stela ops usage fixes roles propagation and timoeut, one account to support multi tenants, migrations consolidation, search to support documentation, doctor and open api vector db search
This commit is contained in:
master
@@ -36,6 +36,25 @@ public sealed class AuthorizationMiddleware
|
||||
return;
|
||||
}
|
||||
|
||||
if (endpoint.AllowAnonymous)
|
||||
{
|
||||
await _next(context);
|
||||
return;
|
||||
}
|
||||
|
||||
var requiresAuthentication = EndpointAuthorizationSemantics.ResolveRequiresAuthentication(endpoint);
|
||||
var isAuthenticated = context.User.Identity?.IsAuthenticated == true;
|
||||
if (requiresAuthentication && !isAuthenticated)
|
||||
{
|
||||
_logger.LogWarning(
|
||||
"Authorization failed for {Method} {Path}: unauthenticated principal",
|
||||
endpoint.Method,
|
||||
endpoint.Path);
|
||||
|
||||
await WriteUnauthorizedAsync(context, endpoint);
|
||||
return;
|
||||
}
|
||||
|
||||
var effectiveClaims = _claimsStore.GetEffectiveClaims(
|
||||
endpoint.ServiceName,
|
||||
endpoint.Method,
|
||||
@@ -71,6 +90,22 @@ public sealed class AuthorizationMiddleware
|
||||
await _next(context);
|
||||
}
|
||||
|
||||
private static Task WriteUnauthorizedAsync(HttpContext context, EndpointDescriptor endpoint)
|
||||
{
|
||||
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
|
||||
context.Response.ContentType = "application/json; charset=utf-8";
|
||||
|
||||
var payload = new AuthorizationFailureResponse(
|
||||
Error: "unauthorized",
|
||||
Message: "Authentication required",
|
||||
RequiredClaimType: string.Empty,
|
||||
RequiredClaimValue: null,
|
||||
Service: endpoint.ServiceName,
|
||||
Version: endpoint.Version);
|
||||
|
||||
return JsonSerializer.SerializeAsync(context.Response.Body, payload, JsonOptions, context.RequestAborted);
|
||||
}
|
||||
|
||||
private static Task WriteForbiddenAsync(
|
||||
HttpContext context,
|
||||
EndpointDescriptor endpoint,
|
||||
|
||||
Reference in New Issue
Block a user