From 1199c61ae81be73801523b40a2f9533082d78df1 Mon Sep 17 00:00:00 2001 From: TekH Date: Wed, 17 Dec 2025 11:52:59 +0100 Subject: [PATCH] Add AuthScopedFilter to set AddedWho via middleware Introduce AuthScopedFilter to automatically set the AddedWho property on IAuthScoped commands using configuration, and register it globally for all controllers. Remove manual AddedWho assignment from ResultViewController. Make AddedWho nullable in AuthScope and IAuthScoped. --- .../Controllers/ResultViewController.cs | 2 -- src/ReC.API/Middleware/AuthScopedFilter.cs | 18 ++++++++++++++++++ src/ReC.API/Program.cs | 5 ++++- .../Common/Interfaces/IAuthScoped.cs | 4 ++-- 4 files changed, 24 insertions(+), 5 deletions(-) create mode 100644 src/ReC.API/Middleware/AuthScopedFilter.cs diff --git a/src/ReC.API/Controllers/ResultViewController.cs b/src/ReC.API/Controllers/ResultViewController.cs index 41f6b38..5a8b7ec 100644 --- a/src/ReC.API/Controllers/ResultViewController.cs +++ b/src/ReC.API/Controllers/ResultViewController.cs @@ -43,8 +43,6 @@ public class ResultViewController(IMediator mediator, IConfiguration config) : C [HttpPost] public async Task Create([FromBody] CreateResultViewCommand command, CancellationToken cancel) { - // TODO: add middleware - command.Scope.AddedWho = config?["AddedWho"] ?? throw new InvalidOperationException("The required 'AddedWho' configuration is missing. Please contact a system administrator."); await mediator.Send(command, cancel); return CreatedAtAction(nameof(Get), new { actionId = command.ActionId }, command); } diff --git a/src/ReC.API/Middleware/AuthScopedFilter.cs b/src/ReC.API/Middleware/AuthScopedFilter.cs new file mode 100644 index 0000000..c3980df --- /dev/null +++ b/src/ReC.API/Middleware/AuthScopedFilter.cs @@ -0,0 +1,18 @@ +using Microsoft.AspNetCore.Mvc.Filters; +using ReC.Application.Common.Interfaces; + +namespace ReC.API.Middleware; + +public class AuthScopedFilter(IConfiguration config) : IAsyncActionFilter +{ + public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) + { + if (context.ActionArguments.TryGetValue("command", out var command) && command is IAuthScoped authScopedCommand) + { + var addedWho = config["AddedWho"] ?? throw new InvalidOperationException("The required 'AddedWho' configuration is missing. Please contact a system administrator."); + authScopedCommand.Scope.AddedWho = addedWho; + } + + await next(); + } +} \ No newline at end of file diff --git a/src/ReC.API/Program.cs b/src/ReC.API/Program.cs index dc657be..61156dc 100644 --- a/src/ReC.API/Program.cs +++ b/src/ReC.API/Program.cs @@ -54,7 +54,10 @@ try }); }); - builder.Services.AddControllers(); + builder.Services.AddControllers(options => + { + options.Filters.Add(); + }); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(c => diff --git a/src/ReC.Application/Common/Interfaces/IAuthScoped.cs b/src/ReC.Application/Common/Interfaces/IAuthScoped.cs index af11a4d..2e32426 100644 --- a/src/ReC.Application/Common/Interfaces/IAuthScoped.cs +++ b/src/ReC.Application/Common/Interfaces/IAuthScoped.cs @@ -4,10 +4,10 @@ namespace ReC.Application.Common.Interfaces; public record AuthScope { - public string AddedWho { get; set; } = null!; + public string? AddedWho { get; set; } } public interface IAuthScoped : IScoped { - public string AddedWho => Scope.AddedWho; + public string? AddedWho => Scope.AddedWho; } \ No newline at end of file