-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.json
More file actions
96 lines (86 loc) · 3.84 KB
/
Copy pathconfig.json
File metadata and controls
96 lines (86 loc) · 3.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
{
// see https://npgsqlrest.github.io/config/top-level.html#application-settings
"ApplicationName": "5_csv_basic_auth",
"StartupMessage": "NpgsqlRest Example 5: CSV Export with Basic Authentication over HTTPS, listening on https://127.0.0.1:8080/",
// ============================================================================
// SSL/HTTPS Configuration
// ============================================================================
// Basic Auth transmits credentials in base64 encoding (NOT encrypted).
// SSL/TLS is REQUIRED to protect credentials from being intercepted.
//
// Setup steps:
// 1. Generate development certificate:
// dotnet dev-certs https --export-path ./5_csv_basic_auth/localhost.pfx --password dev123
// 2. Trust the certificate (optional, avoids browser warnings):
// dotnet dev-certs https --trust
// 3. Start the application - it will listen on https://localhost:8080
// 4. Access: https://localhost:8080
// ============================================================================
// Listen on HTTPS (port 8080) and HTTP (port 8081)
// HTTP on 8081 is for Excel Power Query testing only - Excel doesn't support self-signed certs
// WARNING: Never expose HTTP Basic Auth endpoint publicly - credentials are NOT encrypted!
"Urls": "https://localhost:8080;http://localhost:8081",
"Ssl": {
// Enable Kestrel HTTPS configuration
"Enabled": true,
// No HTTP redirect needed since we only have HTTPS
"UseHttpsRedirection": false,
// HSTS adds Strict-Transport-Security header - disable for development
"UseHsts": false
},
"Kestrel": {
"Endpoints": {
"Https": {
"Url": "https://localhost:8080",
"Certificate": {
// Development certificate exported from dotnet dev-certs
// Generate with: dotnet dev-certs https --export-path ./5_csv_basic_auth/localhost.pfx --password dev123
"Path": "./5_csv_basic_auth/localhost.pfx",
"Password": "dev123"
},
// Use HTTP/1.1 only to avoid HTTP/2 connection cleanup errors on macOS
// The error "The encryption operation failed, Bad address" is a known
// race condition in Kestrel's HTTP/2 SSL stream cleanup - harmless but noisy
"Protocols": "Http1"
},
// HTTP endpoint for Excel Power Query testing (localhost only!)
// Excel doesn't trust self-signed certificates
"Http": {
"Url": "http://localhost:8081"
}
}
},
"ConnectionStrings": {
// Override the default connection to use the restricted application role (PoLP)
// The app_user role can ONLY access example_5_public schema
"Default": "Host={PGHOST};Port={PGPORT};Database={PGDATABASE};Username={APP_USER2};Password={APP_PASSWORD2}"
},
"StaticFiles": {
// Root path to the static files for this example
"RootPath": "./5_csv_basic_auth/public"
},
"NpgsqlRest": {
// Include ONLY the public schema in the generated endpoints
// The private example_5 schema (with sales table) is never exposed
"IncludeSchemas": [ "example_5_public" ],
// Disable global authorization - we use basic_auth annotation per endpoint
"RequiresAuthorization": false,
"HttpFileOptions": {
// Pattern output the generated HTTP files {1} placeholder is schema name
"NamePattern": "./5_csv_basic_auth/http/{1}"
},
"ClientCodeGen": {
"Enabled": false
},
"AuthenticationOptions": {
// Required for user_params to work with basic_auth
// Sets Identity.IsAuthenticated = true after successful authentication
"DefaultAuthenticationType": "example_5",
"BasicAuth": {
// Warning: allows HTTP but logs a warning. Use "Required" in production.
// Set to "Warning" for local Excel testing (Excel doesn't trust self-signed certs)
"SslRequirement": "Warning"
}
}
}
}