context.Response.Headers["Permissions-Policy"] = "camera=(), microphone=(), geolocation=()";
await next();
});
app.UseStaticFiles();
app.UseRouting();
app.UseSession();
app.UseAuthorization();
app.MapStaticAssets();
app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}")
.WithStaticAssets();
using (var scope = app.Services.CreateScope())
{
var db = scope.ServiceProvider.GetRequiredService<AppDbContext>();
db.Database.Migrate();
// Seed test accounts in development only.
// In production, default credentials are never created — an admin
// account must be created manually after deployment.
if (app.Environment.IsDevelopment() && !db.Users.Any())
{
db.Users.AddRange(
new User
{
Email = "admin@test.com",
PasswordHash = BCrypt.Net.BCrypt.HashPassword("Admin@123", workFactor: 12),
Role = "Admin",
CreatedAt = DateTime.UtcNow
},
new User
{
Email = "user@test.com",
PasswordHash = BCrypt.Net.BCrypt.HashPassword("User@1234", workFactor: 12),
Role = "User",
CreatedAt = DateTime.UtcNow
}
);
db.SaveChanges();
}
}
app.Run();
}
}
}