MasterMito/work-club-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix RLS permissions and JWT validation for admin club creation #5

Merged
MasterMito merged 18 commits from fix/rls-permission-test-failure into epic/admin_rework_second_try 2026-03-20 11:42:05 +01:00
Conversation 0 Commits 18 Files Changed 37
+25 -7
2 changed files with 25 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 4ba76288b5 - Show all commits
backend/WorkClub.Api/Program.cs
+23 -1
View File
@@ -52,11 +52,33 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
options.MapInboundClaims = false; options.MapInboundClaims = false;
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{ {
ValidateIssuer = false, // Disabled for local dev - external clients use localhost:8080, internal use keycloak:8080 ValidateIssuer = false, // Disabled for local dev - external clients use localhost:8080, internal use keycloak:8080
ValidateAudience = true, ValidateAudience = true,
ValidateLifetime = true, ValidateLifetime = true,
ValidateIssuerSigningKey = true ValidateIssuerSigningKey = true
}; };
options.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
Console.WriteLine($"JWT Authentication Failed: {context.Exception.Message}");
if (context.Exception.InnerException != null)
{
Console.WriteLine($"Inner Exception: {context.Exception.InnerException.Message}");
}
return Task.CompletedTask;
},
OnTokenValidated = context =>
{
Console.WriteLine($"JWT Token Validated for user: {context.Principal?.Identity?.Name ?? "unknown"}");
return Task.CompletedTask;
},
OnChallenge = context =>
{
Console.WriteLine($"JWT Challenge: {context.Error}");
return Task.CompletedTask;
}
};
}); });
builder.Services.AddScoped<IClaimsTransformation, ClubRoleClaimsTransformation>(); builder.Services.AddScoped<IClaimsTransformation, ClubRoleClaimsTransformation>();
docker-compose.yml
+2 -6
View File
@@ -70,12 +70,8 @@ services:
ports: ports:
- "5001:8080" - "5001:8080"
extra_hosts: extra_hosts:
- "localhost:host-gateway" - "localhost:172.18.0.1"
- "127.0.0.1:host-gateway" - "127.0.0.1:172.18.0.1"
networks:
app-network:
aliases:
- keycloak.internal
working_dir: /app working_dir: /app
volumes: volumes:
- ./backend:/app:cached - ./backend:/app:cached