mirror of
https://github.com/azaion/missions.git
synced 2026-06-21 08:01:07 +00:00
Oleksandr Bezdieniezhnykh
7025f4d075
Updated JWT authentication to use configuration values instead of hardcoded secrets, improving security and flexibility. Enhanced CORS policy to conditionally allow origins based on configuration settings, with logging for permissive defaults. Updated README to reflect project renaming and clarify service context.
28 lines
993 B
C#
28 lines
993 B
C#
namespace Azaion.Flights.Infrastructure;
|
|
|
|
public static class ConfigurationResolver
|
|
{
|
|
// Fail-fast contract: missing or whitespace-only values throw at startup so a
|
|
// production deploy without the operator-confirmed values cannot silently
|
|
// accept an insecure default (e.g. a development JWT secret, a localhost DB).
|
|
public static string ResolveRequiredOrThrow(
|
|
IConfiguration configuration,
|
|
string envVar,
|
|
string configKey,
|
|
string humanLabel)
|
|
{
|
|
ArgumentNullException.ThrowIfNull(configuration);
|
|
|
|
var value = Environment.GetEnvironmentVariable(envVar);
|
|
if (string.IsNullOrWhiteSpace(value))
|
|
value = configuration[configKey];
|
|
|
|
if (string.IsNullOrWhiteSpace(value))
|
|
throw new InvalidOperationException(
|
|
$"{humanLabel} is not configured. Set the {envVar} environment variable " +
|
|
$"or the {configKey} configuration key.");
|
|
|
|
return value;
|
|
}
|
|
}
|