soroushasadi/Program.cs

using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.EntityFrameworkCore;
using SoroushAsadi.Database;
using SoroushAsadi.Services;

var builder = WebApplication.CreateBuilder(args);

// --- Razor Pages ---
builder.Services.AddRazorPages();

// --- Authentication (single-password cookie auth) ---
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(opt =>
    {
        opt.LoginPath = "/Admin/Login";
        opt.LogoutPath = "/Admin/Logout";
        opt.Cookie.Name = "sa_admin";
        opt.Cookie.HttpOnly = true;
        opt.Cookie.SameSite = SameSiteMode.Lax;
        opt.ExpireTimeSpan = TimeSpan.FromDays(7);
        opt.SlidingExpiration = true;
    });
builder.Services.AddAuthorization();

// --- EF Core + SQLite ---
var dataDir = builder.Configuration["DataDir"]
    ?? Path.Combine(builder.Environment.ContentRootPath, "data");
Directory.CreateDirectory(dataDir);
Directory.CreateDirectory(Path.Combine(dataDir, "uploads"));

builder.Services.AddDbContext<AppDbContext>(opt =>
    opt.UseSqlite($"Data Source={Path.Combine(dataDir, "cms.db")}"));

// --- App services ---
builder.Services.AddScoped<ContentService>();
builder.Services.AddScoped<AuthService>();
builder.Services.AddScoped<EmailService>();
builder.Services.AddHttpClient<EmailService>();

// --- Static file serving for /data/uploads ---
builder.Services.Configure<StaticFileOptions>(opt => { });

var app = builder.Build();

// Run EF migrations on startup (creates DB if missing)
using (var scope = app.Services.CreateScope())
{
    var db = scope.ServiceProvider.GetRequiredService<AppDbContext>();
    db.Database.EnsureCreated();
}

app.UseStatusCodePagesWithReExecute("/Error/{0}");

// HTML pages must never be cached by the browser or CDN, so a new deploy is
// visible immediately. Static assets are fingerprinted via asp-append-version
// (?v=hash), so they can be cached aggressively and bust automatically.
app.Use(async (context, next) =>
{
    context.Response.OnStarting(() =>
    {
        if (context.Response.ContentType?.Contains("text/html", StringComparison.OrdinalIgnoreCase) == true)
        {
            context.Response.Headers.CacheControl = "no-cache, no-store, must-revalidate";
            context.Response.Headers.Pragma = "no-cache";
        }
        return Task.CompletedTask;
    });
    await next();
});

app.UseStaticFiles(new StaticFileOptions
{
    OnPrepareResponse = ctx =>
        ctx.Context.Response.Headers.CacheControl = "public, max-age=31536000"
});

// Serve uploaded files from /data/uploads under /uploads/*
var uploadsPath = Path.Combine(dataDir, "uploads");
app.UseStaticFiles(new StaticFileOptions
{
    FileProvider = new Microsoft.Extensions.FileProviders.PhysicalFileProvider(uploadsPath),
    RequestPath = "/uploads"
});

app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.MapRazorPages();

app.Run();