fix: exempt /api/clubs/me from tenant validation

- Add path exemption in TenantValidationMiddleware for /api/clubs/me - Change authorization policy from RequireMember to RequireViewer - Fix KEYCLOAK_CLIENT_ID in docker-compose.yml (workclub-app) - Resolves frontend chicken-and-egg problem for club discovery Verified: - /api/clubs/me returns 200 OK without X-Tenant-Id header - /api/tasks still requires X-Tenant-Id (400 Bad Request) - Other endpoints unaffected
2026-03-05 21:32:34 +01:00
parent b286e5cb34
commit 18be0fb183
3 changed files with 12 additions and 2 deletions
--- a/backend/WorkClub.Api/Endpoints/Clubs/ClubEndpoints.cs
+++ b/backend/WorkClub.Api/Endpoints/Clubs/ClubEndpoints.cs
@@ -11,7 +11,7 @@ public static class ClubEndpoints
        var group = app.MapGroup("/api/clubs");

        group.MapGet("/me", GetMyClubs)
-            .RequireAuthorization("RequireMember")
+            .RequireAuthorization("RequireViewer")
            .WithName("GetMyClubs");

        group.MapGet("/current", GetCurrentClub)