Merge pull request 'feat/plano-rodape' (#17) from feat/plano-rodape into main

Reviewed-on: http://git.carneiro.ddnsfree.com/ricardo/BCards/pulls/17
2025-08-22 00:50:30 +00:00 · 2025-08-22 00:50:30 +00:00 · 46afbb22cd
commit 46afbb22cd
parent 54fcbc23fa def712bffe
1 changed files with 83 additions and 15 deletions
--- a/src/BCards.Web/Program.cs
+++ b/src/BCards.Web/Program.cs
@ -17,6 +17,17 @@ using Microsoft.AspNetCore.HttpOverrides;

 var builder = WebApplication.CreateBuilder(args);

+// 🔥 CONFIGURAR FORWARDED HEADERS NO BUILDER
+builder.Services.Configure<ForwardedHeadersOptions>(options =>
+{
+    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+    options.RequireHeaderSymmetry = false;
+    options.KnownNetworks.Clear();
+    options.KnownProxies.Clear();
+    // 🚨 PERMITIR QUALQUER PROXY (NGINX)
+    options.ForwardLimit = null;
+});
+
 // Add services to the container.
 builder.Services.AddControllersWithViews()
    .AddRazorRuntimeCompilation()
@ -85,23 +96,43 @@ builder.Services.AddAuthentication(options =>
    options.AuthorizationEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
    options.TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/token";

+    // 🔥 SOLUÇÃO RADICAL: SEMPRE FORÇAR HTTPS
    options.Events = new OAuthEvents
    {
        OnRedirectToAuthorizationEndpoint = context =>
        {
-            // 1. Força HTTPS em produção
-            if (!builder.Environment.IsDevelopment())
+            var logger = context.HttpContext.RequestServices.GetRequiredService<ILogger<Program>>();
+
+            // Debug info
+            logger.LogWarning($"=== MICROSOFT AUTH DEBUG ===");
+            logger.LogWarning($"Original RedirectUri: {context.RedirectUri}");
+            logger.LogWarning($"Request Scheme: {context.Request.Scheme}");
+            logger.LogWarning($"Request IsHttps: {context.Request.IsHttps}");
+            logger.LogWarning($"Request Host: {context.Request.Host}");
+            logger.LogWarning($"X-Forwarded-Proto: {context.Request.Headers["X-Forwarded-Proto"]}");
+
+            // 🚨 FORÇA HTTPS SEMPRE (exceto localhost)
+            var originalUri = context.RedirectUri;
+
+            // Se contém bcards.site, força HTTPS
+            if (originalUri.Contains("bcards.site"))
            {
-                context.RedirectUri = context.RedirectUri.Replace("http://", "https://");
+                context.RedirectUri = originalUri
+                    .Replace("http://bcards.site", "https://bcards.site")
+                    .Replace("http%3A%2F%2Fbcards.site", "https%3A%2F%2Fbcards.site");
+
+                logger.LogWarning($"FORCED HTTPS - Modified RedirectUri: {context.RedirectUri}");
            }

-            // 2. Adiciona prompt=login para forçar seleção de conta
+            // Adiciona prompt=login para forçar seleção de conta
            var redirectUri = context.RedirectUri;
            if (!redirectUri.Contains("prompt="))
            {
                redirectUri += "&prompt=login";
            }

+            logger.LogWarning($"Final RedirectUri: {redirectUri}");
+
            context.Response.Redirect(redirectUri);
            return Task.CompletedTask;
        }
@ -129,7 +160,7 @@ builder.Services.AddScoped<IUserRepository, UserRepository>();
 builder.Services.AddScoped<IUserPageRepository, UserPageRepository>();
 builder.Services.AddScoped<ICategoryRepository, CategoryRepository>();
 builder.Services.AddScoped<ISubscriptionRepository, SubscriptionRepository>();
-builder.Services.AddSingleton<IModerationAuthService, ModerationAuthService>(); 
+builder.Services.AddSingleton<IModerationAuthService, ModerationAuthService>();
 //builder.Services.AddScoped<IModerationAuthService, ModerationAuthService>();

 builder.Services.AddScoped<IUserPageService, UserPageService>();
@ -179,14 +210,26 @@ builder.Services.AddRazorPages();

 var app = builder.Build();

-app.UseForwardedHeaders(new ForwardedHeadersOptions
+// 🔥 PRIMEIRA COISA APÓS BUILD - FORWARDED HEADERS + BASE URL OVERRIDE
+app.UseForwardedHeaders();
+
+// 🚨 FORÇA BASE URL HTTPS EM PRODUÇÃO
+if (!app.Environment.IsDevelopment())
 {
-    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto,
-    // Permitir qualquer proxy (necessário para NGINX)
-    RequireHeaderSymmetry = false,
-    KnownNetworks = { },
-    KnownProxies = { }
-});
+    app.Use(async (context, next) =>
+    {
+        // Força o contexto a pensar que está em HTTPS
+        context.Request.Scheme = "https";
+
+        // Override do Host se necessário
+        if (context.Request.Host.Host == "bcards.site")
+        {
+            context.Request.Host = new HostString("bcards.site", 443);
+        }
+
+        await next();
+    });
+}

 // Configure the HTTP request pipeline.
 if (!app.Environment.IsDevelopment())
@ -211,12 +254,38 @@ app.UseMiddleware<BCards.Web.Middleware.PageStatusMiddleware>();
 app.UseMiddleware<BCards.Web.Middleware.PreviewTokenMiddleware>();
 app.UseMiddleware<ModerationAuthMiddleware>();

+// 🔥 DEBUG MIDDLEWARE MELHORADO
 app.Use(async (context, next) =>
 {
+    // Debug geral
    Console.WriteLine($"=== REQUEST DEBUG ===");
    Console.WriteLine($"Path: {context.Request.Path}");
    Console.WriteLine($"Query: {context.Request.QueryString}");
    Console.WriteLine($"Method: {context.Request.Method}");
+    Console.WriteLine($"Scheme: {context.Request.Scheme}");
+    Console.WriteLine($"IsHttps: {context.Request.IsHttps}");
+    Console.WriteLine($"Host: {context.Request.Host}");
+
+    // Debug específico para Microsoft signin
+    if (context.Request.Path.StartsWithSegments("/signin-microsoft"))
+    {
+        var logger = context.RequestServices.GetRequiredService<ILogger<Program>>();
+        logger.LogWarning($"=== SIGNIN-MICROSOFT CALLBACK DEBUG ===");
+        logger.LogWarning($"Path: {context.Request.Path}");
+        logger.LogWarning($"Query: {context.Request.QueryString}");
+        logger.LogWarning($"Method: {context.Request.Method}");
+        logger.LogWarning($"Scheme: {context.Request.Scheme}");
+        logger.LogWarning($"IsHttps: {context.Request.IsHttps}");
+        logger.LogWarning($"Host: {context.Request.Host}");
+        logger.LogWarning($"X-Forwarded-Proto: {context.Request.Headers["X-Forwarded-Proto"]}");
+        logger.LogWarning($"X-Forwarded-For: {context.Request.Headers["X-Forwarded-For"]}");
+        logger.LogWarning($"All Headers:");
+        foreach (var header in context.Request.Headers)
+        {
+            logger.LogWarning($"  {header.Key}: {header.Value}");
+        }
+    }
+
    await next();
 });

@ -262,13 +331,12 @@ app.MapControllerRoute(
    name: "default",
    pattern: "{controller=Home}/{action=Index}/{id?}");

-
 // Initialize default data
 using (var scope = app.Services.CreateScope())
 {
    var themeService = scope.ServiceProvider.GetRequiredService<IThemeService>();
    var categoryService = scope.ServiceProvider.GetRequiredService<ICategoryService>();
-    
+
    try
    {
        // Initialize themes
@ -277,7 +345,7 @@ using (var scope = app.Services.CreateScope())
        {
            await themeService.InitializeDefaultThemesAsync();
        }
-        
+
        // Initialize categories
        var existingCategories = await categoryService.GetAllCategoriesAsync();
        if (!existingCategories.Any())