Merge pull request 'feat/plano-rodape' (#17) from feat/plano-rodape into main

Reviewed-on: http://git.carneiro.ddnsfree.com/ricardo/BCards/pulls/17

src/BCards.Web/Program.cs

@@ -17,6 +17,17 @@ using Microsoft.AspNetCore.HttpOverrides;
 
 var builder = WebApplication.CreateBuilder(args);
 
+// 🔥 CONFIGURAR FORWARDED HEADERS NO BUILDER
+builder.Services.Configure<ForwardedHeadersOptions>(options =>
+{
+    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+    options.RequireHeaderSymmetry = false;
+    options.KnownNetworks.Clear();
+    options.KnownProxies.Clear();
+    // 🚨 PERMITIR QUALQUER PROXY (NGINX)
+    options.ForwardLimit = null;
+});
+
 // Add services to the container.
 builder.Services.AddControllersWithViews()
     .AddRazorRuntimeCompilation()
@@ -85,23 +96,43 @@ builder.Services.AddAuthentication(options =>
     options.AuthorizationEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
     options.TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
 
+    // 🔥 SOLUÇÃO RADICAL: SEMPRE FORÇAR HTTPS
     options.Events = new OAuthEvents
     {
         OnRedirectToAuthorizationEndpoint = context =>
         {
-            // 1. Força HTTPS em produção
+            var logger = context.HttpContext.RequestServices.GetRequiredService<ILogger<Program>>();
-            if (!builder.Environment.IsDevelopment())
+
+            // Debug info
+            logger.LogWarning($"=== MICROSOFT AUTH DEBUG ===");
+            logger.LogWarning($"Original RedirectUri: {context.RedirectUri}");
+            logger.LogWarning($"Request Scheme: {context.Request.Scheme}");
+            logger.LogWarning($"Request IsHttps: {context.Request.IsHttps}");
+            logger.LogWarning($"Request Host: {context.Request.Host}");
+            logger.LogWarning($"X-Forwarded-Proto: {context.Request.Headers["X-Forwarded-Proto"]}");
+
+            // 🚨 FORÇA HTTPS SEMPRE (exceto localhost)
+            var originalUri = context.RedirectUri;
+
+            // Se contém bcards.site, força HTTPS
+            if (originalUri.Contains("bcards.site"))
             {
-                context.RedirectUri = context.RedirectUri.Replace("http://", "https://");
+                context.RedirectUri = originalUri
+                    .Replace("http://bcards.site", "https://bcards.site")
+                    .Replace("http%3A%2F%2Fbcards.site", "https%3A%2F%2Fbcards.site");
+
+                logger.LogWarning($"FORCED HTTPS - Modified RedirectUri: {context.RedirectUri}");
             }
 
-            // 2. Adiciona prompt=login para forçar seleção de conta
+            // Adiciona prompt=login para forçar seleção de conta
             var redirectUri = context.RedirectUri;
             if (!redirectUri.Contains("prompt="))
             {
                 redirectUri += "&prompt=login";
             }
 
+            logger.LogWarning($"Final RedirectUri: {redirectUri}");
+
             context.Response.Redirect(redirectUri);
             return Task.CompletedTask;
         }
@@ -179,14 +210,26 @@ builder.Services.AddRazorPages();
 
 var app = builder.Build();
 
-app.UseForwardedHeaders(new ForwardedHeadersOptions
+// 🔥 PRIMEIRA COISA APÓS BUILD - FORWARDED HEADERS + BASE URL OVERRIDE
+app.UseForwardedHeaders();
+
+// 🚨 FORÇA BASE URL HTTPS EM PRODUÇÃO
+if (!app.Environment.IsDevelopment())
 {
-    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto,
+    app.Use(async (context, next) =>
-    // Permitir qualquer proxy (necessário para NGINX)
+    {
-    RequireHeaderSymmetry = false,
+        // Força o contexto a pensar que está em HTTPS
-    KnownNetworks = { },
+        context.Request.Scheme = "https";
-    KnownProxies = { }
+
-});
+        // Override do Host se necessário
+        if (context.Request.Host.Host == "bcards.site")
+        {
+            context.Request.Host = new HostString("bcards.site", 443);
+        }
+
+        await next();
+    });
+}
 
 // Configure the HTTP request pipeline.
 if (!app.Environment.IsDevelopment())
@@ -211,12 +254,38 @@ app.UseMiddleware<BCards.Web.Middleware.PageStatusMiddleware>();
 app.UseMiddleware<BCards.Web.Middleware.PreviewTokenMiddleware>();
 app.UseMiddleware<ModerationAuthMiddleware>();
 
+// 🔥 DEBUG MIDDLEWARE MELHORADO
 app.Use(async (context, next) =>
 {
+    // Debug geral
     Console.WriteLine($"=== REQUEST DEBUG ===");
     Console.WriteLine($"Path: {context.Request.Path}");
     Console.WriteLine($"Query: {context.Request.QueryString}");
     Console.WriteLine($"Method: {context.Request.Method}");
+    Console.WriteLine($"Scheme: {context.Request.Scheme}");
+    Console.WriteLine($"IsHttps: {context.Request.IsHttps}");
+    Console.WriteLine($"Host: {context.Request.Host}");
+
+    // Debug específico para Microsoft signin
+    if (context.Request.Path.StartsWithSegments("/signin-microsoft"))
+    {
+        var logger = context.RequestServices.GetRequiredService<ILogger<Program>>();
+        logger.LogWarning($"=== SIGNIN-MICROSOFT CALLBACK DEBUG ===");
+        logger.LogWarning($"Path: {context.Request.Path}");
+        logger.LogWarning($"Query: {context.Request.QueryString}");
+        logger.LogWarning($"Method: {context.Request.Method}");
+        logger.LogWarning($"Scheme: {context.Request.Scheme}");
+        logger.LogWarning($"IsHttps: {context.Request.IsHttps}");
+        logger.LogWarning($"Host: {context.Request.Host}");
+        logger.LogWarning($"X-Forwarded-Proto: {context.Request.Headers["X-Forwarded-Proto"]}");
+        logger.LogWarning($"X-Forwarded-For: {context.Request.Headers["X-Forwarded-For"]}");
+        logger.LogWarning($"All Headers:");
+        foreach (var header in context.Request.Headers)
+        {
+            logger.LogWarning($"  {header.Key}: {header.Value}");
+        }
+    }
+
     await next();
 });
 
@@ -262,7 +331,6 @@ app.MapControllerRoute(
     name: "default",
     pattern: "{controller=Home}/{action=Index}/{id?}");
 
-
 // Initialize default data
 using (var scope = app.Services.CreateScope())
 {