backend/WorkClub.Api/Middleware/TenantValidationMiddleware.cs

using System.Text.Json;

namespace WorkClub.Api.Middleware;

public class TenantValidationMiddleware
{
    private readonly RequestDelegate _next;
    private readonly ILogger<TenantValidationMiddleware> _logger;

    public TenantValidationMiddleware(RequestDelegate next, ILogger<TenantValidationMiddleware> logger)
    {
        _next = next;
        _logger = logger;
    }

    public async Task InvokeAsync(HttpContext context)
    {
        _logger.LogInformation("TenantValidationMiddleware: Processing request for {Path}", context.Request.Path);
        if (!context.User.Identity?.IsAuthenticated ?? true)
        {
            await _next(context);
            return;
        }

        if (!context.Request.Headers.TryGetValue("X-Tenant-Id", out var tenantIdHeader) ||
            string.IsNullOrWhiteSpace(tenantIdHeader))
        {
            context.Response.StatusCode = StatusCodes.Status400BadRequest;
            await context.Response.WriteAsJsonAsync(new { error = "X-Tenant-Id header is required" });
            return;
        }

        var requestedTenantId = tenantIdHeader.ToString();
        var clubsClaim = context.User.FindFirst("clubs")?.Value;

        if (string.IsNullOrEmpty(clubsClaim))
        {
            context.Response.StatusCode = StatusCodes.Status403Forbidden;
            await context.Response.WriteAsJsonAsync(new { error = "User does not have clubs claim" });
            return;
        }

        // Parse comma-separated club UUIDs
        var clubIds = clubsClaim.Split(',', StringSplitOptions.RemoveEmptyEntries)
            .Select(id => id.Trim())
            .ToArray();

        if (clubIds.Length == 0 || !clubIds.Contains(requestedTenantId))
        {
            context.Response.StatusCode = StatusCodes.Status403Forbidden;
            await context.Response.WriteAsJsonAsync(new { error = $"User is not a member of tenant {requestedTenantId}" });
            return;
        }

        // Store validated tenant ID in HttpContext.Items for downstream middleware/services
        context.Items["TenantId"] = requestedTenantId;
        _logger.LogInformation("TenantValidationMiddleware: Set TenantId={TenantId} in HttpContext.Items", requestedTenantId);

        await _next(context);
    }
}
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure) 2026-03-03 14:32:21 +01:00			`using System.Text.Json;`

			`namespace WorkClub.Api.Middleware;`

			`public class TenantValidationMiddleware`
			`{`
			`private readonly RequestDelegate _next;`
fix(backend): update middleware ordering and interceptors for RLS Update TenantValidationMiddleware, Program.cs startup sequence, SaveChangesTenantInterceptor, and TenantProvider to ensure proper middleware ordering and tenant context initialization before database access. Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> 2026-03-05 19:22:21 +01:00			`private readonly ILogger<TenantValidationMiddleware> _logger;`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure) 2026-03-03 14:32:21 +01:00
fix(backend): update middleware ordering and interceptors for RLS Update TenantValidationMiddleware, Program.cs startup sequence, SaveChangesTenantInterceptor, and TenantProvider to ensure proper middleware ordering and tenant context initialization before database access. Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> 2026-03-05 19:22:21 +01:00			`public TenantValidationMiddleware(RequestDelegate next, ILogger<TenantValidationMiddleware> logger)`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure) 2026-03-03 14:32:21 +01:00			`{`
			`_next = next;`
fix(backend): update middleware ordering and interceptors for RLS Update TenantValidationMiddleware, Program.cs startup sequence, SaveChangesTenantInterceptor, and TenantProvider to ensure proper middleware ordering and tenant context initialization before database access. Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> 2026-03-05 19:22:21 +01:00			`_logger = logger;`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure) 2026-03-03 14:32:21 +01:00			`}`

			`public async Task InvokeAsync(HttpContext context)`
			`{`
fix(backend): update middleware ordering and interceptors for RLS Update TenantValidationMiddleware, Program.cs startup sequence, SaveChangesTenantInterceptor, and TenantProvider to ensure proper middleware ordering and tenant context initialization before database access. Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> 2026-03-05 19:22:21 +01:00			`_logger.LogInformation("TenantValidationMiddleware: Processing request for {Path}", context.Request.Path);`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure) 2026-03-03 14:32:21 +01:00			`if (!context.User.Identity?.IsAuthenticated ?? true)`
			`{`
			`await _next(context);`
			`return;`
			`}`

style(backend): apply dotnet format whitespace normalization - Applied dotnet format to 24 files in backend/ - Corrects spacing, indentation, and formatting consistency - No functional changes to code logic Ultraworked with Sisyphus <https://github.com/code-yeongyu/oh-my-opencode> Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> 2026-03-05 11:07:19 +01:00			`if (!context.Request.Headers.TryGetValue("X-Tenant-Id", out var tenantIdHeader) \|\|`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure) 2026-03-03 14:32:21 +01:00			`string.IsNullOrWhiteSpace(tenantIdHeader))`
			`{`
			`context.Response.StatusCode = StatusCodes.Status400BadRequest;`
			`await context.Response.WriteAsJsonAsync(new { error = "X-Tenant-Id header is required" });`
			`return;`
			`}`

			`var requestedTenantId = tenantIdHeader.ToString();`
			`var clubsClaim = context.User.FindFirst("clubs")?.Value;`

			`if (string.IsNullOrEmpty(clubsClaim))`
			`{`
			`context.Response.StatusCode = StatusCodes.Status403Forbidden;`
			`await context.Response.WriteAsJsonAsync(new { error = "User does not have clubs claim" });`
			`return;`
			`}`

fix(backend): update middleware ordering and interceptors for RLS Update TenantValidationMiddleware, Program.cs startup sequence, SaveChangesTenantInterceptor, and TenantProvider to ensure proper middleware ordering and tenant context initialization before database access. Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> 2026-03-05 19:22:21 +01:00			`// Parse comma-separated club UUIDs`
			`var clubIds = clubsClaim.Split(',', StringSplitOptions.RemoveEmptyEntries)`
			`.Select(id => id.Trim())`
			`.ToArray();`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure) 2026-03-03 14:32:21 +01:00
fix(backend): update middleware ordering and interceptors for RLS Update TenantValidationMiddleware, Program.cs startup sequence, SaveChangesTenantInterceptor, and TenantProvider to ensure proper middleware ordering and tenant context initialization before database access. Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> 2026-03-05 19:22:21 +01:00			`if (clubIds.Length == 0 \|\| !clubIds.Contains(requestedTenantId))`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure) 2026-03-03 14:32:21 +01:00			`{`
			`context.Response.StatusCode = StatusCodes.Status403Forbidden;`
			`await context.Response.WriteAsJsonAsync(new { error = $"User is not a member of tenant {requestedTenantId}" });`
			`return;`
			`}`

fix(backend): update middleware ordering and interceptors for RLS Update TenantValidationMiddleware, Program.cs startup sequence, SaveChangesTenantInterceptor, and TenantProvider to ensure proper middleware ordering and tenant context initialization before database access. Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> 2026-03-05 19:22:21 +01:00			`// Store validated tenant ID in HttpContext.Items for downstream middleware/services`
			`context.Items["TenantId"] = requestedTenantId;`
			`_logger.LogInformation("TenantValidationMiddleware: Set TenantId={TenantId} in HttpContext.Items", requestedTenantId);`

feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure) 2026-03-03 14:32:21 +01:00			`await _next(context);`
			`}`
			`}`