Stabilzie modules

2026-02-16 07:32:38 +02:00
parent ab794e167c
commit 45c0f1bb59
45 changed files with 3055 additions and 156 deletions
--- a/src/Router/StellaOps.Gateway.WebService/Middleware/IdentityHeaderPolicyMiddleware.cs
+++ b/src/Router/StellaOps.Gateway.WebService/Middleware/IdentityHeaderPolicyMiddleware.cs
@@ -67,11 +67,18 @@ public sealed class IdentityHeaderPolicyMiddleware
            return;
        }

+        // Step 0: Preserve client-sent tenant header before stripping.
+        // When the Gateway runs in AllowAnonymous mode (no JWT validation),
+        // the principal has no claims and we cannot determine tenant from the token.
+        // In that case, we pass through the client-provided value and let the
+        // upstream service validate it against the JWT's tenant claim.
+        var clientTenant = context.Request.Headers["X-StellaOps-Tenant"].ToString();
+
        // Step 1: Strip all reserved identity headers from incoming request
        StripReservedHeaders(context);

        // Step 2: Extract identity from validated principal
-        var identity = ExtractIdentity(context);
+        var identity = ExtractIdentity(context, clientTenant);

        // Step 3: Store normalized identity in HttpContext.Items
        StoreIdentityContext(context, identity);
@@ -97,17 +104,23 @@ public sealed class IdentityHeaderPolicyMiddleware
        }
    }

-    private IdentityContext ExtractIdentity(HttpContext context)
+    private IdentityContext ExtractIdentity(HttpContext context, string? clientTenant = null)
    {
        var principal = context.User;
        var isAuthenticated = principal.Identity?.IsAuthenticated == true;

        if (!isAuthenticated)
        {
+            // In AllowAnonymous mode the Gateway cannot validate identity claims.
+            // Pass through the client-provided tenant so the upstream service
+            // can validate it against the JWT's own tenant claim.
+            var passThruTenant = !string.IsNullOrWhiteSpace(clientTenant) ? clientTenant.Trim() : null;
+
            return new IdentityContext
            {
                IsAnonymous = true,
                Actor = "anonymous",
+                Tenant = passThruTenant,
                Scopes = _options.AnonymousScopes ?? []
            };
        }
@@ -115,9 +128,12 @@ public sealed class IdentityHeaderPolicyMiddleware
        // Extract subject (actor)
        var actor = principal.FindFirstValue(StellaOpsClaimTypes.Subject);

-        // Extract tenant - try canonical claim first, then legacy 'tid'
+        // Extract tenant - try canonical claim first, then legacy 'tid',
+        // then client-provided header, then fall back to "default"
        var tenant = principal.FindFirstValue(StellaOpsClaimTypes.Tenant)
-                  ?? principal.FindFirstValue("tid");
+                  ?? principal.FindFirstValue("tid")
+                  ?? (!string.IsNullOrWhiteSpace(clientTenant) ? clientTenant.Trim() : null)
+                  ?? "default";

        // Extract project (optional)
        var project = principal.FindFirstValue(StellaOpsClaimTypes.Project);
--- a/src/Router/StellaOps.Gateway.WebService/Middleware/RouteDispatchMiddleware.cs
+++ b/src/Router/StellaOps.Gateway.WebService/Middleware/RouteDispatchMiddleware.cs
@@ -20,6 +20,10 @@ public sealed class RouteDispatchMiddleware
        "TE", "Trailers", "Transfer-Encoding", "Upgrade"
    };

+    // ReverseProxy paths that are legitimate browser navigation targets (e.g. OIDC flows)
+    // and must NOT be redirected to the SPA fallback.
+    private static readonly string[] BrowserProxyPaths = ["/connect", "/.well-known"];
+
    public RouteDispatchMiddleware(
        RequestDelegate next,
        StellaOpsRouteResolver resolver,
@@ -48,6 +52,22 @@ public sealed class RouteDispatchMiddleware
            return;
        }

+        // SPA fallback: when a ReverseProxy route is matched but the request is a
+        // browser navigation (Accept: text/html, no file extension), serve the SPA
+        // index.html instead of proxying to the backend. This prevents collisions
+        // between Angular SPA routes and backend service proxy prefixes.
+        // Excludes known backend browser-navigation paths (e.g. OIDC /connect).
+        if (route.Type == StellaOpsRouteType.ReverseProxy && IsBrowserNavigation(context.Request))
+        {
+            var spaRoute = _resolver.FindSpaFallbackRoute();
+            if (spaRoute is not null)
+            {
+                _logger.LogDebug("SPA fallback: serving index.html for browser navigation to {Path}", context.Request.Path);
+                await HandleStaticFiles(context, spaRoute);
+                return;
+            }
+        }
+
        switch (route.Type)
        {
            case StellaOpsRouteType.StaticFiles:
@@ -221,7 +241,8 @@ public sealed class RouteDispatchMiddleware
        {
            context.Response.StatusCode = (int)upstreamResponse.StatusCode;

-            // Copy response headers
+            // Copy response headers (excluding hop-by-hop and content-length which
+            // we'll set ourselves after reading the body to ensure accuracy)
            foreach (var header in upstreamResponse.Headers)
            {
                if (!HopByHopHeaders.Contains(header.Key))
@@ -232,12 +253,22 @@ public sealed class RouteDispatchMiddleware

            foreach (var header in upstreamResponse.Content.Headers)
            {
-                context.Response.Headers[header.Key] = header.Value.ToArray();
+                if (!string.Equals(header.Key, "Content-Length", StringComparison.OrdinalIgnoreCase))
+                {
+                    context.Response.Headers[header.Key] = header.Value.ToArray();
+                }
            }

-            // Stream response body
-            await using var responseStream = await upstreamResponse.Content.ReadAsStreamAsync(context.RequestAborted);
-            await responseStream.CopyToAsync(context.Response.Body, context.RequestAborted);
+            // Read the full response body so we can set an accurate Content-Length.
+            // This is necessary because the upstream may use chunked transfer encoding
+            // (which we strip as a hop-by-hop header), and without Content-Length or
+            // Transfer-Encoding the downstream client cannot determine body length.
+            var body = await upstreamResponse.Content.ReadAsByteArrayAsync(context.RequestAborted);
+            if (body.Length > 0)
+            {
+                context.Response.ContentLength = body.Length;
+                await context.Response.Body.WriteAsync(body, context.RequestAborted);
+            }
        }
    }

@@ -343,4 +374,28 @@ public sealed class RouteDispatchMiddleware
        await using var stream = fileInfo.CreateReadStream();
        await stream.CopyToAsync(context.Response.Body, context.RequestAborted);
    }
+
+    /// <summary>
+    /// Determines if the request is a browser page navigation (as opposed to an XHR/fetch API call).
+    /// Browser navigations send Accept: text/html and target paths without file extensions.
+    /// Known backend browser-navigation paths (OIDC endpoints) are excluded.
+    /// </summary>
+    private static bool IsBrowserNavigation(HttpRequest request)
+    {
+        var path = request.Path.Value ?? string.Empty;
+
+        // Paths with file extensions are static asset requests, not SPA navigation
+        if (System.IO.Path.HasExtension(path))
+            return false;
+
+        // Exclude known backend paths that legitimately receive browser navigations
+        foreach (var excluded in BrowserProxyPaths)
+        {
+            if (path.StartsWith(excluded, StringComparison.OrdinalIgnoreCase))
+                return false;
+        }
+
+        var accept = request.Headers.Accept.ToString();
+        return accept.Contains("text/html", StringComparison.OrdinalIgnoreCase);
+    }
 }