Edit Records

2025-12-01 17:56:17 +01:00
parent 7ea5ed506e
commit c8ded1f0a4
11 changed files with 624 additions and 28 deletions
--- a/DiunaBI.API/Program.cs
+++ b/DiunaBI.API/Program.cs
@@ -177,26 +177,67 @@ else

 pluginManager.LoadPluginsFromDirectory(pluginsPath);

-app.Use(async (context, next) =>
-{
-    var token = context.Request.Headers.Authorization.ToString();
-    if (token.Length > 0
-        && !context.Request.Path.ToString().Contains("getForPowerBI")
-        && !context.Request.Path.ToString().Contains("getConfiguration")
-        && !context.Request.Path.ToString().Contains("DataInbox/Add"))
-    {
-        var handler = new JwtSecurityTokenHandler();
-        var data = handler.ReadJwtToken(token.Split(' ')[1]);
-        context.Request.Headers.Append("UserId", new Microsoft.Extensions.Primitives.StringValues(data.Subject));
-    }
-    await next(context);
-});
-
 app.UseCors("CORSPolicy");

 app.UseAuthentication();
 app.UseAuthorization();

+// Middleware to extract UserId from JWT token AFTER authentication
+// This must run after UseAuthentication() so the JWT is already validated
+app.Use(async (context, next) =>
+{
+    var logger = context.RequestServices.GetRequiredService<ILogger<Program>>();
+    logger.LogInformation("🔍 UserId Extraction Middleware - Path: {Path}, Method: {Method}",
+        context.Request.Path, context.Request.Method);
+
+    var token = context.Request.Headers.Authorization.ToString();
+    logger.LogInformation("🔍 Authorization header: {Token}",
+        string.IsNullOrEmpty(token) ? "NULL/EMPTY" : $"{token[..Math.Min(30, token.Length)]}...");
+
+    if (!string.IsNullOrEmpty(token) && token.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
+    {
+        try
+        {
+            var handler = new JwtSecurityTokenHandler();
+            var jwtToken = handler.ReadJwtToken(token.Split(' ')[1]);
+
+            // Try to get UserId from Subject claim first, then fall back to NameIdentifier
+            var userId = jwtToken.Subject;
+            if (string.IsNullOrEmpty(userId))
+            {
+                // Try NameIdentifier claim (ClaimTypes.NameIdentifier)
+                var nameIdClaim = jwtToken.Claims.FirstOrDefault(c =>
+                    c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" ||
+                    c.Type == "nameid");
+                userId = nameIdClaim?.Value;
+            }
+
+            logger.LogInformation("🔍 JWT UserId: {UserId}", userId ?? "NULL");
+
+            if (!string.IsNullOrEmpty(userId))
+            {
+                // Use indexer to set/replace header value instead of Append
+                context.Request.Headers["UserId"] = userId;
+                logger.LogInformation("✅ Set UserId header to: {UserId}", userId);
+            }
+            else
+            {
+                logger.LogWarning("❌ UserId not found in JWT claims");
+            }
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "❌ Failed to extract UserId from JWT token");
+        }
+    }
+    else
+    {
+        logger.LogWarning("❌ No valid Bearer token found");
+    }
+
+    await next(context);
+});
+
 app.MapControllers();

 app.MapGet("/health", () => Results.Ok(new { status = "OK", timestamp = DateTime.UtcNow }))