tofuu2202/CleanArchitecture-template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

source: Add rules for AI Coding

Browse Source
This commit is contained in:
Te amo
2026-03-09 16:51:44 +07:00
parent 4b7236493f
commit 3003a0ff0b
27 changed files with 2103 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

239
MyNewProjectName.WebAPI/Extensions/ServiceCollectionExtensions.cs Normal file
View File

@@ -0,0 +1,239 @@
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Configuration;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models;
using System.Reflection;
using System.Text;
using System.Text.Json;
using MyNewProjectName.Infrastructure.Options;
using MyNewProjectName.Contracts.Common;
namespace MyNewProjectName.WebAPI.Extensions;
/// <summary>
/// Extension methods for configuring services in the dependency injection container
/// </summary>
public static class ServiceCollectionExtensions
{
/// <summary>
/// Configures Swagger/OpenAPI documentation with JWT Bearer authentication support
/// </summary>
public static IServiceCollection AddCustomSwagger(this IServiceCollection services)
{
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "MyNewProjectName API", Version = "v1" });
var securityScheme = new OpenApiSecurityScheme
{
Name = "Authorization",
Description = "Enter JWT Bearer token",
In = ParameterLocation.Header,
Type = SecuritySchemeType.Http,
Scheme = "bearer",
BearerFormat = "JWT"
};
c.AddSecurityDefinition("Bearer", securityScheme);
var securityRequirement = new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
},
new string[] {}
}
};
c.AddSecurityRequirement(securityRequirement);
// Set the comments path for the Swagger JSON and UI (only if XML file exists)
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
if (File.Exists(xmlPath))
{
c.IncludeXmlComments(xmlPath);
}
});
return services;
}
/// <summary>
/// Configures JWT Bearer authentication with custom token validation and error handling
/// </summary>
public static IServiceCollection AddJwtAuthentication(this IServiceCollection services, IConfiguration configuration)
{
var jwtOptionsSection = configuration.GetSection(JwtOptions.SectionName);
var jwtOptions = jwtOptionsSection.Get<JwtOptions>()
?? throw new InvalidOperationException("JwtOptions configuration is missing");
services
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
ValidIssuer = jwtOptions.Issuer,
ValidAudience = jwtOptions.Audience,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtOptions.Secret)),
ClockSkew = TimeSpan.Zero
};
// Log token & claims for debugging
options.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
var logger = context.HttpContext.RequestServices
.GetRequiredService<ILoggerFactory>()
.CreateLogger("JwtBearer");
// Có thể bật lại nếu cần debug Authorization header
// logger.LogInformation("JWT received. Authorization header: {Header}", context.Request.Headers["Authorization"].ToString());
return Task.CompletedTask;
},
OnTokenValidated = context =>
{
var logger = context.HttpContext.RequestServices
.GetRequiredService<ILoggerFactory>()
.CreateLogger("JwtBearer");
var claims = context.Principal?.Claims
.Select(c => $"{c.Type}={c.Value}")
.ToList() ?? new List<string>();
// logger.LogInformation("JWT validated. Claims: {Claims}", string.Join(", ", claims));
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
var logger = context.HttpContext.RequestServices
.GetRequiredService<ILoggerFactory>()
.CreateLogger("JwtBearer");
logger.LogWarning(context.Exception, "JWT authentication failed");
return Task.CompletedTask;
},
OnChallenge = async context =>
{
// Ngăn không cho middleware mặc định ghi response lần nữa
context.HandleResponse();
var logger = context.HttpContext.RequestServices
.GetRequiredService<ILoggerFactory>()
.CreateLogger("JwtBearer");
if (context.Response.HasStarted)
{
logger.LogWarning("The response has already started, the JWT challenge middleware will not be executed.");
return;
}
var correlationId = context.HttpContext.Request.Headers["X-Correlation-ID"].FirstOrDefault() ?? "unknown";
var isExpired = context.AuthenticateFailure is SecurityTokenExpiredException;
var message = isExpired
? "Token expired"
: "Unauthorized";
logger.LogInformation("JWT challenge. Expired: {Expired}, Error: {Error}, Description: {Description}, CorrelationId: {CorrelationId}",
isExpired, context.Error, context.ErrorDescription, correlationId);
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
context.Response.ContentType = "application/json";
var response = new ServiceResponse<object>
{
Success = false,
Message = message,
Errors = null
};
var json = JsonSerializer.Serialize(response, new JsonSerializerOptions
{
PropertyNamingPolicy = JsonNamingPolicy.CamelCase
});
await context.Response.WriteAsync(json);
},
OnForbidden = async context =>
{
var logger = context.HttpContext.RequestServices
.GetRequiredService<ILoggerFactory>()
.CreateLogger("JwtBearer");
logger.LogWarning("User is authenticated but does not have access to the requested resource (403 Forbidden).");
context.Response.StatusCode = StatusCodes.Status403Forbidden;
context.Response.ContentType = "application/json";
var response = new ServiceResponse<object>
{
Success = false,
Message = "You do not have permission to perform this action.",
Errors = null
};
var json = JsonSerializer.Serialize(response, new JsonSerializerOptions
{
PropertyNamingPolicy = JsonNamingPolicy.CamelCase
});
await context.Response.WriteAsync(json);
}
};
});
return services;
}
// /// <summary>
// /// Configures authorization policies based on user type and roles.
// /// </summary>
// public static IServiceCollection AddCustomAuthorization(this IServiceCollection services)
// {
// services.AddAuthorization(options =>
// {
// // 1. Policy chỉ dành cho SuperAdmin
// options.AddPolicy("RequireSuperAdmin", policy =>
// policy.RequireClaim("userType", "SuperAdmin"));
// // 2. Policy cho TenantAdmin (TenantMember + Role = TenantAdmin)
// options.AddPolicy("RequireTenantAdmin", policy =>
// policy.RequireClaim("userType", "TenantMember")
// .RequireRole("TenantAdmin"));
// // 3. Policy cho TenantMember (TenantMember + Role = Doctor)
// options.AddPolicy("RequireTenantMember", policy =>
// policy.RequireClaim("userType", "TenantMember")
// );
// // 4. Policy SuperAdmin hoặc TenantAdmin
// options.AddPolicy("RequireSuperAdminOrTenantAdmin", policy =>
// policy.RequireAssertion(context =>
// // Điều kiện 1: Là SuperAdmin
// context.User.HasClaim("userType", "SuperAdmin")
// ||
// // HOẶC Điều kiện 2: Là Nhân viên VÀ có Role là TenantAdmin
// (context.User.HasClaim("userType", "TenantMember") && context.User.IsInRole("TenantAdmin"))
// ));
// });
// return services;
// }
}

1
MyNewProjectName.WebAPI/MyNewProjectName.WebAPI.csproj
View File

@@ -6,6 +6,7 @@
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="9.0.2" />
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.0" />
<PackageReference Include="Swashbuckle.AspNetCore" Version="7.2.0" />
<!-- Serilog for structured logging -->

122
MyNewProjectName.WebAPI/Program.cs
View File

@@ -1,75 +1,89 @@
using Microsoft.Extensions.Hosting;
using MyNewProjectName.Application;
using MyNewProjectName.Infrastructure;
using MyNewProjectName.Infrastructure.Extensions;
using MyNewProjectName.WebAPI.Middleware;
using Serilog;
using MyNewProjectName.WebAPI.Extensions;
using MyNewProjectName.Application.Interfaces;
using MyNewProjectName.WebAPI.Services;
var builder = WebApplication.CreateBuilder(args);
// Configure Serilog
builder.Host.UseSerilogLogging(builder.Configuration);
// Add OpenTelemetry distributed tracing
builder.Services.AddOpenTelemetryTracing("MyNewProjectName.WebAPI");
// Add services to the container.
builder.Services.AddControllers();
// Add Application Layer
builder.Services.AddApplication();
// Add Infrastructure Layer
builder.Services.AddInfrastructure(builder.Configuration);
// Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
builder.Services.AddOpenApi();
// Add Swagger
// ==========================================
// 1. ADD SERVICES TO CONTAINER
// ==========================================
builder.Services.AddControllers()
.AddJsonOptions(options =>
{
// Configure enum serialization to use string representation
options.JsonSerializerOptions.Converters.Add(new System.Text.Json.Serialization.JsonStringEnumConverter());
});
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddMemoryCache();
builder.Services.AddLogging();
// Extension Methods: Swagger, JWT Authentication & Authorization
builder.Services.AddCustomSwagger();
builder.Services.AddJwtAuthentication(builder.Configuration);
builder.Services.AddCustomAuthorization();
// Layers Registration
builder.Services.AddApplication();
builder.Services.AddInfrastructure(builder.Configuration);
builder.Services.AddHttpContextAccessor();
builder.Services.AddScoped<ICurrentUserService, CurrentUserService>();
// CORS Configuration
builder.Services.AddCors(option =>
{
option.AddPolicy(name: "CorsPolicy",
configurePolicy: builder => builder
.SetIsOriginAllowed((host) => true)
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
builder.WebHost.UseUrls("http://0.0.0.0:5044");
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.MapOpenApi();
app.UseSwagger();
app.UseSwaggerUI(option =>
{
option.SwaggerEndpoint("/swagger/v1/swagger.json", "iYHCT360 API");
option.RoutePrefix = "swagger"; // UI tại /swagger
option.DisplayRequestDuration();
option.EnableFilter();
option.EnableValidator();
option.EnableTryItOutByDefault();
});
}
// Middleware pipeline order is critical:
// 1. CorrelationIdMiddleware - Must be first to track all requests
// Middleware Pipeline - Order is important!
// 1. CorrelationIdMiddleware: Generate correlation ID for request tracking (must be first)
app.UseMiddleware<CorrelationIdMiddleware>();
// 2. RequestResponseLoggingMiddleware - Optional, enable only when needed
// WARNING: This can generate large log files. Enable only for specific environments.
// Configure in appsettings.json: "Logging:EnableRequestLogging" and "Logging:EnableResponseLogging"
app.UseMiddleware<RequestResponseLoggingMiddleware>();
app.UseHttpsRedirection();
// 3. Authentication (built-in)
app.UseAuthentication();
// 4. Authorization (built-in)
app.UseAuthorization();
// 6. ExceptionHandlingMiddleware - Must be last to catch all exceptions
// 2. ExceptionHandlingMiddleware: Global exception handler (must be early to catch all exceptions)
app.UseMiddleware<ExceptionHandlingMiddleware>();
// 3. Routing & Static Files
app.UseRouting();
app.UseStaticFiles();
// 4. CORS (must be before UseAuthentication/UseAuthorization)
app.UseCors("CorsPolicy");
// 5. Authentication & Authorization
app.UseAuthentication();
app.UseAuthorization();
// 6. RequestResponseLoggingMiddleware: Log request/response (after routing and auth to avoid interfering with response)
app.UseMiddleware<RequestResponseLoggingMiddleware>();
// 7. Map Controllers
app.MapControllers();
try
{
Log.Information("Starting MyNewProjectName.WebAPI");
app.Run();
}
catch (Exception ex)
{
Log.Fatal(ex, "Application terminated unexpectedly");
throw;
}
finally
{
Log.CloseAndFlush();
}
app.Run();

2
MyNewProjectName.WebAPI/appsettings.json
View File

@@ -40,4 +40,4 @@
"EnableResponseLogging": false
},
"AllowedHosts": "*"
}
}