diff --git a/README.md b/README.md index d2316c9a..7f9a410d 100644 --- a/README.md +++ b/README.md @@ -114,7 +114,8 @@ Currently this is the only way to get configuration into Ocelot. } } -Then in your Program.cs you will want to have the following.. +Then in your Program.cs you will want to have the following. This can be changed if you +don't wan't to use the default url e.g. UseUrls(someUrls) and should work as long as you keep the WebHostBuilder registration. IWebHostBuilder builder = new WebHostBuilder(); @@ -390,7 +391,7 @@ In this example ttl seconds is set to 15 which means the cache will expire after ## Administration Ocelot supports changing configuration during runtime via an authenticated HTTP API. The API is authenticated -using bearer tokens that you request from iteself. This support is provided by the amazing IdentityServer +using bearer tokens that you request from iteself. This is provided by the amazing [IdentityServer](https://github.com/IdentityServer/IdentityServer4) project that I have been using for a few years now. Check them out. In order to enable the administration section you need to do a few things. First of all add this to your @@ -403,7 +404,7 @@ to the Ocelot middleware. "AdministrationPath": "/administration" } -This will get the admin area set up but not the authentication. You need to set 3 environmental variables. +This will get the admin area set up but not the authentication. You need to set 3 environmental variables. OCELOT_USERNAME OCELOT_HASH @@ -413,13 +414,13 @@ These need to be the admin username you want to use with Ocelot and the hash and use given hashing algorythm. When requesting bearer tokens for use with the administration api you will need to supply username and password. -In order to create a hash and salt of your password please check out HashCreationTests.should_create_hash_and_salt() this technique is based on MS doc I found online TODO find and link... +In order to create a hash and salt of your password please check out HashCreationTests.should_create_hash_and_salt() +this technique is based on [this](https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/consumer-apis/password-hashing) +using SHA256 rather than SHA1. -OK next thing is to get this config into Ocelot... +Now if you went with the configuration options above and want to access the API you can make the following requests. -At the moment Ocelot supports really limited options in terms of users and authentication for the admin API. At -least your stuff needs to be hashed! diff --git a/src/Ocelot/Configuration/Creator/FileOcelotConfigurationCreator.cs b/src/Ocelot/Configuration/Creator/FileOcelotConfigurationCreator.cs index 049c0fff..2182070d 100644 --- a/src/Ocelot/Configuration/Creator/FileOcelotConfigurationCreator.cs +++ b/src/Ocelot/Configuration/Creator/FileOcelotConfigurationCreator.cs @@ -86,13 +86,13 @@ namespace Ocelot.Configuration.Creator var reRoutes = new List(); - foreach (var reRoute in _options.Value.ReRoutes) + foreach (var reRoute in fileConfiguration.ReRoutes) { - var ocelotReRoute = await SetUpReRoute(reRoute, _options.Value.GlobalConfiguration); + var ocelotReRoute = await SetUpReRoute(reRoute, fileConfiguration.GlobalConfiguration); reRoutes.Add(ocelotReRoute); } - return new OcelotConfiguration(reRoutes, _options.Value.GlobalConfiguration.AdministrationPath); + return new OcelotConfiguration(reRoutes, fileConfiguration.GlobalConfiguration.AdministrationPath); } private async Task SetUpReRoute(FileReRoute fileReRoute, FileGlobalConfiguration globalConfiguration) diff --git a/src/Ocelot/Configuration/Creator/IdentityServerConfigurationCreator.cs b/src/Ocelot/Configuration/Creator/IdentityServerConfigurationCreator.cs new file mode 100644 index 00000000..48819608 --- /dev/null +++ b/src/Ocelot/Configuration/Creator/IdentityServerConfigurationCreator.cs @@ -0,0 +1,35 @@ +using System; +using System.Collections.Generic; +using IdentityServer4.AccessTokenValidation; +using IdentityServer4.Models; +using Ocelot.Configuration.Provider; + +namespace Ocelot.Configuration.Creator +{ + public static class IdentityServerConfigurationCreator + { + public static IdentityServerConfiguration GetIdentityServerConfiguration() + { + var username = Environment.GetEnvironmentVariable("OCELOT_USERNAME"); + var hash = Environment.GetEnvironmentVariable("OCELOT_HASH"); + var salt = Environment.GetEnvironmentVariable("OCELOT_SALT"); + + return new IdentityServerConfiguration( + "admin", + false, + SupportedTokens.Both, + "secret", + new List { "admin", "openid", "offline_access" }, + "Ocelot Administration", + true, + GrantTypes.ResourceOwnerPassword, + AccessTokenType.Jwt, + false, + new List + { + new User("admin", username, hash, salt) + } + ); + } + } +} diff --git a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs index 5f83bec8..ad2a4a8d 100644 --- a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs +++ b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs @@ -3,7 +3,6 @@ using System.Collections.Generic; using System.Linq; using System.Net.Http; using CacheManager.Core; -using IdentityServer4.AccessTokenValidation; using IdentityServer4.Models; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Configuration; @@ -61,7 +60,7 @@ namespace Ocelot.DependencyInjection services.AddSingleton(); services.AddSingleton(); - var identityServerConfiguration = GetIdentityServerConfiguration(); + var identityServerConfiguration = IdentityServerConfigurationCreator.GetIdentityServerConfiguration(); if(identityServerConfiguration != null) { @@ -142,29 +141,5 @@ namespace Ocelot.DependencyInjection return services; } - - private static IdentityServerConfiguration GetIdentityServerConfiguration() - { - var username = Environment.GetEnvironmentVariable("OCELOT_USERNAME"); - var hash = Environment.GetEnvironmentVariable("OCELOT_HASH"); - var salt = Environment.GetEnvironmentVariable("OCELOT_SALT"); - - return new IdentityServerConfiguration( - "admin", - false, - SupportedTokens.Both, - "secret", - new List {"admin", "openid", "offline_access"}, - "Ocelot Administration", - true, - GrantTypes.ResourceOwnerPassword, - AccessTokenType.Jwt, - false, - new List - { - new User("admin", username, hash, salt) - } - ); - } } } diff --git a/src/Ocelot/Responder/HttpContextResponder.cs b/src/Ocelot/Responder/HttpContextResponder.cs index 40b60c30..20313e8f 100644 --- a/src/Ocelot/Responder/HttpContextResponder.cs +++ b/src/Ocelot/Responder/HttpContextResponder.cs @@ -1,5 +1,6 @@ using System.IO; using System.Linq; +using System.Net; using System.Net.Http; using System.Threading.Tasks; using Microsoft.AspNetCore.Http; @@ -54,7 +55,10 @@ namespace Ocelot.Responder using (Stream stream = new MemoryStream(content)) { - await stream.CopyToAsync(context.Response.Body); + if (response.StatusCode != HttpStatusCode.NotModified) + { + await stream.CopyToAsync(context.Response.Body); + } } }