wip

Femto.Api/Program.cs

@@ -1,8 +1,14 @@
 using System.Text.Json;
 using System.Text.Json.Serialization;
+using Femto.Api;
+using Femto.Api.Auth;
+using Femto.Common;
 using Femto.Modules.Auth.Application;
 using Femto.Modules.Blog.Application;
 using Femto.Modules.Media.Application;
+using Microsoft.AspNetCore.Authentication;
+
+const string CorsPolicyName = "DefaultCorsPolicy";
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -20,15 +26,18 @@ builder.Services.InitializeBlogModule(connectionString);
 builder.Services.InitializeMediaModule(connectionString, blobStorageRoot);
 builder.Services.InitializeAuthenticationModule(connectionString);
 
+builder.Services.AddScoped<CurrentUserContext, CurrentUserContext>();
+builder.Services.AddScoped<ICurrentUserContext>(s => s.GetRequiredService<CurrentUserContext>());
+
 builder.Services.AddControllers();
 
 builder.Services.AddCors(options =>
 {
     options.AddPolicy(
-        "DefaultCorsPolicy",
+        CorsPolicyName,
         b =>
         {
-            b.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin();
+            b.AllowAnyHeader().AllowAnyMethod().WithOrigins("http://localhost:5173");
         }
     );
 });
@@ -44,9 +53,18 @@ builder
         options.JsonSerializerOptions.NumberHandling = JsonNumberHandling.AllowReadingFromString;
     });
 
+builder
+    .Services.AddAuthentication("SessionAuth")
+    .AddScheme<AuthenticationSchemeOptions, SessionAuthenticationHandler>(
+        "SessionAuth",
+        options => { }
+    );
+
+builder.Services.AddAuthorization(); // if not already added
+
 var app = builder.Build();
 
-app.UseCors("DefaultCorsPolicy");
+app.UseCors(CorsPolicyName);
 
 if (app.Environment.IsDevelopment())
 {