1960e28298
Translation middleware now extracts viewer_id/steam_id/steam_session_ticket from the decrypted msgpack dict into HttpContext.Items before the typed DTO deserialize. The Steam handler reads from there instead of re-parsing Request.Body — so authed action DTOs no longer need to inherit BaseRequest to keep the auth fields alive through the msgpack→DTO→JSON pivot. Retires the recurring footgun documented in docs/superpowers/specs/2026-06-02-baseRequest-auth-footgun-improvement.md (2026-05-25 basic-puzzle, 2026-05-28 deck-code, 2026-06-02 Phase 3 Bot, 2026-06-10 profile/index + item_acquire_history/info + user_mypage/update). Pinned by AuthDecouplingTests — posts an encrypted msgpack body to /profile/index (DTO does not inherit BaseRequest) through the real translation middleware + auth handler and asserts 200. Adds an EncryptedMsgpackHelper + useRealAuthHandler factory flag, reusable for future wire-shape tests. ProfileIndexRequest, ItemAcquireHistoryInfoRequest, and UserMyPageUpdateRequest revert to the naked shape — the per-DTO workarounds become vestigial under the new architecture. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
17 lines
701 B
C#
17 lines
701 B
C#
using MessagePack;
|
|
|
|
namespace SVSim.EmulatedEntrypoint.Models.Dtos.Profile;
|
|
|
|
/// <summary>
|
|
/// Empty request body — the endpoint takes no parameters and deliberately does NOT inherit
|
|
/// BaseRequest. The translation middleware pulls the auth tuple
|
|
/// (viewer_id / steam_id / steam_session_ticket) straight out of the decrypted msgpack dict
|
|
/// into <c>HttpContext.Items[AuthFields.ContextKey]</c> before deserializing into this DTO,
|
|
/// so the Steam handler reads them from there rather than re-parsing the rewritten body.
|
|
/// See <c>AuthDecouplingTests</c> for the integration test that pins this contract down.
|
|
/// </summary>
|
|
[MessagePackObject(true)]
|
|
public sealed class ProfileIndexRequest
|
|
{
|
|
}
|