AI/myAi
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Changes
Build and Push Docker Images / build (push) Failing after 2s
Details

Browse Source
This commit is contained in:
Gelu Mihes
2026-05-06 19:10:06 +03:00
parent 9db4fa8de7
commit fce3e881e8
13 changed files with 553 additions and 843 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/Dockerfile
+14 -7
View File
@@ -1,14 +1,20 @@
FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
ARG BUILD_CONFIGURATION=Release ARG BUILD_CONFIGURATION=Release
WORKDIR /src/api WORKDIR /src
# Copy the project file and restore first to leverage Docker layer caching COPY api/api.csproj api/
COPY api.csproj ./ COPY api-models/api-models.csproj api-models/
RUN dotnet restore api.csproj COPY cv-matcher-api-models/cv-matcher-api-models.csproj cv-matcher-api-models/
COPY startup-helpers/startup-helpers.csproj startup-helpers/startup-helpers/
# Copy only the api project files to avoid bringing other projects into the build context RUN dotnet restore api/api.csproj
COPY . ./
RUN dotnet publish api.csproj -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false COPY api/ api/
COPY api-models/ api-models/
COPY cv-matcher-api-models/ cv-matcher-api-models/
COPY startup-helpers/ startup-helpers/
RUN dotnet publish api/api.csproj -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS final FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS final
WORKDIR /app WORKDIR /app
@@ -16,4 +22,5 @@ EXPOSE 8080
ENV ASPNETCORE_URLS=http://0.0.0.0:8080 ENV ASPNETCORE_URLS=http://0.0.0.0:8080
COPY --from=build /app/publish . COPY --from=build /app/publish .
ENTRYPOINT ["dotnet", "api.dll"] ENTRYPOINT ["dotnet", "api.dll"]
api/Program.cs
+24 -335
View File
@@ -1,75 +1,27 @@
using Models.Settings; using System.Reflection;
using Api.Services; using Api.Services;
using Api.Services.Contracts; using Api.Services.Contracts;
using Azure.Identity; using Models.Settings;
using Microsoft.AspNetCore.HttpOverrides;
using Serilog;
using System.Reflection;
using System.Threading.RateLimiting;
using Refit; using Refit;
using Serilog;
using StartupHelpers;
StartupExtensions.LoadDotEnvFile();
// Load .env file if it exists (for local development) const string ServiceName = "api";
DotNetEnv.Env.Load(); var appVersion = StartupExtensions.GetApplicationVersion(Assembly.GetExecutingAssembly());
try try
{ {
var builder = WebApplication.CreateBuilder(args); var builder = WebApplication.CreateBuilder(args);
var appVersion =
Assembly.GetExecutingAssembly()
.GetCustomAttribute<AssemblyInformationalVersionAttribute>()?
.InformationalVersion
?? Assembly.GetExecutingAssembly().GetName().Version?.ToString()
?? "unknown";
builder.ConfigureJsonSerilog(ServiceName, appVersion);
Log.Information("Starting {Service} version {AppVersion}", ServiceName, appVersion);
builder.Host.UseSerilog((context, services, configuration) => builder.AddAzureKeyVaultIfConfigured();
{
configuration
.ReadFrom.Configuration(context.Configuration)
.ReadFrom.Services(services)
.Enrich.FromLogContext()
.Enrich.WithMachineName()
.Enrich.WithEnvironmentName()
.Enrich.WithProperty("AppVersion", appVersion)
.WriteTo.Console(new Serilog.Formatting.Json.JsonFormatter());
});
Log.Information("Starting API version {AppVersion}", appVersion);
// --------------------
// Azure Key Vault Configuration
// --------------------
var keyVaultUri = builder.Configuration["KeyVault:VaultUri"];
var keyVaultEnabled = builder.Configuration.GetValue<bool>("KeyVault:Enabled");
if (keyVaultEnabled && !string.IsNullOrWhiteSpace(keyVaultUri))
{
Log.Information("Loading configuration from Azure Key Vault: {VaultUri}", keyVaultUri);
try
{
builder.Configuration.AddAzureKeyVault(
new Uri(keyVaultUri),
new DefaultAzureCredential());
Log.Information("Azure Key Vault configuration loaded successfully");
}
catch (Exception ex)
{
Log.Warning(ex, "Failed to load Azure Key Vault configuration. Continuing with other configuration sources.");
}
}
else
{
Log.Information("Azure Key Vault is disabled or not configured");
}
// Controllers
builder.Services.AddControllers(); builder.Services.AddControllers();
// Options
builder.Services.Configure<GoogleSettings>(builder.Configuration.GetSection("Google")); builder.Services.Configure<GoogleSettings>(builder.Configuration.GetSection("Google"));
builder.Services.Configure<ContactSettings>(builder.Configuration.GetSection("Contact")); builder.Services.Configure<ContactSettings>(builder.Configuration.GetSection("Contact"));
builder.Services.Configure<SubscribeSettings>(builder.Configuration.GetSection("Subscribe")); builder.Services.Configure<SubscribeSettings>(builder.Configuration.GetSection("Subscribe"));
@@ -77,18 +29,19 @@ try
builder.Services.Configure<CaptchaSettings>(builder.Configuration.GetSection("Captcha")); builder.Services.Configure<CaptchaSettings>(builder.Configuration.GetSection("Captcha"));
builder.Services.Configure<FileStorageSettings>(builder.Configuration.GetSection("FileStorage")); builder.Services.Configure<FileStorageSettings>(builder.Configuration.GetSection("FileStorage"));
// Services
builder.Services.AddHttpClient<ICaptchaVerifier, RecaptchaVerifier>(); builder.Services.AddHttpClient<ICaptchaVerifier, RecaptchaVerifier>();
builder.Services.AddSingleton<IEmailSender, SmtpEmailSender>(); builder.Services.AddSingleton<IEmailSender, SmtpEmailSender>();
builder.Services.AddSingleton<Microsoft.AspNetCore.StaticFiles.IContentTypeProvider, Microsoft.AspNetCore.StaticFiles.FileExtensionContentTypeProvider>(); builder.Services.AddSingleton<Microsoft.AspNetCore.StaticFiles.IContentTypeProvider, Microsoft.AspNetCore.StaticFiles.FileExtensionContentTypeProvider>();
// Refit client for CvMatcher API
builder.Services.AddRefitClient<Api.Clients.Api.Contracts.ICvMatcherApi>() builder.Services.AddRefitClient<Api.Clients.Api.Contracts.ICvMatcherApi>()
.ConfigureHttpClient((sp, client) => .ConfigureHttpClient((sp, client) =>
{ {
var config = sp.GetRequiredService<IConfiguration>(); var config = sp.GetRequiredService<IConfiguration>();
var baseUrl = config["CvMatcherApi:BaseUrl"] ?? string.Empty; var baseUrl = config["CvMatcherApi:BaseUrl"] ?? string.Empty;
if (!string.IsNullOrWhiteSpace(baseUrl)) client.BaseAddress = new Uri(baseUrl.TrimEnd('/') + "/"); if (!string.IsNullOrWhiteSpace(baseUrl))
{
client.BaseAddress = new Uri(baseUrl.TrimEnd('/') + "/");
}
var key = config["CvMatcherApi:InternalApiKey"]; var key = config["CvMatcherApi:InternalApiKey"];
if (!string.IsNullOrWhiteSpace(key) && !client.DefaultRequestHeaders.Contains("X-Internal-Api-Key")) if (!string.IsNullOrWhiteSpace(key) && !client.DefaultRequestHeaders.Contains("X-Internal-Api-Key"))
@@ -97,299 +50,35 @@ try
} }
}); });
// Swagger builder.Services.AddSwaggerWithXmlComments(Assembly.GetExecutingAssembly(), "API");
builder.Services.AddEndpointsApiExplorer(); builder.Services.ConfigureCaddyForwardedHeaders();
builder.Services.AddSwaggerGen(options => builder.Services.AddFrontendCorsFromConfiguration(builder.Configuration);
{ builder.Services.AddPublicApiRateLimiting();
// Include XML comments (enable <GenerateDocumentationFile> in csproj)
var xmlFile = (Assembly.GetExecutingAssembly().GetName().Name ?? "Api") + ".xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
if (File.Exists(xmlPath)) options.IncludeXmlComments(xmlPath);
// Enable annotations like [SwaggerOperation], [SwaggerResponse]
options.EnableAnnotations();
});
// If you're behind Caddy / reverse proxy
builder.Services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
// use the normalized header Caddy sends upstream.
options.ForwardedForHeaderName = "X-Real-IP";
options.KnownIPNetworks.Clear();
options.KnownProxies.Clear();
options.ForwardLimit = 1;
});
// --------------------
// CORS (lock it down)
// --------------------
// Configure allowed origins via config/env var.
// Example env var in Docker: Cors__AllowedOrigins__0=https://app.yourdomain.com
var allowedOrigins = builder.Configuration.GetSection("Cors:AllowedOrigins").Get<string[]>() ?? Array.Empty<string>();
builder.Services.AddCors(options =>
{
options.AddPolicy("FrontendOnly", policy =>
{
// If none configured, fail closed: allow nothing.
if (allowedOrigins.Length > 0)
{
policy.WithOrigins(allowedOrigins)
.WithMethods("POST", "OPTIONS") // contact form only
.WithHeaders("Content-Type") // keep minimal
.SetPreflightMaxAge(TimeSpan.FromHours(1));
}
});
});
// --------------------
// Rate Limiting
// --------------------
// Two layers:
// 1) A global limiter (keeps random traffic sane).
// 2) A stricter policy for /api/contact.
builder.Services.AddRateLimiter(options =>
{
// Global: per IP, moderate
options.GlobalLimiter = PartitionedRateLimiter.Create<HttpContext, string>(httpContext =>
{
var ip = httpContext.Connection.RemoteIpAddress?.ToString() ?? "unknown";
return RateLimitPartition.GetFixedWindowLimiter(
partitionKey: ip,
factory: _ => new FixedWindowRateLimiterOptions
{
PermitLimit = 120, // 120 req
Window = TimeSpan.FromMinutes(1), // per minute
QueueLimit = 0,
AutoReplenishment = true
}
);
});
// Policy: contact endpoint, stricter (per IP)
options.AddPolicy("contact", httpContext =>
{
var ip = httpContext.Connection.RemoteIpAddress?.ToString() ?? "unknown";
return RateLimitPartition.GetFixedWindowLimiter(
partitionKey: ip,
factory: _ => new FixedWindowRateLimiterOptions
{
PermitLimit = 5, // 5 submits
Window = TimeSpan.FromMinutes(1), // per minute per IP
QueueLimit = 0,
AutoReplenishment = true
}
);
});
// Policy: CV matcher, expensive because it calls AI APIs.
options.AddPolicy("cv-matcher", httpContext =>
{
var ip = httpContext.Connection.RemoteIpAddress?.ToString() ?? "unknown";
return RateLimitPartition.GetFixedWindowLimiter(
partitionKey: ip,
factory: _ => new FixedWindowRateLimiterOptions
{
PermitLimit = 10,
Window = TimeSpan.FromMinutes(10),
QueueLimit = 0,
AutoReplenishment = true
}
);
});
options.RejectionStatusCode = StatusCodes.Status429TooManyRequests;
options.OnRejected = async (context, ct) =>
{
var logger = context.HttpContext.RequestServices
.GetRequiredService<ILogger<Program>>();
var ip = context.HttpContext.Connection.RemoteIpAddress?.ToString() ?? "unknown";
var endpoint = context.HttpContext.Request.Path;
logger.LogWarning(
"Rate limit exceeded for {Endpoint} from IP {IP}",
endpoint, ip
);
// Small, bot-unfriendly response
context.HttpContext.Response.ContentType = "application/json";
await context.HttpContext.Response.WriteAsync(
"""{"error":"Too many requests. Try again later."}""",
ct
);
};
});
var app = builder.Build(); var app = builder.Build();
var logger = app.Services.GetRequiredService<ILogger<Program>>(); app.LogStartupDiagnostics(ServiceName);
logger.LogInformation("API starting up...");
logger.LogInformation("Environment: {Environment}", app.Environment.EnvironmentName);
// Log all environment variables and configuration settings at startup
// Can be controlled via appsettings: "LogEnvironmentOnStartup": true
var logEnvironmentOnStartup = app.Configuration.GetValue<bool>("LogEnvironmentOnStartup", defaultValue: true);
if (logEnvironmentOnStartup)
{
LogEnvironmentSettings(logger, app.Configuration, app.Environment);
}
// Forwarded headers must be early in the pipeline
app.UseForwardedHeaders(); app.UseForwardedHeaders();
app.UseDefaultSerilogRequestLogging(includeProxyHeaders: true);
// Add Serilog request logging app.UseSwaggerInDevelopment("API", "API");
app.UseSerilogRequestLogging(options =>
{
options.MessageTemplate =
"HTTP {RequestMethod} {RequestPath} responded {StatusCode} in {Elapsed:0.0000} ms";
options.EnrichDiagnosticContext = (diagnosticContext, httpContext) =>
{
diagnosticContext.Set("RequestHost", httpContext.Request.Host.Value);
diagnosticContext.Set("RequestScheme", httpContext.Request.Scheme);
diagnosticContext.Set("RemoteIP", httpContext.Connection.RemoteIpAddress?.ToString());
diagnosticContext.Set("UserAgent", httpContext.Request.Headers.UserAgent.ToString());
diagnosticContext.Set("XRealIP", httpContext.Request.Headers["X-Real-IP"].ToString());
diagnosticContext.Set("XForwardedFor", httpContext.Request.Headers["X-Forwarded-For"].ToString());
};
});
// Swagger (typically only in Development)
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI(options =>
{
options.DocumentTitle = "API";
options.SwaggerEndpoint("/swagger/v1/swagger.json", "API v1");
options.RoutePrefix = "swagger"; // /swagger
});
}
app.UseHttpsRedirection(); app.UseHttpsRedirection();
app.UseAuthorization(); app.UseAuthorization();
app.UseRouting(); app.UseRouting();
app.UseCors("FrontendOnly"); app.UseCors("FrontendOnly");
app.UseRateLimiter(); app.UseRateLimiter();
app.MapControllers(); app.MapControllers();
logger.LogInformation("API startup complete. Listening for requests..."); Log.Information("{Service} startup complete. Listening for requests...", ServiceName);
app.Run(); app.Run();
} }
catch (Exception ex) catch (Exception ex)
{ {
Log.Fatal(ex, "Application terminated unexpectedly"); Log.Fatal(ex, "{Service} terminated unexpectedly", ServiceName);
} }
finally finally
{ {
Log.Information("Shutting down API..."); Log.Information("Shutting down {Service}", ServiceName);
Log.CloseAndFlush(); Log.CloseAndFlush();
} }
static void LogEnvironmentSettings(Microsoft.Extensions.Logging.ILogger logger, IConfiguration configuration, IWebHostEnvironment environment)
{
logger.LogInformation("==================== ENVIRONMENT SETTINGS ====================");
// Environment Information
logger.LogInformation("Application Name: {ApplicationName}", environment.ApplicationName);
logger.LogInformation("Environment Name: {EnvironmentName}", environment.EnvironmentName);
logger.LogInformation("Content Root Path: {ContentRootPath}", environment.ContentRootPath);
logger.LogInformation("Web Root Path: {WebRootPath}", environment.WebRootPath);
// Environment Variables
logger.LogInformation("-------------- Environment Variables --------------");
var envVars = Environment.GetEnvironmentVariables();
var sortedEnvVars = new SortedDictionary<string, string?>();
foreach (System.Collections.DictionaryEntry entry in envVars)
{
var key = entry.Key?.ToString() ?? string.Empty;
var value = entry.Value?.ToString() ?? string.Empty;
// Mask sensitive values (passwords, secrets, tokens, keys) but show last 4 characters
if (IsSensitiveKey(key))
{
value = MaskValueWithLastChars(value);
}
sortedEnvVars[key] = value;
}
foreach (var kvp in sortedEnvVars)
{
logger.LogInformation(" {Key} = {Value}", kvp.Key, kvp.Value);
}
// Configuration Settings
logger.LogInformation("-------------- Configuration Settings --------------");
LogConfigurationRecursive(logger, configuration.GetChildren(), "");
logger.LogInformation("===========================================================");
}
static void LogConfigurationRecursive(Microsoft.Extensions.Logging.ILogger logger, IEnumerable<IConfigurationSection> sections, string prefix)
{
foreach (var section in sections)
{
var key = string.IsNullOrEmpty(prefix) ? section.Key : $"{prefix}:{section.Key}";
if (section.Value != null)
{
var value = section.Value;
// Mask sensitive configuration values but show last 4 characters
if (IsSensitiveKey(key))
{
value = MaskValueWithLastChars(value);
}
logger.LogInformation(" {Key} = {Value}", key, value);
}
// Recurse into child sections
if (section.GetChildren().Any())
{
LogConfigurationRecursive(logger, section.GetChildren(), key);
}
}
}
static bool IsSensitiveKey(string key)
{
return key.Contains("Password", StringComparison.OrdinalIgnoreCase) ||
key.Contains("Secret", StringComparison.OrdinalIgnoreCase) ||
key.Contains("Token", StringComparison.OrdinalIgnoreCase) ||
key.Contains("Key", StringComparison.OrdinalIgnoreCase) ||
key.Contains("ConnectionString", StringComparison.OrdinalIgnoreCase);
}
static string MaskValueWithLastChars(string value)
{
if (string.IsNullOrEmpty(value))
{
return "***NOT SET***";
}
// If value is too short, just mask it completely
if (value.Length <= 4)
{
return "***MASKED***";
}
// Show last 4 characters
var lastChars = value.Substring(value.Length - 4);
return $"***MASKED***...{lastChars}";
}
api/api.csproj
+2 -1
View File
@@ -37,6 +37,7 @@
<ItemGroup> <ItemGroup>
<ProjectReference Include="..\api-models\api-models.csproj" /> <ProjectReference Include="..\api-models\api-models.csproj" />
<ProjectReference Include="..\cv-matcher-api-models\cv-matcher-api-models.csproj" /> <ProjectReference Include="..\cv-matcher-api-models\cv-matcher-api-models.csproj" />
</ItemGroup> <ProjectReference Include="..\startup-helpers\startup-helpers.csproj" />
</ItemGroup>
</Project> </Project>
cv-matcher-api/Dockerfile
+20 -11
View File
@@ -1,15 +1,24 @@
FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS base FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
ARG BUILD_CONFIGURATION=Release
WORKDIR /src
COPY cv-mapper-api/cv-mapper-api.csproj cv-mapper-api/
COPY cv-matcher-api-models/cv-matcher-api-models.csproj cv-matcher-api-models/
COPY startup-helpers/startup-helpers.csproj startup-helpers/startup-helpers/
RUN dotnet restore cv-mapper-api/api.csproj
COPY cv-mapper-api/ cv-mapper-api/
COPY cv-matcher-api-models/ cv-matcher-api-models/
COPY startup-helpers/ startup-helpers/
RUN dotnet publish cv-mapper-api/cv-mapper-api.csproj -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS final
WORKDIR /app WORKDIR /app
EXPOSE 8080 EXPOSE 8080
ENV ASPNETCORE_URLS=http://0.0.0.0:8080
FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
WORKDIR /src
COPY ["cv-matcher-api.csproj", "./"]
RUN dotnet restore "cv-matcher-api.csproj"
COPY . .
RUN dotnet publish "cv-matcher-api.csproj" -c Release -o /app/publish /p:UseAppHost=false
FROM base AS final
WORKDIR /app
COPY --from=build /app/publish . COPY --from=build /app/publish .
ENTRYPOINT ["dotnet", "cv-matcher-api.dll"]
ENTRYPOINT ["dotnet", "cv-mapper-api.dll"]
cv-matcher-api/Program.cs
+29 -239
View File
@@ -1,74 +1,33 @@
using Azure.Identity;
using Api.Data;
using Api.Services;
using Api.Services.Contracts;
using Microsoft.AspNetCore.Diagnostics;
using Serilog;
using System.Reflection; using System.Reflection;
using Microsoft.EntityFrameworkCore;
using Refit;
using Api.Data.Repositories;
using Api.Data.Repositories.Contracts;
using Api.Clients.Api;
using Api.Clients.Api.Contracts;
using Api.Clients.Ai; using Api.Clients.Ai;
using Api.Clients.Ai.Contracts; using Api.Clients.Ai.Contracts;
using Api.Clients.Api;
using Api.Clients.Api.Contracts;
using Api.Data;
using Api.Data.Repositories;
using Api.Data.Repositories.Contracts;
using Api.Services;
using Api.Services.Contracts;
using CvMatcher.Models.Settings; using CvMatcher.Models.Settings;
using Microsoft.EntityFrameworkCore;
using Refit;
using Serilog;
using Shared.Models.Settings; using Shared.Models.Settings;
using StartupHelpers;
DotNetEnv.Env.Load(); StartupExtensions.LoadDotEnvFile();
const string ServiceName = "cv-matcher-api";
var appVersion = StartupExtensions.GetApplicationVersion(Assembly.GetExecutingAssembly());
try try
{ {
var builder = WebApplication.CreateBuilder(args); var builder = WebApplication.CreateBuilder(args);
var appVersion = Assembly.GetExecutingAssembly()
.GetCustomAttribute<AssemblyInformationalVersionAttribute>()?
.InformationalVersion
?? Assembly.GetExecutingAssembly().GetName().Version?.ToString()
?? "unknown";
builder.Host.UseSerilog((context, services, configuration) => builder.ConfigureJsonSerilog(ServiceName, appVersion);
{ Log.Information("Starting {Service} version {AppVersion}", ServiceName, appVersion);
configuration
.ReadFrom.Configuration(context.Configuration)
.ReadFrom.Services(services)
.Enrich.FromLogContext()
.Enrich.WithMachineName()
.Enrich.WithEnvironmentName()
.Enrich.WithProperty("Service", "cv-matcher-api")
.Enrich.WithProperty("AppVersion", appVersion)
.WriteTo.Console(new Serilog.Formatting.Json.JsonFormatter());
});
Log.Information("Starting {Service} version {AppVersion}", "cv-matcher-api", appVersion); builder.AddAzureKeyVaultIfConfigured();
// --------------------
// Azure Key Vault Configuration
// --------------------
var keyVaultUri = builder.Configuration["KeyVault:VaultUri"];
var keyVaultEnabled = builder.Configuration.GetValue<bool>("KeyVault:Enabled");
if (keyVaultEnabled && !string.IsNullOrWhiteSpace(keyVaultUri))
{
Log.Information("Loading configuration from Azure Key Vault: {VaultUri}", keyVaultUri);
try
{
builder.Configuration.AddAzureKeyVault(
new Uri(keyVaultUri),
new DefaultAzureCredential());
Log.Information("Azure Key Vault configuration loaded successfully");
}
catch (Exception ex)
{
Log.Warning(ex, "Failed to load Azure Key Vault configuration. Continuing with other configuration sources.");
}
}
else
{
Log.Information("Azure Key Vault is disabled or not configured");
}
builder.Services.Configure<RagApiSettings>(builder.Configuration.GetSection("RagApi")); builder.Services.Configure<RagApiSettings>(builder.Configuration.GetSection("RagApi"));
builder.Services.Configure<InternalApiSettings>(builder.Configuration.GetSection("InternalApi")); builder.Services.Configure<InternalApiSettings>(builder.Configuration.GetSection("InternalApi"));
@@ -76,7 +35,6 @@ try
builder.Services.Configure<MatcherSettings>(builder.Configuration.GetSection("Matcher")); builder.Services.Configure<MatcherSettings>(builder.Configuration.GetSection("Matcher"));
builder.Services.Configure<SmtpSettings>(builder.Configuration.GetSection("Smtp")); builder.Services.Configure<SmtpSettings>(builder.Configuration.GetSection("Smtp"));
// Register Refit client for the external RAG API and a thin wrapper that implements IRagApiClient
builder.Services.AddRefitClient<IRefitRagApi>() builder.Services.AddRefitClient<IRefitRagApi>()
.ConfigureHttpClient((sp, c) => .ConfigureHttpClient((sp, c) =>
{ {
@@ -98,28 +56,11 @@ try
builder.Services.AddScoped<ICvMatcherService, CvMatcherService>(); builder.Services.AddScoped<ICvMatcherService, CvMatcherService>();
builder.Services.AddControllers(); builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerWithXmlComments(Assembly.GetExecutingAssembly(), ServiceName);
builder.Services.AddSwaggerGen(options =>
{
var xmlFile = (Assembly.GetExecutingAssembly().GetName().Name ?? "cv-matcher-api") + ".xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
if (File.Exists(xmlPath)) options.IncludeXmlComments(xmlPath);
options.EnableAnnotations();
});
var app = builder.Build(); var app = builder.Build();
var logger = app.Services.GetRequiredService<ILogger<Program>>(); app.LogStartupDiagnostics(ServiceName);
logger.LogInformation("API starting up...");
logger.LogInformation("Environment: {Environment}", app.Environment.EnvironmentName);
// Log all environment variables and configuration settings at startup
// Can be controlled via appsettings: "LogEnvironmentOnStartup": true
var logEnvironmentOnStartup = app.Configuration.GetValue<bool>("LogEnvironmentOnStartup", defaultValue: true);
if (logEnvironmentOnStartup)
{
LogEnvironmentSettings(logger, app.Configuration, app.Environment);
}
using (var scope = app.Services.CreateScope()) using (var scope = app.Services.CreateScope())
{ {
@@ -127,181 +68,30 @@ try
await repository.InitializeAsync(CancellationToken.None); await repository.InitializeAsync(CancellationToken.None);
} }
app.UseSerilogRequestLogging(options => app.UseDefaultSerilogRequestLogging();
{ app.UseJsonExceptionHandler(ServiceName);
options.MessageTemplate = "HTTP {RequestMethod} {RequestPath} responded {StatusCode} in {Elapsed:0.0000} ms"; app.UseInternalApiKeyProtection();
options.EnrichDiagnosticContext = (diagnosticContext, httpContext) => app.UseSwaggerInDevelopment(ServiceName, ServiceName);
{
diagnosticContext.Set("RequestHost", httpContext.Request.Host.Value);
diagnosticContext.Set("RequestScheme", httpContext.Request.Scheme);
diagnosticContext.Set("RemoteIP", httpContext.Connection.RemoteIpAddress?.ToString());
diagnosticContext.Set("UserAgent", httpContext.Request.Headers.UserAgent.ToString());
};
});
app.UseExceptionHandler(errorApp =>
{
errorApp.Run(async context =>
{
var feature = context.Features.Get<IExceptionHandlerFeature>();
var logger = context.RequestServices.GetRequiredService<ILogger<Program>>();
if (feature?.Error is not null)
{
logger.LogError(feature.Error, "Unhandled exception in {Service}", "cv-matcher-api");
}
context.Response.StatusCode = StatusCodes.Status500InternalServerError;
context.Response.ContentType = "application/json";
await context.Response.WriteAsJsonAsync(new { error = "Unexpected server error." });
});
});
app.Use(async (context, next) =>
{
var settings = context.RequestServices.GetRequiredService<Microsoft.Extensions.Options.IOptions<InternalApiSettings>>().Value;
if (settings.RequireApiKey)
{
var header = context.Request.Headers["X-Internal-Api-Key"].ToString();
if (string.IsNullOrWhiteSpace(settings.ApiKey) || header != settings.ApiKey)
{
var logger = context.RequestServices.GetRequiredService<ILogger<Program>>();
logger.LogWarning("Rejected unauthorized internal API call. Path={Path}, RemoteIP={RemoteIP}", context.Request.Path, context.Connection.RemoteIpAddress?.ToString());
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
await context.Response.WriteAsJsonAsync(new { error = "Unauthorized internal API call." });
return;
}
}
await next();
});
// Swagger (typically only in Development)
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI(options =>
{
options.DocumentTitle = "cv-matcher-api";
options.SwaggerEndpoint("/swagger/v1/swagger.json", "cv-matcher-api v1");
options.RoutePrefix = "swagger";
});
}
app.MapControllers(); app.MapControllers();
app.MapGet("/health", () => Results.Ok(new { status = "ok", service = "cv-matcher-api", version = appVersion, timeUtc = DateTimeOffset.UtcNow })); app.MapHealthEndpoint(ServiceName, appVersion);
Log.Information("Running EF Core migrations if any");
Log.Information("Running EfCore DbMigrations if any");
using (var scope = app.Services.CreateScope()) using (var scope = app.Services.CreateScope())
{ {
var db = scope.ServiceProvider.GetRequiredService<CvMatcherDbContext>(); var db = scope.ServiceProvider.GetRequiredService<CvMatcherDbContext>();
db.Database.Migrate(); db.Database.Migrate();
} }
Log.Information("{Service} startup complete", "cv-matcher-api"); Log.Information("{Service} startup complete", ServiceName);
app.Run(); app.Run();
} }
catch (Exception ex) catch (Exception ex)
{ {
Log.Fatal(ex, "cv-matcher-api terminated unexpectedly"); Log.Fatal(ex, "{Service} terminated unexpectedly", ServiceName);
} }
finally finally
{ {
Log.Information("Shutting down cv-matcher-api"); Log.Information("Shutting down {Service}", ServiceName);
Log.CloseAndFlush(); Log.CloseAndFlush();
} }
static void LogEnvironmentSettings(Microsoft.Extensions.Logging.ILogger logger, IConfiguration configuration, IWebHostEnvironment environment)
{
logger.LogInformation("==================== ENVIRONMENT SETTINGS ====================");
// Environment Information
logger.LogInformation("Application Name: {ApplicationName}", environment.ApplicationName);
logger.LogInformation("Environment Name: {EnvironmentName}", environment.EnvironmentName);
logger.LogInformation("Content Root Path: {ContentRootPath}", environment.ContentRootPath);
logger.LogInformation("Web Root Path: {WebRootPath}", environment.WebRootPath);
// Environment Variables
logger.LogInformation("-------------- Environment Variables --------------");
var envVars = Environment.GetEnvironmentVariables();
var sortedEnvVars = new SortedDictionary<string, string?>();
foreach (System.Collections.DictionaryEntry entry in envVars)
{
var key = entry.Key?.ToString() ?? string.Empty;
var value = entry.Value?.ToString() ?? string.Empty;
// Mask sensitive values (passwords, secrets, tokens, keys) but show last 4 characters
if (IsSensitiveKey(key))
{
value = MaskValueWithLastChars(value);
}
sortedEnvVars[key] = value;
}
foreach (var kvp in sortedEnvVars)
{
logger.LogInformation(" {Key} = {Value}", kvp.Key, kvp.Value);
}
// Configuration Settings
logger.LogInformation("-------------- Configuration Settings --------------");
LogConfigurationRecursive(logger, configuration.GetChildren(), "");
logger.LogInformation("===========================================================");
}
static void LogConfigurationRecursive(Microsoft.Extensions.Logging.ILogger logger, IEnumerable<IConfigurationSection> sections, string prefix)
{
foreach (var section in sections)
{
var key = string.IsNullOrEmpty(prefix) ? section.Key : $"{prefix}:{section.Key}";
if (section.Value != null)
{
var value = section.Value;
// Mask sensitive configuration values but show last 4 characters
if (IsSensitiveKey(key))
{
value = MaskValueWithLastChars(value);
}
logger.LogInformation(" {Key} = {Value}", key, value);
}
// Recurse into child sections
if (section.GetChildren().Any())
{
LogConfigurationRecursive(logger, section.GetChildren(), key);
}
}
}
static bool IsSensitiveKey(string key)
{
return key.Contains("Password", StringComparison.OrdinalIgnoreCase) ||
key.Contains("Secret", StringComparison.OrdinalIgnoreCase) ||
key.Contains("Token", StringComparison.OrdinalIgnoreCase) ||
key.Contains("Key", StringComparison.OrdinalIgnoreCase) ||
key.Contains("ConnectionString", StringComparison.OrdinalIgnoreCase);
}
static string MaskValueWithLastChars(string value)
{
if (string.IsNullOrEmpty(value))
{
return "***NOT SET***";
}
// If value is too short, just mask it completely
if (value.Length <= 4)
{
return "***MASKED***";
}
// Show last 4 characters
var lastChars = value.Substring(value.Length - 4);
return $"***MASKED***...{lastChars}";
}
cv-matcher-api/cv-matcher-api.csproj
+3 -2
View File
@@ -1,4 +1,4 @@
<Project Sdk="Microsoft.NET.Sdk.Web"> <Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup> <PropertyGroup>
<TargetFramework>net10.0</TargetFramework> <TargetFramework>net10.0</TargetFramework>
<Nullable>enable</Nullable> <Nullable>enable</Nullable>
@@ -79,5 +79,6 @@
<ItemGroup> <ItemGroup>
<ProjectReference Include="..\cv-matcher-api-models\cv-matcher-api-models.csproj" /> <ProjectReference Include="..\cv-matcher-api-models\cv-matcher-api-models.csproj" />
<ProjectReference Include="..\shared-models\shared-models.csproj" /> <ProjectReference Include="..\shared-models\shared-models.csproj" />
</ItemGroup> <ProjectReference Include="..\startup-helpers\startup-helpers.csproj" />
</ItemGroup>
</Project> </Project>
rag-api/Dockerfile
+21 -10
View File
@@ -1,15 +1,26 @@
FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS base FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
ARG BUILD_CONFIGURATION=Release
WORKDIR /src
COPY rag-api/rag-api.csproj rag-api/
COPY rag-api-models/rag-api-models.csproj rag-api-models/
COPY shared-models/shared-models.csproj shared-models/
COPY startup-helpers/startup-helpers.csproj startup-helpers/startup-helpers/
RUN dotnet restore rag-api/api.csproj
COPY rag-api/ rag-api/
COPY rag-api-models/ rag-api-models/
COPY shared-models/ shared-models/
COPY startup-helpers/ startup-helpers/
RUN dotnet publish rag-api/rag-api.csproj -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS final
WORKDIR /app WORKDIR /app
EXPOSE 8080 EXPOSE 8080
ENV ASPNETCORE_URLS=http://0.0.0.0:8080
FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
WORKDIR /src
COPY ["rag-api.csproj", "./"]
RUN dotnet restore "rag-api.csproj"
COPY . .
RUN dotnet publish "rag-api.csproj" -c Release -o /app/publish /p:UseAppHost=false
FROM base AS final
WORKDIR /app
COPY --from=build /app/publish . COPY --from=build /app/publish .
ENTRYPOINT ["dotnet", "rag-api.dll"] ENTRYPOINT ["dotnet", "rag-api.dll"]
rag-api/Program.cs
+25 -233
View File
@@ -1,71 +1,30 @@
using Azure.Identity; using System.Reflection;
using Microsoft.AspNetCore.Diagnostics; using Api.Clients.Ai;
using Api.Clients.Ai.Contracts;
using Api.Data; using Api.Data;
using Api.Data.Repositories;
using Api.Data.Repositories.Contracts;
using Api.Services; using Api.Services;
using Api.Services.Contracts; using Api.Services.Contracts;
using Serilog;
using System.Reflection;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
using Rag.Models.Settings; using Rag.Models.Settings;
using Api.Data.Repositories.Contracts; using Serilog;
using Api.Data.Repositories;
using Api.Clients.Ai.Contracts;
using Api.Clients.Ai;
using Shared.Models.Settings; using Shared.Models.Settings;
using StartupHelpers;
DotNetEnv.Env.Load(); StartupExtensions.LoadDotEnvFile();
const string ServiceName = "rag-api";
var appVersion = StartupExtensions.GetApplicationVersion(Assembly.GetExecutingAssembly());
try try
{ {
var builder = WebApplication.CreateBuilder(args); var builder = WebApplication.CreateBuilder(args);
var appVersion = Assembly.GetExecutingAssembly()
.GetCustomAttribute<AssemblyInformationalVersionAttribute>()?
.InformationalVersion
?? Assembly.GetExecutingAssembly().GetName().Version?.ToString()
?? "unknown";
builder.Host.UseSerilog((context, services, configuration) => builder.ConfigureJsonSerilog(ServiceName, appVersion);
{ Log.Information("Starting {Service} version {AppVersion}", ServiceName, appVersion);
configuration
.ReadFrom.Configuration(context.Configuration)
.ReadFrom.Services(services)
.Enrich.FromLogContext()
.Enrich.WithMachineName()
.Enrich.WithEnvironmentName()
.Enrich.WithProperty("Service", "rag-api")
.Enrich.WithProperty("AppVersion", appVersion)
.WriteTo.Console(new Serilog.Formatting.Json.JsonFormatter());
});
Log.Information("Starting {Service} version {AppVersion}", "rag-api", appVersion); builder.AddAzureKeyVaultIfConfigured();
// --------------------
// Azure Key Vault Configuration
// --------------------
var keyVaultUri = builder.Configuration["KeyVault:VaultUri"];
var keyVaultEnabled = builder.Configuration.GetValue<bool>("KeyVault:Enabled");
if (keyVaultEnabled && !string.IsNullOrWhiteSpace(keyVaultUri))
{
Log.Information("Loading configuration from Azure Key Vault: {VaultUri}", keyVaultUri);
try
{
builder.Configuration.AddAzureKeyVault(
new Uri(keyVaultUri),
new DefaultAzureCredential());
Log.Information("Azure Key Vault configuration loaded successfully");
}
catch (Exception ex)
{
Log.Warning(ex, "Failed to load Azure Key Vault configuration. Continuing with other configuration sources.");
}
}
else
{
Log.Information("Azure Key Vault is disabled or not configured");
}
builder.Services.Configure<RagSettings>(builder.Configuration.GetSection("Rag")); builder.Services.Configure<RagSettings>(builder.Configuration.GetSection("Rag"));
builder.Services.Configure<Rag.Models.Settings.AiSettings>(builder.Configuration.GetSection("Ai")); builder.Services.Configure<Rag.Models.Settings.AiSettings>(builder.Configuration.GetSection("Ai"));
@@ -84,28 +43,11 @@ try
builder.Services.AddScoped<IRagService, RagService>(); builder.Services.AddScoped<IRagService, RagService>();
builder.Services.AddControllers(); builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerWithXmlComments(Assembly.GetExecutingAssembly(), ServiceName);
builder.Services.AddSwaggerGen(options =>
{
var xmlFile = (Assembly.GetExecutingAssembly().GetName().Name ?? "rag-api") + ".xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
if (File.Exists(xmlPath)) options.IncludeXmlComments(xmlPath);
options.EnableAnnotations();
});
var app = builder.Build(); var app = builder.Build();
var logger = app.Services.GetRequiredService<ILogger<Program>>(); app.LogStartupDiagnostics(ServiceName);
logger.LogInformation("API starting up...");
logger.LogInformation("Environment: {Environment}", app.Environment.EnvironmentName);
// Log all environment variables and configuration settings at startup
// Can be controlled via appsettings: "LogEnvironmentOnStartup": true
var logEnvironmentOnStartup = app.Configuration.GetValue<bool>("LogEnvironmentOnStartup", defaultValue: true);
if (logEnvironmentOnStartup)
{
LogEnvironmentSettings(logger, app.Configuration, app.Environment);
}
using (var scope = app.Services.CreateScope()) using (var scope = app.Services.CreateScope())
{ {
@@ -113,180 +55,30 @@ try
await repository.InitializeAsync(CancellationToken.None); await repository.InitializeAsync(CancellationToken.None);
} }
app.UseSerilogRequestLogging(options => app.UseDefaultSerilogRequestLogging();
{ app.UseJsonExceptionHandler(ServiceName);
options.MessageTemplate = "HTTP {RequestMethod} {RequestPath} responded {StatusCode} in {Elapsed:0.0000} ms"; app.UseInternalApiKeyProtection();
options.EnrichDiagnosticContext = (diagnosticContext, httpContext) => app.UseSwaggerInDevelopment(ServiceName, ServiceName);
{
diagnosticContext.Set("RequestHost", httpContext.Request.Host.Value);
diagnosticContext.Set("RequestScheme", httpContext.Request.Scheme);
diagnosticContext.Set("RemoteIP", httpContext.Connection.RemoteIpAddress?.ToString());
diagnosticContext.Set("UserAgent", httpContext.Request.Headers.UserAgent.ToString());
};
});
app.UseExceptionHandler(errorApp =>
{
errorApp.Run(async context =>
{
var feature = context.Features.Get<IExceptionHandlerFeature>();
var logger = context.RequestServices.GetRequiredService<ILogger<Program>>();
if (feature?.Error is not null)
{
logger.LogError(feature.Error, "Unhandled exception in {Service}", "rag-api");
}
context.Response.StatusCode = StatusCodes.Status500InternalServerError;
context.Response.ContentType = "application/json";
await context.Response.WriteAsJsonAsync(new { error = "Unexpected server error." });
});
});
app.Use(async (context, next) =>
{
var settings = context.RequestServices.GetRequiredService<Microsoft.Extensions.Options.IOptions<InternalApiSettings>>().Value;
if (settings.RequireApiKey)
{
var header = context.Request.Headers["X-Internal-Api-Key"].ToString();
if (string.IsNullOrWhiteSpace(settings.ApiKey) || header != settings.ApiKey)
{
var logger = context.RequestServices.GetRequiredService<ILogger<Program>>();
logger.LogWarning("Rejected unauthorized internal API call. Path={Path}, RemoteIP={RemoteIP}", context.Request.Path, context.Connection.RemoteIpAddress?.ToString());
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
await context.Response.WriteAsJsonAsync(new { error = "Unauthorized internal API call." });
return;
}
}
await next();
});
// Swagger (typically only in Development)
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI(options =>
{
options.DocumentTitle = "rag-api";
options.SwaggerEndpoint("/swagger/v1/swagger.json", "rag-api v1");
options.RoutePrefix = "swagger";
});
}
app.MapControllers(); app.MapControllers();
app.MapGet("/health", () => Results.Ok(new { status = "ok", service = "rag-api", version = appVersion, timeUtc = DateTimeOffset.UtcNow })); app.MapHealthEndpoint(ServiceName, appVersion);
Log.Information("Running EfCore DbMigrations if any"); Log.Information("Running EF Core migrations if any");
using (var scope = app.Services.CreateScope()) using (var scope = app.Services.CreateScope())
{ {
var db = scope.ServiceProvider.GetRequiredService<RagDbContext>(); var db = scope.ServiceProvider.GetRequiredService<RagDbContext>();
db.Database.Migrate(); db.Database.Migrate();
} }
Log.Information("{Service} startup complete", "rag-api"); Log.Information("{Service} startup complete", ServiceName);
app.Run(); app.Run();
} }
catch (Exception ex) catch (Exception ex)
{ {
Log.Fatal(ex, "rag-api terminated unexpectedly"); Log.Fatal(ex, "{Service} terminated unexpectedly", ServiceName);
} }
finally finally
{ {
Log.Information("Shutting down rag-api"); Log.Information("Shutting down {Service}", ServiceName);
Log.CloseAndFlush(); Log.CloseAndFlush();
} }
static void LogEnvironmentSettings(Microsoft.Extensions.Logging.ILogger logger, IConfiguration configuration, IWebHostEnvironment environment)
{
logger.LogInformation("==================== ENVIRONMENT SETTINGS ====================");
// Environment Information
logger.LogInformation("Application Name: {ApplicationName}", environment.ApplicationName);
logger.LogInformation("Environment Name: {EnvironmentName}", environment.EnvironmentName);
logger.LogInformation("Content Root Path: {ContentRootPath}", environment.ContentRootPath);
logger.LogInformation("Web Root Path: {WebRootPath}", environment.WebRootPath);
// Environment Variables
logger.LogInformation("-------------- Environment Variables --------------");
var envVars = Environment.GetEnvironmentVariables();
var sortedEnvVars = new SortedDictionary<string, string?>();
foreach (System.Collections.DictionaryEntry entry in envVars)
{
var key = entry.Key?.ToString() ?? string.Empty;
var value = entry.Value?.ToString() ?? string.Empty;
// Mask sensitive values (passwords, secrets, tokens, keys) but show last 4 characters
if (IsSensitiveKey(key))
{
value = MaskValueWithLastChars(value);
}
sortedEnvVars[key] = value;
}
foreach (var kvp in sortedEnvVars)
{
logger.LogInformation(" {Key} = {Value}", kvp.Key, kvp.Value);
}
// Configuration Settings
logger.LogInformation("-------------- Configuration Settings --------------");
LogConfigurationRecursive(logger, configuration.GetChildren(), "");
logger.LogInformation("===========================================================");
}
static void LogConfigurationRecursive(Microsoft.Extensions.Logging.ILogger logger, IEnumerable<IConfigurationSection> sections, string prefix)
{
foreach (var section in sections)
{
var key = string.IsNullOrEmpty(prefix) ? section.Key : $"{prefix}:{section.Key}";
if (section.Value != null)
{
var value = section.Value;
// Mask sensitive configuration values but show last 4 characters
if (IsSensitiveKey(key))
{
value = MaskValueWithLastChars(value);
}
logger.LogInformation(" {Key} = {Value}", key, value);
}
// Recurse into child sections
if (section.GetChildren().Any())
{
LogConfigurationRecursive(logger, section.GetChildren(), key);
}
}
}
static bool IsSensitiveKey(string key)
{
return key.Contains("Password", StringComparison.OrdinalIgnoreCase) ||
key.Contains("Secret", StringComparison.OrdinalIgnoreCase) ||
key.Contains("Token", StringComparison.OrdinalIgnoreCase) ||
key.Contains("Key", StringComparison.OrdinalIgnoreCase) ||
key.Contains("ConnectionString", StringComparison.OrdinalIgnoreCase);
}
static string MaskValueWithLastChars(string value)
{
if (string.IsNullOrEmpty(value))
{
return "***NOT SET***";
}
// If value is too short, just mask it completely
if (value.Length <= 4)
{
return "***MASKED***";
}
// Show last 4 characters
var lastChars = value.Substring(value.Length - 4);
return $"***MASKED***...{lastChars}";
}
rag-api/rag-api.csproj
+3 -2
View File
@@ -1,4 +1,4 @@
<Project Sdk="Microsoft.NET.Sdk.Web"> <Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup> <PropertyGroup>
<TargetFramework>net10.0</TargetFramework> <TargetFramework>net10.0</TargetFramework>
<Nullable>enable</Nullable> <Nullable>enable</Nullable>
@@ -79,5 +79,6 @@
<ItemGroup> <ItemGroup>
<ProjectReference Include="..\rag-api-models\rag-api-models.csproj" /> <ProjectReference Include="..\rag-api-models\rag-api-models.csproj" />
<ProjectReference Include="..\shared-models\shared-models.csproj" /> <ProjectReference Include="..\shared-models\shared-models.csproj" />
</ItemGroup> <ProjectReference Include="..\startup-helpers\startup-helpers.csproj" />
</ItemGroup>
</Project> </Project>
startup-helpers/EnvironmentDiagnostics.cs
+92
View File
@@ -0,0 +1,92 @@
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;
namespace StartupHelpers;
public static class EnvironmentDiagnostics
{
public static void LogEnvironmentSettings(ILogger logger, IConfiguration configuration, IWebHostEnvironment environment)
{
logger.LogInformation("==================== ENVIRONMENT SETTINGS ====================");
logger.LogInformation("Application Name: {ApplicationName}", environment.ApplicationName);
logger.LogInformation("Environment Name: {EnvironmentName}", environment.EnvironmentName);
logger.LogInformation("Content Root Path: {ContentRootPath}", environment.ContentRootPath);
logger.LogInformation("Web Root Path: {WebRootPath}", environment.WebRootPath);
logger.LogInformation("-------------- Environment Variables --------------");
var envVars = Environment.GetEnvironmentVariables();
var sortedEnvVars = new SortedDictionary<string, string?>();
foreach (System.Collections.DictionaryEntry entry in envVars)
{
var key = entry.Key?.ToString() ?? string.Empty;
var value = entry.Value?.ToString() ?? string.Empty;
if (IsSensitiveKey(key))
{
value = MaskValueWithLastChars(value);
}
sortedEnvVars[key] = value;
}
foreach (var kvp in sortedEnvVars)
{
logger.LogInformation(" {Key} = {Value}", kvp.Key, kvp.Value);
}
logger.LogInformation("-------------- Configuration Settings --------------");
LogConfigurationRecursive(logger, configuration.GetChildren(), string.Empty);
logger.LogInformation("===========================================================");
}
private static void LogConfigurationRecursive(ILogger logger, IEnumerable<IConfigurationSection> sections, string prefix)
{
foreach (var section in sections)
{
var key = string.IsNullOrEmpty(prefix) ? section.Key : $"{prefix}:{section.Key}";
if (section.Value != null)
{
var value = section.Value;
if (IsSensitiveKey(key))
{
value = MaskValueWithLastChars(value);
}
logger.LogInformation(" {Key} = {Value}", key, value);
}
if (section.GetChildren().Any())
{
LogConfigurationRecursive(logger, section.GetChildren(), key);
}
}
}
private static bool IsSensitiveKey(string key)
{
return key.Contains("Password", StringComparison.OrdinalIgnoreCase)
|| key.Contains("Secret", StringComparison.OrdinalIgnoreCase)
|| key.Contains("Token", StringComparison.OrdinalIgnoreCase)
|| key.Contains("Key", StringComparison.OrdinalIgnoreCase)
|| key.Contains("ConnectionString", StringComparison.OrdinalIgnoreCase);
}
private static string MaskValueWithLastChars(string value)
{
if (string.IsNullOrEmpty(value))
{
return "***NOT SET***";
}
if (value.Length <= 4)
{
return "***MASKED***";
}
var lastChars = value[^4..];
return $"***MASKED***...{lastChars}";
}
}
startup-helpers/RateLimitingExtensions.cs
+74
View File
@@ -0,0 +1,74 @@
using System.Threading.RateLimiting;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
namespace StartupHelpers;
public static class RateLimitingExtensions
{
public static void AddPublicApiRateLimiting(this IServiceCollection services)
{
services.AddRateLimiter(options =>
{
options.GlobalLimiter = PartitionedRateLimiter.Create<HttpContext, string>(httpContext =>
{
var ip = httpContext.Connection.RemoteIpAddress?.ToString() ?? "unknown";
return RateLimitPartition.GetFixedWindowLimiter(
partitionKey: ip,
factory: _ => new FixedWindowRateLimiterOptions
{
PermitLimit = 120,
Window = TimeSpan.FromMinutes(1),
QueueLimit = 0,
AutoReplenishment = true
});
});
options.AddPolicy("contact", httpContext =>
{
var ip = httpContext.Connection.RemoteIpAddress?.ToString() ?? "unknown";
return RateLimitPartition.GetFixedWindowLimiter(
partitionKey: ip,
factory: _ => new FixedWindowRateLimiterOptions
{
PermitLimit = 5,
Window = TimeSpan.FromMinutes(1),
QueueLimit = 0,
AutoReplenishment = true
});
});
options.AddPolicy("cv-matcher", httpContext =>
{
var ip = httpContext.Connection.RemoteIpAddress?.ToString() ?? "unknown";
return RateLimitPartition.GetFixedWindowLimiter(
partitionKey: ip,
factory: _ => new FixedWindowRateLimiterOptions
{
PermitLimit = 10,
Window = TimeSpan.FromMinutes(10),
QueueLimit = 0,
AutoReplenishment = true
});
});
options.RejectionStatusCode = StatusCodes.Status429TooManyRequests;
options.OnRejected = async (context, ct) =>
{
var logger = context.HttpContext.RequestServices
.GetRequiredService<ILoggerFactory>()
.CreateLogger("RateLimiting");
var ip = context.HttpContext.Connection.RemoteIpAddress?.ToString() ?? "unknown";
var endpoint = context.HttpContext.Request.Path;
logger.LogWarning("Rate limit exceeded for {Endpoint} from IP {IP}", endpoint, ip);
context.HttpContext.Response.ContentType = "application/json";
await context.HttpContext.Response.WriteAsync("""{"error":"Too many requests. Try again later."}""", ct);
};
});
}
}
startup-helpers/StartupExtensions.cs
+229
View File
@@ -0,0 +1,229 @@
using System.Reflection;
using Azure.Identity;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Diagnostics;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Serilog;
using Swashbuckle.AspNetCore.SwaggerGen;
using Swashbuckle.AspNetCore.Annotations;
namespace StartupHelpers;
public static class StartupExtensions
{
public static void LoadDotEnvFile()
{
DotNetEnv.Env.Load();
}
public static string GetApplicationVersion(Assembly assembly)
{
return assembly.GetCustomAttribute<AssemblyInformationalVersionAttribute>()?.InformationalVersion
?? assembly.GetName().Version?.ToString()
?? "unknown";
}
public static void ConfigureJsonSerilog(this WebApplicationBuilder builder, string serviceName, string appVersion)
{
builder.Host.UseSerilog((context, services, configuration) =>
{
configuration
.ReadFrom.Configuration(context.Configuration)
.ReadFrom.Services(services)
.Enrich.FromLogContext()
.Enrich.WithMachineName()
.Enrich.WithEnvironmentName()
.Enrich.WithProperty("Service", serviceName)
.Enrich.WithProperty("AppVersion", appVersion)
.WriteTo.Console(new Serilog.Formatting.Json.JsonFormatter());
});
}
public static void AddAzureKeyVaultIfConfigured(this WebApplicationBuilder builder)
{
var keyVaultUri = builder.Configuration["KeyVault:VaultUri"];
var keyVaultEnabled = builder.Configuration.GetValue<bool>("KeyVault:Enabled");
if (!keyVaultEnabled || string.IsNullOrWhiteSpace(keyVaultUri))
{
Log.Information("Azure Key Vault is disabled or not configured");
return;
}
Log.Information("Loading configuration from Azure Key Vault: {VaultUri}", keyVaultUri);
try
{
builder.Configuration.AddAzureKeyVault(new Uri(keyVaultUri), new DefaultAzureCredential());
Log.Information("Azure Key Vault configuration loaded successfully");
}
catch (Exception ex)
{
Log.Warning(ex, "Failed to load Azure Key Vault configuration. Continuing with other configuration sources.");
}
}
public static void AddSwaggerWithXmlComments(this IServiceCollection services, Assembly assembly, string fallbackName, bool enableAnnotations = true)
{
services.AddEndpointsApiExplorer();
services.AddSwaggerGen(options =>
{
var xmlFile = (assembly.GetName().Name ?? fallbackName) + ".xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
if (File.Exists(xmlPath))
{
options.IncludeXmlComments(xmlPath);
}
if (enableAnnotations)
{
options.EnableAnnotations();
}
});
}
public static void ConfigureCaddyForwardedHeaders(this IServiceCollection services)
{
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
options.ForwardedForHeaderName = "X-Real-IP";
options.KnownIPNetworks.Clear();
options.KnownProxies.Clear();
options.ForwardLimit = 1;
});
}
public static void AddFrontendCorsFromConfiguration(this IServiceCollection services, IConfiguration configuration, string policyName = "FrontendOnly")
{
var allowedOrigins = configuration.GetSection("Cors:AllowedOrigins").Get<string[]>() ?? Array.Empty<string>();
services.AddCors(options =>
{
options.AddPolicy(policyName, policy =>
{
if (allowedOrigins.Length > 0)
{
policy.WithOrigins(allowedOrigins)
.WithMethods("POST", "OPTIONS")
.WithHeaders("Content-Type")
.SetPreflightMaxAge(TimeSpan.FromHours(1));
}
});
});
}
public static void LogStartupDiagnostics(this WebApplication app, string serviceName)
{
var logger = app.Services.GetRequiredService<ILoggerFactory>().CreateLogger(serviceName);
logger.LogInformation("{Service} starting up...", serviceName);
logger.LogInformation("Environment: {Environment}", app.Environment.EnvironmentName);
var logEnvironmentOnStartup = app.Configuration.GetValue("LogEnvironmentOnStartup", defaultValue: true);
if (logEnvironmentOnStartup)
{
EnvironmentDiagnostics.LogEnvironmentSettings(logger, app.Configuration, app.Environment);
}
}
public static void UseDefaultSerilogRequestLogging(this WebApplication app, bool includeProxyHeaders = false)
{
app.UseSerilogRequestLogging(options =>
{
options.MessageTemplate = "HTTP {RequestMethod} {RequestPath} responded {StatusCode} in {Elapsed:0.0000} ms";
options.EnrichDiagnosticContext = (diagnosticContext, httpContext) =>
{
diagnosticContext.Set("RequestHost", httpContext.Request.Host.Value);
diagnosticContext.Set("RequestScheme", httpContext.Request.Scheme);
diagnosticContext.Set("RemoteIP", httpContext.Connection.RemoteIpAddress?.ToString());
diagnosticContext.Set("UserAgent", httpContext.Request.Headers.UserAgent.ToString());
if (includeProxyHeaders)
{
diagnosticContext.Set("XRealIP", httpContext.Request.Headers["X-Real-IP"].ToString());
diagnosticContext.Set("XForwardedFor", httpContext.Request.Headers["X-Forwarded-For"].ToString());
}
};
});
}
public static void UseJsonExceptionHandler(this WebApplication app, string serviceName)
{
app.UseExceptionHandler(errorApp =>
{
errorApp.Run(async context =>
{
var feature = context.Features.Get<IExceptionHandlerFeature>();
var logger = context.RequestServices.GetRequiredService<ILoggerFactory>().CreateLogger(serviceName);
if (feature?.Error is not null)
{
logger.LogError(feature.Error, "Unhandled exception in {Service}", serviceName);
}
context.Response.StatusCode = StatusCodes.Status500InternalServerError;
context.Response.ContentType = "application/json";
await context.Response.WriteAsJsonAsync(new { error = "Unexpected server error." });
});
});
}
public static void UseInternalApiKeyProtection(this WebApplication app, string sectionName = "InternalApi")
{
app.Use(async (context, next) =>
{
var requireApiKey = context.RequestServices.GetRequiredService<IConfiguration>().GetValue<bool>($"{sectionName}:RequireApiKey");
if (requireApiKey)
{
var configuredApiKey = context.RequestServices.GetRequiredService<IConfiguration>()[$"{sectionName}:ApiKey"];
var headerApiKey = context.Request.Headers["X-Internal-Api-Key"].ToString();
if (string.IsNullOrWhiteSpace(configuredApiKey) || headerApiKey != configuredApiKey)
{
var logger = context.RequestServices.GetRequiredService<ILoggerFactory>().CreateLogger("InternalApiKey");
logger.LogWarning(
"Rejected unauthorized internal API call. Path={Path}, RemoteIP={RemoteIP}",
context.Request.Path,
context.Connection.RemoteIpAddress?.ToString());
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
await context.Response.WriteAsJsonAsync(new { error = "Unauthorized internal API call." });
return;
}
}
await next();
});
}
public static void UseSwaggerInDevelopment(this WebApplication app, string documentTitle, string endpointName)
{
if (!app.Environment.IsDevelopment())
{
return;
}
app.UseSwagger();
app.UseSwaggerUI(options =>
{
options.DocumentTitle = documentTitle;
options.SwaggerEndpoint("/swagger/v1/swagger.json", $"{endpointName} v1");
options.RoutePrefix = "swagger";
});
}
public static void MapHealthEndpoint(this WebApplication app, string serviceName, string appVersion)
{
app.MapGet("/health", () => Results.Ok(new
{
status = "ok",
service = serviceName,
version = appVersion,
timeUtc = DateTimeOffset.UtcNow
}));
}
}
startup-helpers/startup-helpers.csproj
+16 -2
View File
@@ -1,10 +1,24 @@
<Project Sdk="Microsoft.NET.Sdk"> <Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup> <PropertyGroup>
<TargetFramework>net10.0</TargetFramework> <TargetFramework>net10.0</TargetFramework>
<RootNamespace>startup_helpers</RootNamespace> <RootNamespace>StartupHelpers</RootNamespace>
<ImplicitUsings>enable</ImplicitUsings> <ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable> <Nullable>enable</Nullable>
</PropertyGroup> </PropertyGroup>
<ItemGroup>
<FrameworkReference Include="Microsoft.AspNetCore.App" />
</ItemGroup>
<ItemGroup>
<PackageReference Include="Azure.Extensions.AspNetCore.Configuration.Secrets" Version="1.5.1" />
<PackageReference Include="Azure.Identity" Version="1.21.0" />
<PackageReference Include="DotNetEnv" Version="3.2.0" />
<PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
<PackageReference Include="Serilog.Enrichers.Environment" Version="3.0.1" />
<PackageReference Include="Swashbuckle.AspNetCore" Version="10.1.7" />
<PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="10.1.7" />
</ItemGroup>
</Project> </Project>