From d2fb9b80719fe3a3418625b313ab70f50f353cf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Zieli=C5=84ski?= Date: Sat, 6 Dec 2025 00:50:20 +0100 Subject: [PATCH] Fix API Key Authorization for Cron Jobs by adding [AllowAnonymous] attribute to scheduling endpoints --- .claude/project-context.md | 12 ++++++++++++ DiunaBI.API/Controllers/JobsController.cs | 3 +++ 2 files changed, 15 insertions(+) diff --git a/.claude/project-context.md b/.claude/project-context.md index 7c51156..87dfe03 100644 --- a/.claude/project-context.md +++ b/.claude/project-context.md @@ -5,6 +5,18 @@ ## RECENT CHANGES (This Session) +**API Key Authorization Fix for Cron Jobs (Dec 6, 2025):** +- ✅ **Fixed 401 Unauthorized on API Key Endpoints** - Cron jobs calling `/jobs/schedule` endpoints were getting rejected despite valid API keys +- ✅ **Added [AllowAnonymous] Attribute** - Bypasses controller-level `[Authorize]` to allow `[ApiKeyAuth]` filter to handle authorization +- ✅ **Three Endpoints Fixed** - Applied fix to all job scheduling endpoints: + - `POST /jobs/schedule` - Schedule all jobs (imports + processes) + - `POST /jobs/schedule/imports` - Schedule import jobs only + - `POST /jobs/schedule/processes` - Schedule process jobs only +- Root cause: Controller-level `[Authorize]` attribute required JWT Bearer auth for all endpoints, blocking API key authentication +- Solution: Add `[AllowAnonymous]` to allow `[ApiKeyAuth]` filter to validate X-API-Key header +- Files modified: [JobsController.cs](DiunaBI.API/Controllers/JobsController.cs) +- Status: Cron jobs can now authenticate with API key via X-API-Key header + **SignalR Authentication Token Flow Fix (Dec 6, 2025):** - ✅ **TokenProvider Population** - Fixed `TokenProvider.Token` never being set with JWT, causing 401 Unauthorized on SignalR connections - ✅ **AuthService Token Management** - Injected `TokenProvider` into `AuthService` and set token in 3 key places: diff --git a/DiunaBI.API/Controllers/JobsController.cs b/DiunaBI.API/Controllers/JobsController.cs index e9b5d64..0a489ab 100644 --- a/DiunaBI.API/Controllers/JobsController.cs +++ b/DiunaBI.API/Controllers/JobsController.cs @@ -125,6 +125,7 @@ public class JobsController : Controller [HttpPost] [Route("schedule")] + [AllowAnonymous] // Bypass controller-level [Authorize] to allow API key auth [ApiKeyAuth] public async Task ScheduleJobs([FromQuery] string? nameFilter = null) { @@ -150,6 +151,7 @@ public class JobsController : Controller [HttpPost] [Route("schedule/imports")] + [AllowAnonymous] // Bypass controller-level [Authorize] to allow API key auth [ApiKeyAuth] public async Task ScheduleImportJobs([FromQuery] string? nameFilter = null) { @@ -175,6 +177,7 @@ public class JobsController : Controller [HttpPost] [Route("schedule/processes")] + [AllowAnonymous] // Bypass controller-level [Authorize] to allow API key auth [ApiKeyAuth] public async Task ScheduleProcessJobs() {