feat: implement authentication system for API Gateway and FileService

- Add JWT Bearer token validation to API Gateway with restricted CORS - Add cookie-based JWT validation to FileService for browser image requests - Create shared authentication infrastructure in FictionArchive.Service.Shared - Update frontend to set fa_session cookie after OIDC login - Add [Authorize] attributes to GraphQL mutations with role-based restrictions - Configure OIDC settings for both services in docker-compose Implements FA-17: Authentication for microservices architecture
2025-11-27 14:05:54 +00:00
parent 4412a1f658
commit 78612ea29d
14 changed files with 201 additions and 9 deletions
--- a/FictionArchive.API/Program.cs
+++ b/FictionArchive.API/Program.cs
@@ -21,20 +21,28 @@ public class Program
        
        #endregion
        
+        // Add authentication
+        builder.Services.AddOidcAuthentication(builder.Configuration);
+        builder.Services.AddFictionArchiveAuthorization();
+        
        builder.Services.AddCors(options =>
        {
-            options.AddPolicy("AllowAllOrigins",
-                builder =>
+            options.AddPolicy("AllowFictionArchiveOrigins",
+                policyBuilder =>
                {
-                    builder.AllowAnyOrigin()
+                    policyBuilder.WithOrigins("https://fictionarchive.orfl.xyz", "http://localhost:5173")
                        .AllowAnyMethod()
-                        .AllowAnyHeader();
+                        .AllowAnyHeader()
+                        .AllowCredentials();
                });
        });

        var app = builder.Build();

-        app.UseCors("AllowAllOrigins");
+        app.UseCors("AllowFictionArchiveOrigins");
+        
+        app.UseAuthentication();
+        app.UseAuthorization();
        
        app.MapHealthChecks("/healthz");