Harden admin telemetry and deployment safeguards
TaxBaik CI/CD / build-and-deploy (push) Successful in 4m30s
TaxBaik CI/CD / build-and-deploy (push) Successful in 4m30s
This commit is contained in:
+24
-2
@@ -7,10 +7,12 @@ using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Authentication.OAuth;
|
||||
using Microsoft.AspNetCore.Components.Authorization;
|
||||
using Microsoft.AspNetCore.HttpOverrides;
|
||||
using Microsoft.AspNetCore.RateLimiting;
|
||||
using Microsoft.AspNetCore.ResponseCompression;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using MudBlazor.Services;
|
||||
using Serilog;
|
||||
using System.Threading.RateLimiting;
|
||||
using TaxBaik.Application;
|
||||
using TaxBaik.Application.Services;
|
||||
using TaxBaik.Infrastructure;
|
||||
@@ -51,6 +53,23 @@ builder.Host.UseSerilog((context, config) =>
|
||||
builder.Services.AddControllers();
|
||||
builder.Services.AddProblemDetails();
|
||||
builder.Services.AddHealthChecks();
|
||||
builder.Services.AddRateLimiter(options =>
|
||||
{
|
||||
options.RejectionStatusCode = StatusCodes.Status429TooManyRequests;
|
||||
options.AddPolicy("client-logs", httpContext =>
|
||||
{
|
||||
var ip = httpContext.Connection.RemoteIpAddress?.ToString() ?? "unknown";
|
||||
return RateLimitPartition.GetFixedWindowLimiter(
|
||||
partitionKey: $"client-logs:{ip}",
|
||||
factory: _ => new FixedWindowRateLimiterOptions
|
||||
{
|
||||
PermitLimit = 10,
|
||||
Window = TimeSpan.FromMinutes(1),
|
||||
QueueLimit = 0,
|
||||
AutoReplenishment = true
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
// Razor Pages + Blazor Server 통합
|
||||
builder.Services.AddRazorPages();
|
||||
@@ -351,6 +370,7 @@ app.UsePathBase("/taxbaik");
|
||||
app.UseResponseCompression();
|
||||
app.UseStaticFiles();
|
||||
app.UseRouting();
|
||||
app.UseRateLimiter();
|
||||
app.UseAuthentication();
|
||||
app.UseAuthorization();
|
||||
app.UseAntiforgery();
|
||||
@@ -387,12 +407,14 @@ catch (Exception ex)
|
||||
{
|
||||
try
|
||||
{
|
||||
using (var scope = app.Services.CreateScope())
|
||||
var fatalMessage = $"환경: {app.Environment.EnvironmentName}\n오류: {ex.Message}";
|
||||
if (TaxBaik.Web.Services.TelegramAlertGate.ShouldSend("telegram:fatal", fatalMessage, TimeSpan.FromMinutes(30)))
|
||||
{
|
||||
using var scope = app.Services.CreateScope();
|
||||
var telegramService = scope.ServiceProvider.GetRequiredService<ITelegramNotificationService>();
|
||||
await telegramService.SendErrorAsync(
|
||||
"❌ 서버 오류",
|
||||
$"환경: {app.Environment.EnvironmentName}\n오류: {ex.Message}");
|
||||
fatalMessage);
|
||||
}
|
||||
}
|
||||
catch (Exception telegramEx)
|
||||
|
||||
Reference in New Issue
Block a user