2026-03-03 14:23:50 +01:00
|
|
|
using Finbuckle.MultiTenant;
|
|
|
|
|
using Microsoft.AspNetCore.Authentication;
|
|
|
|
|
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
|
|
|
|
using Microsoft.EntityFrameworkCore;
|
|
|
|
|
using WorkClub.Api.Auth;
|
|
|
|
|
using WorkClub.Api.Middleware;
|
|
|
|
|
using WorkClub.Application.Interfaces;
|
|
|
|
|
using WorkClub.Infrastructure.Data;
|
|
|
|
|
using WorkClub.Infrastructure.Services;
|
|
|
|
|
using WorkClub.Infrastructure.Seed;
|
|
|
|
|
|
2026-03-03 14:02:37 +01:00
|
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
|
|
|
|
|
|
|
|
builder.Services.AddOpenApi();
|
|
|
|
|
|
2026-03-03 14:23:50 +01:00
|
|
|
builder.Services.AddMultiTenant<TenantInfo>()
|
|
|
|
|
.WithHeaderStrategy("X-Tenant-Id")
|
|
|
|
|
.WithClaimStrategy("tenant_id")
|
|
|
|
|
.WithInMemoryStore(options =>
|
|
|
|
|
{
|
|
|
|
|
options.IsCaseSensitive = false;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
builder.Services.AddHttpContextAccessor();
|
|
|
|
|
builder.Services.AddScoped<ITenantProvider, TenantProvider>();
|
|
|
|
|
builder.Services.AddScoped<SeedDataService>();
|
|
|
|
|
|
|
|
|
|
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
|
|
|
|
.AddJwtBearer(options =>
|
|
|
|
|
{
|
|
|
|
|
options.Authority = builder.Configuration["Keycloak:Authority"];
|
|
|
|
|
options.Audience = builder.Configuration["Keycloak:Audience"];
|
|
|
|
|
options.RequireHttpsMetadata = false;
|
|
|
|
|
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
|
|
|
|
|
{
|
|
|
|
|
ValidateIssuer = true,
|
|
|
|
|
ValidateAudience = true,
|
|
|
|
|
ValidateLifetime = true,
|
|
|
|
|
ValidateIssuerSigningKey = true
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
builder.Services.AddScoped<IClaimsTransformation, ClubRoleClaimsTransformation>();
|
|
|
|
|
|
|
|
|
|
builder.Services.AddAuthorizationBuilder()
|
|
|
|
|
.AddPolicy("RequireAdmin", policy => policy.RequireRole("Admin"))
|
|
|
|
|
.AddPolicy("RequireManager", policy => policy.RequireRole("Admin", "Manager"))
|
|
|
|
|
.AddPolicy("RequireMember", policy => policy.RequireRole("Admin", "Manager", "Member"))
|
|
|
|
|
.AddPolicy("RequireViewer", policy => policy.RequireAuthenticatedUser());
|
|
|
|
|
|
|
|
|
|
builder.Services.AddDbContext<AppDbContext>(options =>
|
|
|
|
|
options.UseNpgsql(builder.Configuration.GetConnectionString("DefaultConnection")));
|
|
|
|
|
|
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware
- Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups)
- Implement RLS policies with SET LOCAL for tenant isolation
- Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback
- Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header
- Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor)
- Configure AppDbContext with tenant scoping and RLS support
- Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture
- Write TDD integration tests for multi-tenant isolation and RLS enforcement
- Add health check null safety for connection string
Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
|
|
|
var connectionString = builder.Configuration.GetConnectionString("DefaultConnection");
|
|
|
|
|
if (!string.IsNullOrEmpty(connectionString))
|
|
|
|
|
{
|
|
|
|
|
builder.Services.AddHealthChecks()
|
|
|
|
|
.AddNpgSql(connectionString);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
builder.Services.AddHealthChecks();
|
|
|
|
|
}
|
2026-03-03 14:23:50 +01:00
|
|
|
|
2026-03-03 14:02:37 +01:00
|
|
|
var app = builder.Build();
|
|
|
|
|
|
|
|
|
|
if (app.Environment.IsDevelopment())
|
|
|
|
|
{
|
|
|
|
|
app.MapOpenApi();
|
2026-03-03 14:23:50 +01:00
|
|
|
|
|
|
|
|
using var scope = app.Services.CreateScope();
|
|
|
|
|
var seedService = scope.ServiceProvider.GetRequiredService<SeedDataService>();
|
|
|
|
|
await seedService.SeedAsync();
|
2026-03-03 14:02:37 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
app.UseHttpsRedirection();
|
|
|
|
|
|
2026-03-03 14:23:50 +01:00
|
|
|
app.UseAuthentication();
|
|
|
|
|
app.UseMultiTenant();
|
|
|
|
|
app.UseMiddleware<TenantValidationMiddleware>();
|
|
|
|
|
app.UseAuthorization();
|
|
|
|
|
|
|
|
|
|
app.MapHealthChecks("/health/live", new Microsoft.AspNetCore.Diagnostics.HealthChecks.HealthCheckOptions
|
|
|
|
|
{
|
|
|
|
|
Predicate = _ => false
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
app.MapHealthChecks("/health/ready");
|
|
|
|
|
app.MapHealthChecks("/health/startup");
|
|
|
|
|
|
2026-03-03 14:02:37 +01:00
|
|
|
var summaries = new[]
|
|
|
|
|
{
|
|
|
|
|
"Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
app.MapGet("/weatherforecast", () =>
|
|
|
|
|
{
|
|
|
|
|
var forecast = Enumerable.Range(1, 5).Select(index =>
|
|
|
|
|
new WeatherForecast
|
|
|
|
|
(
|
|
|
|
|
DateOnly.FromDateTime(DateTime.Now.AddDays(index)),
|
|
|
|
|
Random.Shared.Next(-20, 55),
|
|
|
|
|
summaries[Random.Shared.Next(summaries.Length)]
|
|
|
|
|
))
|
|
|
|
|
.ToArray();
|
|
|
|
|
return forecast;
|
|
|
|
|
})
|
|
|
|
|
.WithName("GetWeatherForecast");
|
|
|
|
|
|
2026-03-03 14:23:50 +01:00
|
|
|
app.MapGet("/api/test", () => Results.Ok(new { message = "Test endpoint" }))
|
|
|
|
|
.RequireAuthorization();
|
|
|
|
|
|
2026-03-03 14:02:37 +01:00
|
|
|
app.Run();
|
|
|
|
|
|
|
|
|
|
record WeatherForecast(DateOnly Date, int TemperatureC, string? Summary)
|
|
|
|
|
{
|
|
|
|
|
public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
|
|
|
|
|
}
|
2026-03-03 14:23:50 +01:00
|
|
|
|
|
|
|
|
public partial class Program { }
|
