fix(rank-battle): inherit BaseRequest so auth fields survive translation roundtrip

The translation middleware decrypts + msgpack-decodes the request body
into the action's first-parameter type, then re-serializes that DTO to
JSON for the auth handler to read. Phase 3's DoMatchingRequestDto and
RankBattleFinishRequestDto didn't inherit BaseRequest, so viewer_id /
steam_id / steam_session_ticket were dropped during the msgpack → DTO
→ JSON pivot — the auth handler then saw a body with no auth fields
and 401'd every request.

Fixed by making both DTOs extend BaseRequest, mirroring the Phase 2 TK2
DoMatchingRequest pattern.

Also added [FromBody] BaseRequest parameters to the previously body-less
actions (AiStart × 2, ForceFinish, AddClientLog, GetLatestMasterPoint).
The translation middleware explicitly requires at least one parameter
to bind the decrypted msgpack body (see L130-136 of the middleware);
without it the request would throw InvalidOperationException at runtime.

Tests updated to post viewer_id / steam_id / steam_session_ticket
placeholder values in the request body, matching the existing TK2 test
pattern.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

SVSim.EmulatedEntrypoint/Controllers/RankBattleController.cs

@@ -5,6 +5,7 @@ using SVSim.Database.Enums;
 using SVSim.EmulatedEntrypoint.Constants;
 using SVSim.EmulatedEntrypoint.Matching;
 using SVSim.EmulatedEntrypoint.Models.Dtos.RankBattle;
+using SVSim.EmulatedEntrypoint.Models.Dtos.Requests;
 using SVSim.EmulatedEntrypoint.Security.SteamSessionAuthentication;
 using SVSim.EmulatedEntrypoint.Services;
 
@@ -56,12 +57,15 @@ public sealed class RankBattleController : ControllerBase
     public Task<IActionResult> DoMatchingUnlimited([FromBody] DoMatchingRequestDto req, CancellationToken ct)
         => DoMatchingInternal("unlimited_rank_battle", Format.Unlimited, req, ct);
 
+    // AIBattleStartTask has no SetParameter override, so the body is just the inherited
+    // PostParams (viewer_id / steam_id / steam_session_ticket) — but the translation
+    // middleware requires at least one parameter to bind the decrypted body. Use BaseRequest.
     [HttpPost("/ai_rotation_rank_battle/start")]
-    public Task<IActionResult> AiStartRotation(CancellationToken ct)
+    public Task<IActionResult> AiStartRotation([FromBody] BaseRequest _, CancellationToken ct)
         => AiStartInternal(Format.Rotation, ct);
 
     [HttpPost("/ai_unlimited_rank_battle/start")]
-    public Task<IActionResult> AiStartUnlimited(CancellationToken ct)
+    public Task<IActionResult> AiStartUnlimited([FromBody] BaseRequest _, CancellationToken ct)
         => AiStartInternal(Format.Unlimited, ct);
 
     /// <summary>
@@ -84,26 +88,28 @@ public sealed class RankBattleController : ControllerBase
         });
     }
 
+    // BaseRequest parameter on every body-less action so the translation middleware can
+    // bind the decrypted msgpack body (it explicitly requires at least one parameter).
     [HttpPost("/rank_battle/force_finish")]
-    public IActionResult ForceFinish()
+    public IActionResult ForceFinish([FromBody] BaseRequest _)
     {
-        if (!TryGetViewerId(out var _)) return Unauthorized();
+        if (!TryGetViewerId(out var _u)) return Unauthorized();
         return Ok(new { });
     }
 
     [HttpPost("/rank_battle/add_client_log")]
     [HttpPost("/rank_battle/add_all_client_log")]
     [HttpPost("/rank_battle/add_last_turn_log")]
-    public IActionResult AddClientLog()
+    public IActionResult AddClientLog([FromBody] BaseRequest _)
     {
-        if (!TryGetViewerId(out var _)) return Unauthorized();
+        if (!TryGetViewerId(out var _u)) return Unauthorized();
         return Ok(new { });
     }
 
     [HttpPost("/rank_battle/get_latest_master_point")]
-    public IActionResult GetLatestMasterPoint()
+    public IActionResult GetLatestMasterPoint([FromBody] BaseRequest _)
     {
-        if (!TryGetViewerId(out var _)) return Unauthorized();
+        if (!TryGetViewerId(out var _u)) return Unauthorized();
         return Ok(new { });
     }