From 8de463cd17eb734ab0c2c75d1484af959199c725 Mon Sep 17 00:00:00 2001 From: Grae Jones Date: Sun, 22 Mar 2026 07:50:04 -0700 Subject: [PATCH] Revised Gateway --- Gateway/Program.cs | 25 +++++++++++++++++++ .../Security/MultiProviderAuthMiddleware.cs | 4 +-- Gateway/Services/ImageStorageService.cs | 2 +- Gateway/appsettings.json | 25 +++++++------------ Gateway/appsettings.multiprovider.json | 5 +--- 5 files changed, 38 insertions(+), 23 deletions(-) diff --git a/Gateway/Program.cs b/Gateway/Program.cs index c456390..c524284 100644 --- a/Gateway/Program.cs +++ b/Gateway/Program.cs @@ -13,6 +13,28 @@ var builder = WebApplication.CreateBuilder(args); var port = Environment.GetEnvironmentVariable("PORT") ?? "8080"; builder.WebHost.UseUrls($"http://0.0.0.0:{port}"); + +// -------------------- +// CORS — allowed origins from env var, comma-separated +// -------------------- +var allowedOrigins = (builder.Configuration["CORS__AllowedOrigins"] ?? "") + .Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries); + +builder.Services.AddCors(options => +{ + options.AddDefaultPolicy(policy => + { + if (allowedOrigins.Length > 0) + policy.WithOrigins(allowedOrigins) + .AllowAnyHeader() + .AllowAnyMethod(); + else + policy.AllowAnyOrigin() + .AllowAnyHeader() + .AllowAnyMethod(); + }); +}); + // -------------------- // Services // -------------------- @@ -174,6 +196,9 @@ app.MapGet("/", () => Results.Ok(new status = "Application Gateway running" })); +// CORS — must be before auth middleware +app.UseCors(); + // Access logging middleware (captures all requests) // Placed BEFORE auth so we log even failed auth attempts app.UseAccessLogging(); diff --git a/Gateway/Security/MultiProviderAuthMiddleware.cs b/Gateway/Security/MultiProviderAuthMiddleware.cs index 2d27cad..1b861de 100644 --- a/Gateway/Security/MultiProviderAuthMiddleware.cs +++ b/Gateway/Security/MultiProviderAuthMiddleware.cs @@ -250,8 +250,8 @@ public sealed class MultiProviderAuthMiddleware { // Standard Entra ID — could be CIAM tenant or Staff tenant (Tech, Admin) // Detect by comparing issuer against configured Staff tenant ID - var staffTenantId = _config["Auth:Microsoft:StaffTenantId"]; - var staffClientId = _config["Auth:Microsoft:StaffClientId"]; + var staffTenantId = _config["Auth:Staff:TenantId"]; + var staffClientId = _config["Auth:Staff:ClientId"]; var isStaff = !string.IsNullOrWhiteSpace(staffTenantId) && jwt.Issuer.Contains(staffTenantId, StringComparison.OrdinalIgnoreCase); diff --git a/Gateway/Services/ImageStorageService.cs b/Gateway/Services/ImageStorageService.cs index 95e1588..5b672d6 100644 --- a/Gateway/Services/ImageStorageService.cs +++ b/Gateway/Services/ImageStorageService.cs @@ -36,7 +36,7 @@ public class ImageStorageService _logger = logger; _blobClient = blobClient; _containerName = config["BlobStorage:ContainerName"] ?? "creative-images"; - _blobBaseUrl = config["BlobStorage:BaseUrl"] ?? "https://usimadpcreatives.blob.core.windows.net"; + _blobBaseUrl = config["BlobStorage:BaseUrl"] ?? string.Empty; _isConfigured = blobClient != null; if (!_isConfigured) diff --git a/Gateway/appsettings.json b/Gateway/appsettings.json index 75c3327..77684b9 100644 --- a/Gateway/appsettings.json +++ b/Gateway/appsettings.json @@ -6,41 +6,34 @@ } }, "AllowedHosts": "*", - "Auth": { "AllowDevBypass": false, - "Microsoft": { - "TenantId": "891f98f1-ed34-42a1-9b6c-28b0554d92c2", - "ClientId": "154c9111-14a0-4c0f-8132-7bc68254a74e", - "StaffTenantId": "0be4c23a-6941-4bdb-b397-a4faf88de4b3", - "StaffClientId": "b0f29246-91e7-4615-96db-5de9b6f8da2e" + "TenantId": "891f98f1-ed34-42a1-9b6c-28b0554d92c2", + "ClientId": "154c9111-14a0-4c0f-8132-7bc68254a74e" }, - "EntraId": { - "Instance": "https://login.microsoftonline.com/", + "Instance": "https://PositiveSpendClients.ciamlogin.com/", "TenantId": "891f98f1-ed34-42a1-9b6c-28b0554d92c2", "ClientId": "154c9111-14a0-4c0f-8132-7bc68254a74e" } }, - "BlobStorage": { "ConnectionString": "", "ContainerName": "creative-images", - "BaseUrl": "https://usimadpcreatives.blob.core.windows.net" + "BaseUrl": "" }, - "MultiChannel": { "Allocation": { - "MinMultiChannelMonthlyBudget": 500.00, + "MinMultiChannelMonthlyBudget": 500.0, "MaxChannelsPerInitiative": 5, "DefaultAllocationStrategy": "template", "PerformanceEvalIntervalDays": 7, "PerformanceLookbackDays": 14, "PerformanceLearningPeriodDays": 14, - "MaxAllocationShiftPct": 15.00, - "MinChannelAllocationPct": 10.00, - "MaxChannelAllocationPct": 80.00 + "MaxAllocationShiftPct": 15.0, + "MinChannelAllocationPct": 10.0, + "MaxChannelAllocationPct": 80.0 } } -} +} \ No newline at end of file diff --git a/Gateway/appsettings.multiprovider.json b/Gateway/appsettings.multiprovider.json index b4c3c48..63a9795 100644 --- a/Gateway/appsettings.multiprovider.json +++ b/Gateway/appsettings.multiprovider.json @@ -6,17 +6,14 @@ } }, "AllowedHosts": "*", - "Auth": { "AllowDevBypass": false, - "Microsoft": { "TenantId": "891f98f1-ed34-42a1-9b6c-28b0554d92c2", "ClientId": "154c9111-14a0-4c0f-8132-7bc68254a74e" }, - "Google": { "ClientId": "" } } -} +} \ No newline at end of file