src/BCards.Web/Program.cs

@@ -17,17 +17,6 @@ using Microsoft.AspNetCore.HttpOverrides;
 
 var builder = WebApplication.CreateBuilder(args);
 
-// 🔥 CONFIGURAR FORWARDED HEADERS NO BUILDER
-builder.Services.Configure<ForwardedHeadersOptions>(options =>
-{
-    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
-    options.RequireHeaderSymmetry = false;
-    options.KnownNetworks.Clear();
-    options.KnownProxies.Clear();
-    // 🚨 PERMITIR QUALQUER PROXY (NGINX)
-    options.ForwardLimit = null;
-});
-
 // Add services to the container.
 builder.Services.AddControllersWithViews()
     .AddRazorRuntimeCompilation()
@@ -96,43 +85,23 @@ builder.Services.AddAuthentication(options =>
     options.AuthorizationEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
     options.TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
 
-    // 🔥 SOLUÇÃO RADICAL: SEMPRE FORÇAR HTTPS
     options.Events = new OAuthEvents
     {
         OnRedirectToAuthorizationEndpoint = context =>
         {
-            var logger = context.HttpContext.RequestServices.GetRequiredService<ILogger<Program>>();
+            // 1. Força HTTPS em produção
-
+            if (!builder.Environment.IsDevelopment())
-            // Debug info
-            logger.LogWarning($"=== MICROSOFT AUTH DEBUG ===");
-            logger.LogWarning($"Original RedirectUri: {context.RedirectUri}");
-            logger.LogWarning($"Request Scheme: {context.Request.Scheme}");
-            logger.LogWarning($"Request IsHttps: {context.Request.IsHttps}");
-            logger.LogWarning($"Request Host: {context.Request.Host}");
-            logger.LogWarning($"X-Forwarded-Proto: {context.Request.Headers["X-Forwarded-Proto"]}");
-
-            // 🚨 FORÇA HTTPS SEMPRE (exceto localhost)
-            var originalUri = context.RedirectUri;
-
-            // Se contém bcards.site, força HTTPS
-            if (originalUri.Contains("bcards.site"))
             {
-                context.RedirectUri = originalUri
+                context.RedirectUri = context.RedirectUri.Replace("http://", "https://");
-                    .Replace("http://bcards.site", "https://bcards.site")
-                    .Replace("http%3A%2F%2Fbcards.site", "https%3A%2F%2Fbcards.site");
-
-                logger.LogWarning($"FORCED HTTPS - Modified RedirectUri: {context.RedirectUri}");
             }
 
-            // Adiciona prompt=login para forçar seleção de conta
+            // 2. Adiciona prompt=login para forçar seleção de conta
             var redirectUri = context.RedirectUri;
             if (!redirectUri.Contains("prompt="))
             {
                 redirectUri += "&prompt=login";
             }
 
-            logger.LogWarning($"Final RedirectUri: {redirectUri}");
-
             context.Response.Redirect(redirectUri);
             return Task.CompletedTask;
         }
@@ -210,26 +179,14 @@ builder.Services.AddRazorPages();
 
 var app = builder.Build();
 
-// 🔥 PRIMEIRA COISA APÓS BUILD - FORWARDED HEADERS + BASE URL OVERRIDE
+app.UseForwardedHeaders(new ForwardedHeadersOptions
-app.UseForwardedHeaders();
-
-// 🚨 FORÇA BASE URL HTTPS EM PRODUÇÃO
-if (!app.Environment.IsDevelopment())
 {
-    app.Use(async (context, next) =>
+    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto,
-    {
+    // Permitir qualquer proxy (necessário para NGINX)
-        // Força o contexto a pensar que está em HTTPS
+    RequireHeaderSymmetry = false,
-        context.Request.Scheme = "https";
+    KnownNetworks = { },
-
+    KnownProxies = { }
-        // Override do Host se necessário
+});
-        if (context.Request.Host.Host == "bcards.site")
-        {
-            context.Request.Host = new HostString("bcards.site", 443);
-        }
-
-        await next();
-    });
-}
 
 // Configure the HTTP request pipeline.
 if (!app.Environment.IsDevelopment())
@@ -254,38 +211,12 @@ app.UseMiddleware<BCards.Web.Middleware.PageStatusMiddleware>();
 app.UseMiddleware<BCards.Web.Middleware.PreviewTokenMiddleware>();
 app.UseMiddleware<ModerationAuthMiddleware>();
 
-// 🔥 DEBUG MIDDLEWARE MELHORADO
 app.Use(async (context, next) =>
 {
-    // Debug geral
     Console.WriteLine($"=== REQUEST DEBUG ===");
     Console.WriteLine($"Path: {context.Request.Path}");
     Console.WriteLine($"Query: {context.Request.QueryString}");
     Console.WriteLine($"Method: {context.Request.Method}");
-    Console.WriteLine($"Scheme: {context.Request.Scheme}");
-    Console.WriteLine($"IsHttps: {context.Request.IsHttps}");
-    Console.WriteLine($"Host: {context.Request.Host}");
-
-    // Debug específico para Microsoft signin
-    if (context.Request.Path.StartsWithSegments("/signin-microsoft"))
-    {
-        var logger = context.RequestServices.GetRequiredService<ILogger<Program>>();
-        logger.LogWarning($"=== SIGNIN-MICROSOFT CALLBACK DEBUG ===");
-        logger.LogWarning($"Path: {context.Request.Path}");
-        logger.LogWarning($"Query: {context.Request.QueryString}");
-        logger.LogWarning($"Method: {context.Request.Method}");
-        logger.LogWarning($"Scheme: {context.Request.Scheme}");
-        logger.LogWarning($"IsHttps: {context.Request.IsHttps}");
-        logger.LogWarning($"Host: {context.Request.Host}");
-        logger.LogWarning($"X-Forwarded-Proto: {context.Request.Headers["X-Forwarded-Proto"]}");
-        logger.LogWarning($"X-Forwarded-For: {context.Request.Headers["X-Forwarded-For"]}");
-        logger.LogWarning($"All Headers:");
-        foreach (var header in context.Request.Headers)
-        {
-            logger.LogWarning($"  {header.Key}: {header.Value}");
-        }
-    }
-
     await next();
 });
 
@@ -331,6 +262,7 @@ app.MapControllerRoute(
     name: "default",
     pattern: "{controller=Home}/{action=Index}/{id?}");
 
+
 // Initialize default data
 using (var scope = app.Services.CreateScope())
 {