disable swagger + update cors for production

2025-10-31 00:55:29 +07:00
parent 29685fd68d
commit 758e376381
6 changed files with 85 additions and 73 deletions
--- a/src/Managing.Api/Program.cs
+++ b/src/Managing.Api/Program.cs
@@ -243,16 +243,33 @@ builder.Services
        };
    });

-builder.Services.AddCors(o => o.AddPolicy("CorsPolicy", builder =>
+// Configure CORS from configuration (appsettings.json)
+var allowedCorsOrigins = builder.Configuration
+    .GetSection("Cors:AllowedOrigins")
+    .Get<string[]>() ?? Array.Empty<string>();
+
+builder.Services.AddCors(options =>
 {
-    builder
-        .SetIsOriginAllowed((host) => true)
-        .AllowAnyOrigin()
-        .WithOrigins("http://localhost:3000/")
-        .AllowAnyMethod()
-        .AllowAnyHeader()
-        .AllowCredentials();
-}));
+    options.AddPolicy("CorsPolicy", policy =>
+    {
+        if (allowedCorsOrigins.Length > 0)
+        {
+            policy
+                .WithOrigins(allowedCorsOrigins)
+                .AllowAnyMethod()
+                .AllowAnyHeader()
+                .AllowCredentials();
+        }
+        else
+        {
+            // Fallback for development if no origins configured
+            policy
+                .AllowAnyMethod()
+                .AllowAnyHeader()
+                .SetIsOriginAllowed(_ => true);
+        }
+    });
+});

 builder.Services.AddSignalR().AddJsonProtocol();
 builder.Services.AddScoped<IJwtUtils, JwtUtils>();
@@ -262,47 +279,51 @@ builder.Services.RegisterApiDependencies(builder.Configuration);
 // Orleans is always configured, but grains can be controlled
 builder.Host.ConfigureOrleans(builder.Configuration, builder.Environment.IsProduction());
 builder.Services.AddHostedServices();
-builder.Services.AddEndpointsApiExplorer();
-builder.Services.AddOpenApiDocument(document =>
+var enableSwagger = builder.Configuration.GetValue<bool>("EnableSwagger", builder.Environment.IsDevelopment());
+if (enableSwagger)
 {
-    document.AddSecurity("JWT", Enumerable.Empty<string>(), new OpenApiSecurityScheme
-    {
-        Type = OpenApiSecuritySchemeType.ApiKey,
-        Name = "Authorization",
-        In = OpenApiSecurityApiKeyLocation.Header,
-        Description = "Type into the textbox: Bearer {your JWT token}."
-    });
-
-    document.OperationProcessors.Add(
-        new AspNetCoreOperationSecurityScopeProcessor("JWT"));
-});
-builder.Services.AddSwaggerGen(options =>
-{
-    options.SchemaFilter<EnumSchemaFilter>();
-    options.AddSecurityDefinition("Bearer,", new Microsoft.OpenApi.Models.OpenApiSecurityScheme
-    {
-        Description = "Please insert your JWT Token into field : Bearer {your_token}",
-        Name = "Authorization",
-        Type = SecuritySchemeType.Http,
-        In = ParameterLocation.Header,
-        Scheme = "Bearer",
-        BearerFormat = "JWT"
-    });
-    options.AddSecurityRequirement(new OpenApiSecurityRequirement
+    builder.Services.AddEndpointsApiExplorer();
+    builder.Services.AddOpenApiDocument(document =>
    {
+        document.AddSecurity("JWT", Enumerable.Empty<string>(), new OpenApiSecurityScheme
        {
-            new Microsoft.OpenApi.Models.OpenApiSecurityScheme
-            {
-                Reference = new OpenApiReference
-                {
-                    Type = ReferenceType.SecurityScheme,
-                    Id = "Bearer"
-                }
-            },
-            new string[] { }
-        }
+            Type = OpenApiSecuritySchemeType.ApiKey,
+            Name = "Authorization",
+            In = OpenApiSecurityApiKeyLocation.Header,
+            Description = "Type into the textbox: Bearer {your JWT token}."
+        });
+
+        document.OperationProcessors.Add(
+            new AspNetCoreOperationSecurityScopeProcessor("JWT"));
    });
-});
+    builder.Services.AddSwaggerGen(options =>
+    {
+        options.SchemaFilter<EnumSchemaFilter>();
+        options.AddSecurityDefinition("Bearer,", new Microsoft.OpenApi.Models.OpenApiSecurityScheme
+        {
+            Description = "Please insert your JWT Token into field : Bearer {your_token}",
+            Name = "Authorization",
+            Type = SecuritySchemeType.Http,
+            In = ParameterLocation.Header,
+            Scheme = "Bearer",
+            BearerFormat = "JWT"
+        });
+        options.AddSecurityRequirement(new OpenApiSecurityRequirement
+        {
+            {
+                new Microsoft.OpenApi.Models.OpenApiSecurityScheme
+                {
+                    Reference = new OpenApiReference
+                    {
+                        Type = ReferenceType.SecurityScheme,
+                        Id = "Bearer"
+                    }
+                },
+                new string[] { }
+            }
+        });
+    });
+}

 builder.WebHost.SetupDiscordBot();

@@ -310,12 +331,15 @@ builder.WebHost.SetupDiscordBot();
 var app = builder.Build();

 app.UseSerilogRequestLogging();
-app.UseOpenApi();
-app.UseSwaggerUI(c =>
+if (enableSwagger)
 {
-    c.SwaggerEndpoint("/swagger/v1/swagger.json", "Managing API v1");
-    c.RoutePrefix = string.Empty;
-});
+    app.UseOpenApi();
+    app.UseSwaggerUI(c =>
+    {
+        c.SwaggerEndpoint("/swagger/v1/swagger.json", "Managing API v1");
+        c.RoutePrefix = string.Empty;
+    });
+}

 app.UseCors("CorsPolicy");