Vuelta a Key en Secret.
All checks were successful
Build and Deploy / remote-build-and-deploy (push) Successful in 15m54s
All checks were successful
Build and Deploy / remote-build-and-deploy (push) Successful in 15m54s
This commit is contained in:
@@ -65,8 +65,6 @@ jobs:
|
||||
# Gitea reemplaza los secretos aquí. Es seguro.
|
||||
export DB_SA_PASSWORD='${{ secrets.DB_SA_PASSWORD_SECRET }}'
|
||||
export JWTSETTINGS__KEY_SECRET= ${{ secrets.JWTSETTINGS__KEY }}
|
||||
export JWTSETTINGS__ISSUER_SECRET= ${{ secrets.JWTSETTINGS__ISSUER }}
|
||||
export JWTSETTINGS__AUDIENCE_SECRET= ${{ secrets.JWTSETTINGS__AUDIENCE }}
|
||||
docker compose up -d
|
||||
|
||||
# --- PARTE 4: LIMPIEZA (EN EL HOST) ---
|
||||
|
||||
@@ -93,62 +93,16 @@ builder.Services.AddScoped<IReportesRepository, ReportesRepository>();
|
||||
// Servicios de Reportes
|
||||
builder.Services.AddScoped<IReportesService, ReportesService>();
|
||||
|
||||
|
||||
// --- INICIO DE CAMBIOS: Configuración de Autenticación JWT ---
|
||||
|
||||
// 1. Obtener la sección de configuración de JWT.
|
||||
// Esto leerá desde appsettings.json y SOBRESCRIBIRÁ con variables de entorno si existen.
|
||||
var jwtSection = builder.Configuration.GetSection("JwtSettings");
|
||||
var jwtKey = jwtSection["Key"];
|
||||
var jwtIssuer = jwtSection["Issuer"];
|
||||
var jwtAudience = jwtSection["Audience"];
|
||||
|
||||
// 2. Validar que todas las configuraciones necesarias existan.
|
||||
if (string.IsNullOrEmpty(jwtKey) || string.IsNullOrEmpty(jwtIssuer) || string.IsNullOrEmpty(jwtAudience))
|
||||
{
|
||||
throw new InvalidOperationException("La configuración de JWT (Key, Issuer, Audience) no está completa. Verifique appsettings.json o las variables de entorno.");
|
||||
}
|
||||
|
||||
var keyBytes = Encoding.ASCII.GetBytes(jwtKey);
|
||||
|
||||
builder.Services.AddAuthentication(options =>
|
||||
{
|
||||
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
})
|
||||
.AddJwtBearer(options =>
|
||||
{
|
||||
// Es buena práctica usar HTTPS en producción. Si tu proxy inverso maneja SSL, esto puede ser false.
|
||||
options.RequireHttpsMetadata = builder.Environment.IsProduction();
|
||||
options.SaveToken = true;
|
||||
options.TokenValidationParameters = new TokenValidationParameters
|
||||
{
|
||||
ValidateIssuerSigningKey = true,
|
||||
IssuerSigningKey = new SymmetricSecurityKey(keyBytes),
|
||||
|
||||
ValidateIssuer = true,
|
||||
ValidIssuer = jwtIssuer, // Usar la variable leída de la configuración
|
||||
|
||||
ValidateAudience = true,
|
||||
ValidAudience = jwtAudience, // Usar la variable leída de la configuración
|
||||
|
||||
ValidateLifetime = true,
|
||||
ClockSkew = TimeSpan.Zero
|
||||
};
|
||||
});
|
||||
|
||||
|
||||
// --- Configuración de Autenticación JWT ---
|
||||
|
||||
/*var jwtSettings = builder.Configuration.GetSection("Jwt");
|
||||
var jwtSettings = builder.Configuration.GetSection("Jwt");
|
||||
|
||||
// Le decimos que busque la clave JWT en la raíz de la configuración (donde están las variables de entorno).
|
||||
// Si no la encuentra, como respaldo, busca en la sección "Jwt" del appsettings.
|
||||
//var jwtKey = builder.Configuration["JWT_KEY"] ?? jwtSettings["Key"] ?? throw new ArgumentNullException("JWT_KEY or Jwt:Key not configured");
|
||||
//var jwtKey = jwtSettings["Key"] ?? throw new ArgumentNullException("Jwt:Key", "JWT Key not configured in appsettings.json");
|
||||
var jwtKey = Environment.GetEnvironmentVariable("JWTSETTINGS__KEY") ?? throw new ArgumentNullException("Jwt:Key", "JWT Key not configured in appsettings.json");
|
||||
//Environment.GetEnvironmentVariable("JWT_KEY");
|
||||
|
||||
//var keyBytes = Encoding.ASCII.GetBytes(jwtKey);
|
||||
var keyBytes = Encoding.ASCII.GetBytes(jwtKey);
|
||||
|
||||
builder.Services.AddAuthentication(options =>
|
||||
{
|
||||
@@ -171,7 +125,7 @@ builder.Services.AddAuthentication(options =>
|
||||
ValidateLifetime = true,
|
||||
ClockSkew = TimeSpan.Zero
|
||||
};
|
||||
});*/
|
||||
});
|
||||
|
||||
// --- Configuración de Autorización ---
|
||||
builder.Services.AddAuthorization();
|
||||
@@ -268,7 +222,7 @@ if (app.Environment.IsDevelopment())
|
||||
|
||||
app.UseCors(MyAllowSpecificOrigins);
|
||||
|
||||
app.UseAuthentication(); // SIEMPRE ANTES de UseAuthorization
|
||||
app.UseAuthentication(); // Debe ir ANTES de UseAuthorization
|
||||
app.UseAuthorization();
|
||||
|
||||
app.MapControllers();
|
||||
|
||||
@@ -5,10 +5,9 @@
|
||||
"Microsoft.AspNetCore": "Warning"
|
||||
}
|
||||
},
|
||||
"JwtSettings": {
|
||||
"Key": "",
|
||||
"Issuer": "",
|
||||
"Audience": "",
|
||||
"Jwt": {
|
||||
"Issuer": "GestionIntegralApi",
|
||||
"Audience": "GestionIntegralClient",
|
||||
"DurationInHours": 8
|
||||
},
|
||||
"AllowedHosts": "*"
|
||||
|
||||
Reference in New Issue
Block a user