SilverLABS/littleshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68c5d2dfdf
littleshop/LittleShop/Program.cs
SysAdmin 68c5d2dfdf Production optimization: Docker configuration and monitoring stack 
🚀 Docker Production Optimizations:
- Chiseled Ubuntu base image for minimal attack surface
- Non-root user execution with security hardening
- Read-only filesystem with targeted writable volumes
- Resource limits (1GB RAM, 1 CPU) with health checks
- Multi-stage builds optimized for caching
- Zero-downtime deployment automation

🔍 Comprehensive Monitoring Stack:
- Prometheus metrics collection with custom rules
- Grafana dashboards for application visualization
- AlertManager with email notifications for critical events
- Fluentd centralized logging with retention policies
- Node Exporter + cAdvisor for system/container metrics
- Health check endpoint (/health) for container orchestration

📋 Production Deployment Ready:
- Complete deployment scripts with backup strategy
- Environment templates for secure configuration
- Performance monitoring and alerting rules
- Enterprise-grade security and observability

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-19 12:35:41 +01:00

258 lines
9.2 KiB
C#
Raw Blame History

using Microsoft.EntityFrameworkCore;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using System.Text;
using LittleShop.Data;
using LittleShop.Services;
using FluentValidation;
using Serilog;
var builder = WebApplication.CreateBuilder(args);
// Configure Serilog
Log.Logger = new LoggerConfiguration()
.WriteTo.Console()
.WriteTo.File("logs/littleshop.txt", rollingInterval: RollingInterval.Day)
.CreateLogger();
builder.Host.UseSerilog();
// Add services to the container.
builder.Services.AddControllers();
builder.Services.AddControllersWithViews(); // Add MVC for Admin Panel
// Database
if (builder.Environment.EnvironmentName == "Testing")
{
builder.Services.AddDbContext<LittleShopContext>(options =>
options.UseInMemoryDatabase("InMemoryDbForTesting"));
}
else
{
builder.Services.AddDbContext<LittleShopContext>(options =>
options.UseSqlite(builder.Configuration.GetConnectionString("DefaultConnection")));
}
// Authentication - Cookie for Admin Panel, JWT for API
var jwtKey = builder.Configuration["Jwt:Key"] ?? "YourSuperSecretKeyThatIsAtLeast32CharactersLong!";
var jwtIssuer = builder.Configuration["Jwt:Issuer"] ?? "LittleShop";
var jwtAudience = builder.Configuration["Jwt:Audience"] ?? "LittleShop";
builder.Services.AddAuthentication("Cookies")
.AddCookie("Cookies", options =>
{
options.LoginPath = "/Admin/Account/Login";
options.LogoutPath = "/Admin/Account/Logout";
options.AccessDeniedPath = "/Admin/Account/AccessDenied";
})
.AddJwtBearer("Bearer", options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = jwtIssuer,
ValidAudience = jwtAudience,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtKey))
};
});
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("AdminOnly", policy =>
policy.RequireAuthenticatedUser()
.RequireRole("Admin")
.AddAuthenticationSchemes("Cookies", "Bearer")); // Support both cookie and JWT
options.AddPolicy("ApiAccess", policy =>
policy.RequireAuthenticatedUser()
.AddAuthenticationSchemes("Bearer")); // JWT only for API access
});
// Services
builder.Services.AddScoped<IAuthService, AuthService>();
builder.Services.AddScoped<ICategoryService, CategoryService>();
builder.Services.AddScoped<IProductService, ProductService>();
builder.Services.AddScoped<IOrderService, OrderService>();
builder.Services.AddScoped<ICryptoPaymentService, CryptoPaymentService>();
builder.Services.AddScoped<IBTCPayServerService, BTCPayServerService>();
builder.Services.AddScoped<IShippingRateService, ShippingRateService>();
builder.Services.AddScoped<IRoyalMailService, RoyalMailShippingService>();
builder.Services.AddHttpClient<IRoyalMailService, RoyalMailShippingService>();
builder.Services.AddScoped<IReviewService, ReviewService>();
builder.Services.AddScoped<IDataSeederService, DataSeederService>();
builder.Services.AddScoped<IBotService, BotService>();
builder.Services.AddScoped<IBotMetricsService, BotMetricsService>();
builder.Services.AddScoped<ICustomerService, CustomerService>();
builder.Services.AddScoped<ICustomerMessageService, CustomerMessageService>();
builder.Services.AddScoped<IPushNotificationService, PushNotificationService>();
builder.Services.AddScoped<IProductImportService, ProductImportService>();
builder.Services.AddSingleton<ITelegramBotManagerService, TelegramBotManagerService>();
// Health Checks
builder.Services.AddHealthChecks()
.AddDbContextCheck<LittleShopContext>("database")
.AddCheck("self", () => Microsoft.Extensions.Diagnostics.HealthChecks.HealthCheckResult.Healthy("Application is healthy"));
// Temporarily disabled to use standalone TeleBot with customer orders fix
// builder.Services.AddHostedService<TelegramBotManagerService>();
// AutoMapper
builder.Services.AddAutoMapper(typeof(Program));
// FluentValidation
builder.Services.AddValidatorsFromAssemblyContaining<Program>();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Microsoft.OpenApi.Models.OpenApiInfo
{
Title = "LittleShop API",
Version = "v1",
Description = "A basic online sales system backend with multi-cryptocurrency payment support",
Contact = new Microsoft.OpenApi.Models.OpenApiContact
{
Name = "LittleShop Support"
}
});
// Add JWT authentication to Swagger
c.AddSecurityDefinition("Bearer", new Microsoft.OpenApi.Models.OpenApiSecurityScheme
{
Description = "JWT Authorization header using the Bearer scheme. Enter 'Bearer' [space] and then your token in the text input below.",
Name = "Authorization",
In = Microsoft.OpenApi.Models.ParameterLocation.Header,
Type = Microsoft.OpenApi.Models.SecuritySchemeType.ApiKey,
Scheme = "Bearer"
});
c.AddSecurityRequirement(new Microsoft.OpenApi.Models.OpenApiSecurityRequirement
{
{
new Microsoft.OpenApi.Models.OpenApiSecurityScheme
{
Reference = new Microsoft.OpenApi.Models.OpenApiReference
{
Type = Microsoft.OpenApi.Models.ReferenceType.SecurityScheme,
Id = "Bearer"
}
},
Array.Empty<string>()
}
});
});
// CORS - Configure for both development and production
builder.Services.AddCors(options =>
{
// Development CORS policy - configured from appsettings
options.AddPolicy("DevelopmentCors",
corsBuilder =>
{
var allowedOrigins = builder.Configuration.GetSection("CORS:AllowedOrigins").Get<string[]>()
?? new[] { "http://localhost:3000", "http://localhost:5173", "http://localhost:5000" };
corsBuilder.WithOrigins(allowedOrigins)
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials(); // Important for cookie authentication
});
// Production CORS policy - strict security
options.AddPolicy("ProductionCors",
corsBuilder =>
{
var allowedOrigins = builder.Configuration.GetSection("CORS:AllowedOrigins").Get<string[]>()
?? new[] { "https://littleshop.silverlabs.uk" };
corsBuilder.WithOrigins(allowedOrigins)
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
});
// API-specific CORS policy (no credentials for public API)
options.AddPolicy("ApiCors",
corsBuilder =>
{
// Public API should have more restricted CORS
corsBuilder.WithOrigins("https://littleshop.silverlabs.uk", "https://pay.silverlabs.uk")
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
});
});
var app = builder.Build();
// Configure the HTTP request pipeline.
// Add CORS early in the pipeline - before authentication
if (app.Environment.IsDevelopment())
{
app.UseCors("DevelopmentCors");
app.UseSwagger();
app.UseSwaggerUI();
}
else
{
// Use production CORS policy in production environment
app.UseCors("ProductionCors");
}
// Add error handling middleware for production
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts(); // Use HSTS for production security
}
app.UseStaticFiles(); // Enable serving static files
app.UseAuthentication();
app.UseAuthorization();
// Configure routing
app.MapControllerRoute(
name: "admin",
pattern: "Admin/{controller=Dashboard}/{action=Index}/{id?}",
defaults: new { area = "Admin" }
);
app.MapControllerRoute(
name: "areas",
pattern: "{area:exists}/{controller=Home}/{action=Index}/{id?}");
app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
app.MapControllers(); // API routes
// Health check endpoint
app.MapHealthChecks("/health");
// Apply database migrations and seed data
using (var scope = app.Services.CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService<LittleShopContext>();
// Ensure database is created (temporary while fixing migrations)
context.Database.EnsureCreated();
// Seed default admin user
var authService = scope.ServiceProvider.GetRequiredService<IAuthService>();
await authService.SeedDefaultUserAsync();
// Seed sample data
var dataSeeder = scope.ServiceProvider.GetRequiredService<IDataSeederService>();
await dataSeeder.SeedSampleDataAsync();
}
Log.Information("LittleShop API starting up...");
app.Run();
// Make Program accessible to test project
public partial class Program { }
Reference in New Issue View Git Blame Copy Permalink