fix: exempt /api/clubs/me from tenant validation

- Add path exemption in TenantValidationMiddleware for /api/clubs/me - Change authorization policy from RequireMember to RequireViewer - Fix KEYCLOAK_CLIENT_ID in docker-compose.yml (workclub-app) - Resolves frontend chicken-and-egg problem for club discovery Verified: - /api/clubs/me returns 200 OK without X-Tenant-Id header - /api/tasks still requires X-Tenant-Id (400 Bad Request) - Other endpoints unaffected
2026-03-05 21:32:34 +01:00
parent b286e5cb34
commit 18be0fb183
3 changed files with 12 additions and 2 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -79,12 +79,14 @@ services:
      context: ./frontend
      dockerfile: Dockerfile.dev
    container_name: workclub_frontend
+    extra_hosts:
+      - "localhost:host-gateway"
    environment:
      NEXT_PUBLIC_API_URL: "http://localhost:5001"
      API_INTERNAL_URL: "http://dotnet-api:8080"
      NEXTAUTH_URL: "http://localhost:3000"
      NEXTAUTH_SECRET: "dev-secret-change-in-production-use-openssl-rand-base64-32"
-      KEYCLOAK_CLIENT_ID: "workclub-api"
+      KEYCLOAK_CLIENT_ID: "workclub-app"
      KEYCLOAK_CLIENT_SECRET: "dev-secret-workclub-api-change-in-production"
      KEYCLOAK_ISSUER: "http://localhost:8080/realms/workclub"
    ports: