fix(auth): add auth middlewares only once, use fallbackPolicy instead…

… of custom middleware

src/Sitko.Core.App.Web/IWebApplicationModule.cs

@@ -24,11 +24,6 @@ void ConfigureAfterUseRouting(IApplicationContext applicationContext,
         IApplicationBuilder appBuilder)
     {
     }
-
-    void ConfigureAuthMiddleware(IApplicationContext applicationContext,
-        IApplicationBuilder appBuilder)
-    {
-    }
 }
 
 public interface IWebApplicationModule<TModuleOptions> : IWebApplicationModule, IApplicationModule<TModuleOptions>
@@ -39,3 +34,5 @@ void ConfigureWebHost(IApplicationContext applicationContext, ConfigureWebHostBu
     {
     }
 }
+
+public interface IAuthApplicationModule : IWebApplicationModule;

src/Sitko.Core.App.Web/WebApplicationBuilderExtensions.cs

@@ -66,24 +66,31 @@ public static WebApplication MapSitkoCore(this WebApplication webApplication)
             }
         }
 
-        if (webOptions.EnableMvc)
-        {
-            webApplication.MapControllers();
-        }
-
         var webModules =
             ModulesHelper.GetEnabledModuleRegistrations(applicationContext, applicationModuleRegistrations)
                 .Select(r => r.GetInstance())
                 .OfType<IWebApplicationModule>()
                 .ToList();
+
+        var authModules = webModules.OfType<IAuthApplicationModule>().ToList();
+        if (authModules.Count != 0)
+        {
+            webApplication.UseAuthentication();
+            webApplication.UseAuthorization();
+        }
+
         foreach (var webModule in webModules)
         {
             webModule.ConfigureBeforeUseRouting(applicationContext, webApplication);
             webModule.ConfigureAfterUseRouting(applicationContext, webApplication);
-            webModule.ConfigureAuthMiddleware(applicationContext, webApplication);
             webModule.ConfigureEndpoints(applicationContext, webApplication, webApplication);
         }
 
+        if (webOptions.EnableMvc)
+        {
+            webApplication.MapControllers();
+        }
+
         return webApplication;
     }
 }

src/Sitko.Core.Auth/AuthModule.cs

@@ -12,26 +12,10 @@ namespace Sitko.Core.Auth;
 
 public interface IAuthModule : IApplicationModule;
 
-internal static class AuthMiddlewareState
-{
-    public static bool IsConfigured { get; set; }
-}
-
-public abstract class AuthModule<TAuthOptions> : BaseApplicationModule<TAuthOptions>, IWebApplicationModule,
+public abstract class AuthModule<TAuthOptions> : BaseApplicationModule<TAuthOptions>, IAuthApplicationModule,
     IAuthModule
     where TAuthOptions : AuthOptions, new()
 {
-    public virtual void ConfigureAuthMiddleware(IApplicationContext applicationContext,
-        IApplicationBuilder appBuilder)
-    {
-        if (!AuthMiddlewareState.IsConfigured)
-        {
-            AuthMiddlewareState.IsConfigured = true;
-            appBuilder.UseAuthentication().UseAuthorization();
-            appBuilder.UseMiddleware<AuthorizationMiddleware<TAuthOptions>>();
-        }
-    }
-
     public override void ConfigureServices(IApplicationContext applicationContext, IServiceCollection services,
         TAuthOptions startupOptions)
     {
@@ -65,15 +49,21 @@ public override void ConfigureServices(IApplicationContext applicationContext, I
             {
                 options.AddPolicy(name, policy);
             }
+
+            if (!string.IsNullOrEmpty(startupOptions.ForcePolicy))
+            {
+                options.FallbackPolicy = startupOptions.Policies
+                    .FirstOrDefault(pair => pair.Key == startupOptions.ForcePolicy).Value;
+            }
         });
         if (startupOptions.EnableRedisDataProtection)
         {
             services.AddDataProtection().PersistKeysToStackExchangeRedis(() =>
-                {
-                    var redis = ConnectionMultiplexer
-                        .Connect($"{startupOptions.RedisHost}:{startupOptions.RedisPort}");
-                    return redis.GetDatabase(startupOptions.RedisDb);
-                }, $"{applicationContext.Name}-DP")
+                    {
+                        var redis = ConnectionMultiplexer
+                            .Connect($"{startupOptions.RedisHost}:{startupOptions.RedisPort}");
+                        return redis.GetDatabase(startupOptions.RedisDb);
+                    }, $"{applicationContext.Name}-DP")
                 .SetApplicationName(applicationContext.Name)
                 .SetDefaultKeyLifetime(TimeSpan.FromMinutes(startupOptions.DataProtectionLifeTimeInMinutes));
         }
@@ -86,4 +76,3 @@ protected virtual void ConfigureCookieOptions(CookieAuthenticationOptions option
     protected abstract void ConfigureAuthentication(AuthenticationBuilder authenticationBuilder,
         TAuthOptions startupOptions);
 }
-

src/Sitko.Core.Identity/IdentityModule.cs

@@ -12,7 +12,7 @@
 namespace Sitko.Core.Identity;
 
 public class IdentityModule<TUser, TRole, TPk, TDbContext> : BaseApplicationModule<IdentityModuleOptions>,
-    IWebApplicationModule
+    IAuthApplicationModule
     where TUser : IdentityUser<TPk>
     where TRole : IdentityRole<TPk>
     where TDbContext : IdentityDbContext<TUser, TRole, TPk>
@@ -31,13 +31,6 @@ public void ConfigureEndpoints(IApplicationContext applicationContext,
         }
     }
 
-    public void ConfigureAfterUseRouting(IApplicationContext applicationContext,
-        IApplicationBuilder appBuilder)
-    {
-        appBuilder.UseAuthentication();
-        appBuilder.UseAuthorization();
-    }
-
     public override void ConfigureServices(IApplicationContext applicationContext, IServiceCollection services,
         IdentityModuleOptions startupOptions)
     {
@@ -110,4 +103,3 @@ public class FakeEnv : IWebHostEnvironment
     public string WebRootPath { get; set; } = "";
     public IFileProvider WebRootFileProvider { get; set; } = null!;
 }
-