Enhanced token validation logic by introducing an `OnTokenValidated` event handler. This ensures the `envelopeKey` in the request path matches the token's subject (`sub` claim). Added `return Task.CompletedTask;` to complete asynchronous operations. These changes improve security by preventing mismatches or unauthorized access.
Introduced a new `EnvelopeReceiverJwt` authentication scheme to support per-envelope JWT validation using cookies specific to envelope keys. Added the `CheckEnvelopeReceiver` endpoint in `AuthController.cs` to validate these tokens, protected by the `AuthPolicy.Receiver` policy.
Configured the `EnvelopeReceiverJwt` scheme to dynamically resolve issuer signing keys and validate tokens. Enhanced `JwtBearerEvents.OnMessageReceived` to extract envelope keys from the request path and retrieve tokens from corresponding cookies.
Updated the `AuthPolicy.Receiver` policy to use the `EnvelopeReceiverJwt` scheme, ensuring isolated authentication for per-envelope scenarios. Added XML documentation for the `CheckEnvelopeReceiver` method.
- Added `using DigitalData.Auth.Claims` to support claims handling.
- Improved EF Core DbContext comment for better clarity.
- Added logic to dynamically select connection strings based on
`MIGRATION_TEST_MODE` or `UseDbMigration` configuration.
- Updated `AuthPolicy.Receiver` to include the `"receiver"` role.
Renamed receiver roles FullyAuth → Receiver.Full and PreAuth → Receiver.TFA across the codebase for improved clarity and consistency. Updated all usages, [Authorize] attributes, role checks, authentication logic, and authorization policies to use the new role names. Marked old constants as obsolete and pointed them to the new values. This change enhances code readability and groups receiver roles under the Receiver static class.
Replaced direct role-based [Authorize] attributes with named
authorization policies (e.g., AuthPolicy.Receiver,
AuthPolicy.SenderOrReceiver) in AnnotationController,
DocumentController, and ReadOnlyController. Added and registered
new policies in Program.cs and updated AuthPolicy constants.
This centralizes and simplifies authorization management.
Replaced SenderOrReceiverFullyAuth and ReceiverFullyAuth policies with more general SenderOrReceiver and Receiver policies. Updated policy definitions in AuthPolicy.cs to use nameof for clarity. Adjusted AddAuthorizationBuilder configuration and [Authorize] attributes in controllers to use the new, less restrictive policies, simplifying authorization logic.
Renamed AuthorizationPolicies to AuthPolicy and updated all references to use the new naming convention for authorization policy constants. This improves consistency and clarity across the codebase.
Switched from AddAuthorization to AddAuthorizationBuilder for
defining authorization policies, resulting in more concise and
modern code. Policy logic and requirements remain unchanged.
Introduce SenderOrReceiverFullyAuth and ReceiverFullyAuth policies for role-based authorization. Register these policies in Program.cs. Also, fix OpenApiReference type for Swagger security configuration.
Introduced AuthProxyDocumentFilter to programmatically document the POST /api/auth proxy login endpoint in Swagger. The filter defines request body schemas, example values, query parameter, and response codes. Registered the filter in Program.cs for OpenAPI generation.
Integrated YARP by adding the Yarp.ReverseProxy package, including yarp.json for proxy configuration, and updating Program.cs to load and map reverse proxy routes. This enables the API to forward requests based on yarp.json settings.
Replaced all EnvelopeGenerator.GeneratorAPI namespaces with EnvelopeGenerator.API across controllers, models, extensions, middleware, and annotation-related files. Updated using/import statements and namespace declarations accordingly. Added wwwroot folder to project file. Minor code adjustments made for consistency. This unifies API naming for improved clarity and maintainability.
Deleted dotnet-tools.json (dotnet-ef config) and IIS publish profiles for .NET 7 and .NET 9 (IISProfileNet7Win64.pubxml, IISProfileNet9Win64.pubxml) to clean up unused deployment and tooling files.
