ricardo/BCards
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat/plano-rodape #17

Merged
ricardo merged 2 commits from feat/plano-rodape into main 2025-08-22 00:50:30 +00:00
Conversation 0 Commits 2 Files Changed 1 +83 -15
1 changed files with 83 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
src/BCards.Web/Program.cs
View File

@ -17,6 +17,17 @@ using Microsoft.AspNetCore.HttpOverrides;
var builder = WebApplication.CreateBuilder(args);
// 🔥 CONFIGURAR FORWARDED HEADERS NO BUILDER
builder.Services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
options.RequireHeaderSymmetry = false;
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
// 🚨 PERMITIR QUALQUER PROXY (NGINX)
options.ForwardLimit = null;
});
// Add services to the container.
builder.Services.AddControllersWithViews()
.AddRazorRuntimeCompilation()
@ -85,23 +96,43 @@ builder.Services.AddAuthentication(options =>
options.AuthorizationEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
options.TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
// 🔥 SOLUÇÃO RADICAL: SEMPRE FORÇAR HTTPS
options.Events = new OAuthEvents
{
OnRedirectToAuthorizationEndpoint = context =>
{
// 1. Força HTTPS em produção
if (!builder.Environment.IsDevelopment())
var logger = context.HttpContext.RequestServices.GetRequiredService<ILogger<Program>>();
// Debug info
logger.LogWarning($"=== MICROSOFT AUTH DEBUG ===");
logger.LogWarning($"Original RedirectUri: {context.RedirectUri}");
logger.LogWarning($"Request Scheme: {context.Request.Scheme}");
logger.LogWarning($"Request IsHttps: {context.Request.IsHttps}");
logger.LogWarning($"Request Host: {context.Request.Host}");
logger.LogWarning($"X-Forwarded-Proto: {context.Request.Headers["X-Forwarded-Proto"]}");
// 🚨 FORÇA HTTPS SEMPRE (exceto localhost)
var originalUri = context.RedirectUri;
// Se contém bcards.site, força HTTPS
if (originalUri.Contains("bcards.site"))
{
context.RedirectUri = context.RedirectUri.Replace("http://", "https://");
context.RedirectUri = originalUri
.Replace("http://bcards.site", "https://bcards.site")
.Replace("http%3A%2F%2Fbcards.site", "https%3A%2F%2Fbcards.site");
logger.LogWarning($"FORCED HTTPS - Modified RedirectUri: {context.RedirectUri}");
}
// 2. Adiciona prompt=login para forçar seleção de conta
// Adiciona prompt=login para forçar seleção de conta
var redirectUri = context.RedirectUri;
if (!redirectUri.Contains("prompt="))
{
redirectUri += "&prompt=login";
}
logger.LogWarning($"Final RedirectUri: {redirectUri}");
context.Response.Redirect(redirectUri);
return Task.CompletedTask;
}
@ -179,14 +210,26 @@ builder.Services.AddRazorPages();
var app = builder.Build();
app.UseForwardedHeaders(new ForwardedHeadersOptions
// 🔥 PRIMEIRA COISA APÓS BUILD - FORWARDED HEADERS + BASE URL OVERRIDE
app.UseForwardedHeaders();
// 🚨 FORÇA BASE URL HTTPS EM PRODUÇÃO
if (!app.Environment.IsDevelopment())
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto,
// Permitir qualquer proxy (necessário para NGINX)
RequireHeaderSymmetry = false,
KnownNetworks = { },
KnownProxies = { }
});
app.Use(async (context, next) =>
{
// Força o contexto a pensar que está em HTTPS
context.Request.Scheme = "https";
// Override do Host se necessário
if (context.Request.Host.Host == "bcards.site")
{
context.Request.Host = new HostString("bcards.site", 443);
}
await next();
});
}
// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
@ -211,12 +254,38 @@ app.UseMiddleware<BCards.Web.Middleware.PageStatusMiddleware>();
app.UseMiddleware<BCards.Web.Middleware.PreviewTokenMiddleware>();
app.UseMiddleware<ModerationAuthMiddleware>();
// 🔥 DEBUG MIDDLEWARE MELHORADO
app.Use(async (context, next) =>
{
// Debug geral
Console.WriteLine($"=== REQUEST DEBUG ===");
Console.WriteLine($"Path: {context.Request.Path}");
Console.WriteLine($"Query: {context.Request.QueryString}");
Console.WriteLine($"Method: {context.Request.Method}");
Console.WriteLine($"Scheme: {context.Request.Scheme}");
Console.WriteLine($"IsHttps: {context.Request.IsHttps}");
Console.WriteLine($"Host: {context.Request.Host}");
// Debug específico para Microsoft signin
if (context.Request.Path.StartsWithSegments("/signin-microsoft"))
{
var logger = context.RequestServices.GetRequiredService<ILogger<Program>>();
logger.LogWarning($"=== SIGNIN-MICROSOFT CALLBACK DEBUG ===");
logger.LogWarning($"Path: {context.Request.Path}");
logger.LogWarning($"Query: {context.Request.QueryString}");
logger.LogWarning($"Method: {context.Request.Method}");
logger.LogWarning($"Scheme: {context.Request.Scheme}");
logger.LogWarning($"IsHttps: {context.Request.IsHttps}");
logger.LogWarning($"Host: {context.Request.Host}");
logger.LogWarning($"X-Forwarded-Proto: {context.Request.Headers["X-Forwarded-Proto"]}");
logger.LogWarning($"X-Forwarded-For: {context.Request.Headers["X-Forwarded-For"]}");
logger.LogWarning($"All Headers:");
foreach (var header in context.Request.Headers)
{
logger.LogWarning($" {header.Key}: {header.Value}");
}
}
await next();
});
@ -262,7 +331,6 @@ app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
// Initialize default data
using (var scope = app.Services.CreateScope())
{