avrahamcool / aleph1.skeletons Goto Github PK

View Code? Open in Web Editor NEW

4.0 4.0 2.0 4.06 MB

VSIX for Visual Studio 2017. that will add new Project Templates.

Home Page: https://marketplace.visualstudio.com/items?itemName=Aleph1.Aleph1SkeletonsWebAPIPackage

C# 74.91% HTML 2.28% ASP.NET 0.14% TypeScript 13.73% SCSS 0.10% JavaScript 8.64% EJS 0.20%

aleph1.skeletons's People

Contributors

Stargazers

Watchers

Forkers

kkacer lgtm-migrator

aleph1.skeletons's Issues

[WebAPI] change default DAL to localdb

using SqlExpress requires additional installation.

[webapi] create backup on publish

by adding this target to the csproj - we can create a backup of the old project before publishing a new one.

[WebApi] better handle backup

cap the number of backups.

maybe move the backups and logs to a different folder on the machine?

[webapi] wrong CorrelationID when using async/await

activityID is changed when returning from an async operation.
we should use a custom field to maintain a reliable CorrelationID.

in globalASAX
HttpContext.Current.Items["CorrelationID"] = Guid.NewGuid();
---------------
in config
<column name="CorrelationID" layout="${aspnet-item:variable=CorrelationID}" />
---------------
install: NLog.web

[webapi] missing disable CORS for varient configs

    <add xdt:Transform="SetAttributes" xdt:Locator="Match(key)" key="EnableCORS" value="false" />
    <add xdt:Transform="Remove" xdt:Locator="Match(key)" key="Origins" />
    <add xdt:Transform="Remove" xdt:Locator="Match(key)" key="Headers" />
    <add xdt:Transform="Remove" xdt:Locator="Match(key)" key="Methods" />
    <add xdt:Transform="Remove" xdt:Locator="Match(key)" key="ExposedHeaders" />

[webapi] add camelCase contract resolver

JSON outputted by WebAPI should be camelCased to accommodate with javascript standards.
input parameter should allow both camelCase and PascalCase.

[Layer] adding a layer chooses the wrong name when root folder is changed

[webapi] remove statically injected security service

replace it with:

IDependencyScope DI = actionContext.Request.GetDependencyScope();
ISecurity SecurityService = DI.GetService(typeof(ISecurity)) as ISecurity;

[Client] idleTimeout dont work properly when coming back from background

possible solution: check if still active before opening popup

[WebAPI.WebAPI] Disable X-XSS-Protection by default

X-XSS-Protection security header should be set to 0 by default in web.config, see:

[All] dynamicly insert user name as project author

[webapi] remove WebDAV handler to allow put/delete

https://stackoverflow.com/questions/10906411/asp-net-web-api-put-delete-verbs-not-allowed-iis-8

[WebAPI.WebAPI] delete old files before publish

            PublishUrl = new Uri(Path.Combine(Directory.GetCurrentDirectory(), PublishUrl)).LocalPath;
            if (!Directory.Exists(PublishUrl))
            {
                LogMessage = "Directory " + PublishUrl + " not found - Skipping Backup.";
                return true;
            }

            const int MAX_BACKUPS = 3;
            string backupFolder = new Uri(Path.Combine(PublishUrl, "./Backup")).LocalPath;
            string LogsFolder = new Uri(Path.Combine(PublishUrl, "./Logs")).LocalPath;


            string[] pathsToExclude = new[] { backupFolder, LogsFolder };

            IEnumerable<FileInfo> filesToBackup = new DirectoryInfo(PublishUrl)
                .EnumerateFiles("*", SearchOption.AllDirectories)
                .Where(file => pathsToExclude.All(toExclude => !file.FullName.StartsWith(toExclude)));

            DateTime? lastUpdatedFileDate = filesToBackup
                .Select<FileInfo, DateTime?>(file => file.LastWriteTime)
                .DefaultIfEmpty()
                .Max();

            if (!lastUpdatedFileDate.HasValue)
            {
                LogMessage = "Directory " + PublishUrl + " was empty - Skipping Backup.";
                return true;
            }

            Directory.CreateDirectory(backupFolder);

            string backupName = lastUpdatedFileDate.Value.ToString(@"yyyy-MM-dd HH.mm.ss");

            Uri backupZipPathUri = new Uri(Path.Combine(backupFolder, backupName + ".zip"));
            if (File.Exists(backupZipPathUri.LocalPath))
            {
                LogMessage = "Backup " + backupZipPathUri.AbsoluteUri + " already exists - Skipping Backup.";
            }
            else
            {
                string backupPath = Path.Combine(backupFolder, backupName);
                Directory.CreateDirectory(backupPath);
                foreach (FileInfo item in filesToBackup)
                {
                    string newPath = item.FullName.Replace(PublishUrl, backupPath);
                    Directory.CreateDirectory(Directory.GetParent(newPath).FullName);
                    item.CopyTo(item.FullName.Replace(PublishUrl, backupPath));
                }
                ZipFile.CreateFromDirectory(backupPath, backupZipPathUri.LocalPath);
                Directory.Delete(backupPath, true);

                FileInfo[] oldBackups = new DirectoryInfo(backupFolder)
                    .GetFiles("*.zip");

                foreach (FileInfo oldBackup in oldBackups
                        .OrderBy(file => file.CreationTime)
                        .Take(oldBackups.Length - MAX_BACKUPS))
                {
                    oldBackup.Delete();
                }

                LogMessage = "Backup created at " + backupZipPathUri.AbsoluteUri;
            }

            foreach (FileInfo file in filesToBackup)
            {
                file.Delete();
            }

            IEnumerable<DirectoryInfo> directoriesToDelete = new DirectoryInfo(PublishUrl)
                .EnumerateDirectories("*", SearchOption.TopDirectoryOnly)
                .Where(dir => pathsToExclude.All(toExclude => !dir.FullName.StartsWith(toExclude)));

            foreach (DirectoryInfo dir in directoriesToDelete)
            {
                dir.Delete(true);
            }

            return true;

[WebAPI] lock FluentValidation version

as of FluentValidation v9, they no longer support .net Framework

we need to lock the version to the latest. (8.6.2)

[feat] allow different log profile from attribute manged by config

for example:
different targets for some functions?
maybe not needed if we change the attribute to use diferrent logger per class - then it can be done from config without changing anything avrahamcool/Aleph1#5

different log level? [trace, warn etc'..?] what for?

[WebAPI.WebAPI] problem with X-FORWARDED-FOR parsing

we look for X-FORWARD-FOR header instead of X-FORWARDED-FOR

[webapi] extra folders in skeleton

the skeleton packs extra directories that should be removed before publishing.
bin
obj
logs

lookout for more..

[WebAPI] fix CSP

add :blob where we have :data

[WebAPI] integrated security true => sspi

[webapi] remove about data in prod profile

[WebApi] add .tfignore and .gitignore

to ease the process of uploading the project to source control.

[webapi] publish should backup everything except logs

[Webapi] restrict access to Logs and backup

<system.webServer>
    <modules>
      <remove name="WebDAVModule" />
    </modules>
    <handlers>
      <remove name="WebDAV" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="OPTIONSVerbHandler" />
      <remove name="TRACEVerbHandler" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
    <httpProtocol>
      <customHeaders>
        <clear />
      </customHeaders>
    </httpProtocol>
    <security>
      <requestFiltering>
        <hiddenSegments>
          <add segment="Logs"/>
          <add segment="Backup"/>
          <add segment="Documentation"/>
        </hiddenSegments>
      </requestFiltering>
    </security>
  </system.webServer>

[webapi] should add 100continue to template?

 <system.net>
    <settings>
      <servicePointManager expect100Continue="false" />
    </settings>
  </system.net>

[Skeleton] lock Microsoft.VisualStudio.SDK.Analyzers version to the latest that support vs 2017

the versions above 16.7.9 compile with warnings because we also target vs2017.
vs2017 is crucial at this point.

[layer] guess the right location for a new layer

when creating a new layer, it should be added to the selected folder.

[webapi] block TS execution in webapi project

TS will be handled by client stack.

[Client] IdleTimeOut causes input of type number to behave

IdleTimeOut package adds a default "mousewheel" event to the window.
this is somehow interfering with input of type number. (scrolling on a number type causes the numbers to change.)

can be fix by patching the library.
need more investigation.

[webapi] should enable CORS by default?

CORS from config?

[webapi] remove user related csproj and move configs to csproj

make sure application loads with correct defaults.

https
deafult project (stored in sln?)
correct start page?

backup location? (relative to publish location / absolute)
log location (relative to publish location / absolute)
number of log files archive

[WebAPI.WebAPI] Fix Content Security Policy header

Content Security Policy header should contain the following values:

default-src 'none';
base-uri 'none';
object-src 'none';
frame-ancestors 'none';
connect-src 'self' https://www.google.com;
script-src 'self' 'strict-dynamic' 'sha256-CHANGE_THIS' https://www.google.com https://www.gstatic.com;
style-src 'self' https://www.gstatic.com 'unsafe-inline';
frame-src 'self' https://www.google.com;
img-src 'self' data: blob: https://www.gstatic.com;
font-src 'self' data: blob: https://fonts.gstatic.com;
worker-src 'self' https://www.google.com https://www.gstatic.com;
child-src 'self' https://www.google.com https://www.gstatic.com;
media-src 'self';
form-action 'self';
require-trusted-types-for 'script'

Google reCAPTCHA URLs are included and will work by default.

Also, please note that in order to @import fonts from Google Fonts, you should add https://fonts.googleapis.com to style-src.

References: