harden the website

2025-08-01 21:33:56 -07:00
parent f7acfc577e
commit 14d7bf7587
1 changed files with 21 additions and 9 deletions
@@ -12,7 +12,6 @@ using System.Security.Cryptography;
 var builder = WebApplication.CreateBuilder(args);

 // Disable null warnings becuse string.IsNullOrEmpty checks for NULL or Empty
-#pragma warning disable CS8600
 #pragma warning disable CS8604

 ////////////////////////////////
@@ -135,15 +134,28 @@ builder.Services.AddAuthentication(options => {
    };
 });

-builder.Services.AddCors(o => o.AddDefaultPolicy(builder => {
-    builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();     // No CORS
-}));
+////////////////////////////////
+///  Rate Limiting Service  ////
+////////////////////////////////
+
+List<string> allowedOrigins = new List<string>{ "https://boredcareers.com", "https://www.boredcareers.com" };
+if (builder.Environment.IsDevelopment()) {
+    allowedOrigins.Add("http://localhost:5000");
+}
+
+builder.Services.AddCors(options => {
+    options.AddDefaultPolicy(policy => {
+        policy.WithOrigins(allowedOrigins.ToArray())
+              .AllowAnyHeader()
+              .AllowAnyMethod()
+              .AllowCredentials();
+    });
+});

 builder.Services.AddRateLimiter(options => {
    options.AddPolicy("PerUserPolicy", httpContext => {
        var userId = httpContext.User.FindFirst(ClaimTypes.NameIdentifier)?.Value
-            ?? httpContext.User.Identity?.Name
-            ?? httpContext.Connection.RemoteIpAddress?.ToString();
+            ?? $"ip:{httpContext.Connection.RemoteIpAddress}";

        return RateLimitPartition.GetTokenBucketLimiter(userId, key => new TokenBucketRateLimiterOptions {
            TokenLimit = 10,                 // max 10 requests
@@ -156,9 +168,7 @@ builder.Services.AddRateLimiter(options => {
    });
 });

-// Pages Service
 builder.Services.AddControllers();
-builder.Services.AddRazorPages();

 var app = builder.Build();

@@ -170,12 +180,14 @@ if( !app.Environment.IsDevelopment() ) {
 app.UseDefaultFiles();
 app.UseStaticFiles();

+app.UseRateLimiter();
+
 app.UseCors();

 app.UseRouting();

 app.UseAuthentication();
-app.MapControllers().RequireRateLimiting("perUserPolicy");
+app.MapControllers();

 app.MapFallbackToFile("index.html");