Fix and cleanup for Events.WebApi

Events-WebApi/Events.FilesAPI/Events.FilesAPI.csproj

@@ -14,11 +14,13 @@
     <PackageReference Include="LargeXlsx" Version="2.0.1" />
     <PackageReference Include="MassTransit.RabbitMQ" Version="8.5.9" />
     <PackageReference Include="MediatR" Version="14.1.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.7" />
     <PackageReference Include="PdfSharpCore" Version="1.3.67" />
     <PackageReference Include="SixLabors.ImageSharp" Version="3.1.12" />
   </ItemGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\Events.Auth\Events.Auth.csproj" />
     <ProjectReference Include="..\Events.WebAPI.Contract\Events.WebAPI.Contract.csproj" />
     <ProjectReference Include="..\Events.WebAPI.Handlers.EF\Events.WebAPI.Handlers.EF.csproj" />
   </ItemGroup>

Events-WebApi/Events.FilesAPI/Features/Certificates/DownloadCertificateController.cs

@@ -1,10 +1,13 @@
 using Microsoft.AspNetCore.Mvc;
+using Events.Auth;
 using Events.FilesAPI.Features.Certificates.Download;
 using MediatR;
+using Microsoft.AspNetCore.Authorization;
 
 namespace Events.FilesAPI.Features.Certificates;
 
 [ApiController]
+[Authorize(Policy = nameof(Policies.ReadData))]
 [Route("Registrations")]
 public class DownloadCertificateController : ControllerBase
 {

Events-WebApi/Events.FilesAPI/Features/RegistrationsExcel/DownloadRegistrationsExcelController.cs

@@ -1,10 +1,13 @@
 using Microsoft.AspNetCore.Mvc;
+using Events.Auth;
 using Events.FilesAPI.Features.RegistrationsExcel.Download;
 using MediatR;
+using Microsoft.AspNetCore.Authorization;
 
 namespace Events.FilesAPI.Features.RegistrationsExcel;
 
 [ApiController]
+[Authorize(Policy = nameof(Policies.ReadData))]
 [Route("Events")]
 public class DownloadRegistrationsExcelController : ControllerBase
 {

Events-WebApi/Events.FilesAPI/Program.cs

@@ -1,9 +1,7 @@
-using Events.FilesAPI.Features.Certificates;
-using Events.FilesAPI.Features.RegistrationsExcel;
+using Events.Auth;
 using Events.FilesAPI.Infrastructure.Messaging;
 using Events.FilesAPI.Infrastructure.Options;
 using Events.WebAPI.Handlers.EF.Data.Postgres;
-using MediatR;
 using Microsoft.EntityFrameworkCore;
 
 var builder = WebApplication.CreateBuilder(args);
@@ -11,7 +9,7 @@ var builder = WebApplication.CreateBuilder(args);
 builder.Services.AddControllers();
 
 builder.Services.AddDbContext<EventsContext>(options =>
-       options.UseNpgsql(builder.Configuration.GetConnectionString("EventDB")));
+       options.UseNpgsql(builder.Configuration.GetConnectionString("EventsPostgres")));
 
 builder.Services.AddOptions<GeneratedFilesOptions>()
   .Bind(builder.Configuration.GetSection("Paths"))
@@ -24,9 +22,26 @@ builder.Services.AddOptions<GeneratedFilesOptions>()
 builder.Services.AddMediatR(cfg => cfg.RegisterServicesFromAssembly(typeof(Program).Assembly));
 
 builder.Services.SetupMassTransit(builder.Configuration);
+builder.Services.SetupAuthenticationAndAuthorization(
+  builder.Configuration["Auth:Authority"] ?? throw new InvalidOperationException("Missing configuration value Auth:Authority."),
+  builder.Configuration["Auth:Audience"] ?? throw new InvalidOperationException("Missing configuration value Auth:Audience."));
 
 var app = builder.Build();
 
+app.UseRouting();
+
+app.UseCors(builder =>
+{
+  builder
+   .AllowAnyOrigin()
+   .AllowAnyMethod()
+   .AllowAnyHeader()
+   .WithExposedHeaders("Token-Expired", "Content-Disposition");
+});
+
+app.UseAuthentication();
+app.UseAuthorization();
+
 app.MapControllers();
 
 app.Run();

Events-WebApi/Events.FilesAPI/appsettings.json

@@ -15,6 +15,10 @@
     "OutputPath": "./Certificates"
   },
   "ConnectionStrings": {
-    "EventDB": "Host=localhost;Port=5432;Database=events;Username=sport;Password=go and look in the secrets file;Persist Security Info=True;"
+    "EventsPostgres": "Host=localhost;Port=5432;Database=events;Username=sport;Password=go and look in the secrets file;Persist Security Info=True;"
+  },
+  "Auth": {
+    "Authority": "https://fer-web2.eu.auth0.com/",
+    "Audience": "https://erasmus-sta-2026/events-api"
   }
 }