svrnty/dotnet-cqrs
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity

Revert AllowAnonymous endpoint propagation
All checks were successful
Publish NuGets / build (release) Successful in 35s
Details

Browse Source 
Remove the WithAllowAnonymousIfAttributePresent helper method.
Authorization should be handled by IQueryAuthorizationService and
ICommandAuthorizationService implementations, not by ASP.NET Core
middleware.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
David Nguyen 2026-01-21 13:07:03 -05:00
parent 932ee6e632
commit 201768e716
Signed by: david.nguyen
GPG Key ID: D5FB5A5715829326
1 changed files with 4 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Svrnty.CQRS.MinimalApi/EndpointRouteBuilderExtensions.cs
View File

@ -83,8 +83,7 @@ public static class EndpointRouteBuilderExtensions
.Produces(200, queryMeta.QueryResultType)
.Produces(400)
.Produces(401)
.Produces(403)
.WithAllowAnonymousIfAttributePresent(queryMeta.QueryType);
.Produces(403);
}
private static void MapQueryGet(
@ -147,8 +146,7 @@ public static class EndpointRouteBuilderExtensions
.Produces(200, queryMeta.QueryResultType)
.Produces(400)
.Produces(401)
.Produces(403)
.WithAllowAnonymousIfAttributePresent(queryMeta.QueryType);
.Produces(403);
}
public static IEndpointRouteBuilder MapSvrntyCommands(this IEndpointRouteBuilder endpoints, string routePrefix = "api/command")
@ -215,8 +213,7 @@ public static class EndpointRouteBuilderExtensions
.Produces(200)
.Produces(400)
.Produces(401)
.Produces(403)
.WithAllowAnonymousIfAttributePresent(commandMeta.CommandType);
.Produces(403);
}
private static void MapCommandWithResult(
@ -263,17 +260,6 @@ public static class EndpointRouteBuilderExtensions
.Produces(200, commandMeta.CommandResultType)
.Produces(400)
.Produces(401)
.Produces(403)
.WithAllowAnonymousIfAttributePresent(commandMeta.CommandType);
}
private static RouteHandlerBuilder WithAllowAnonymousIfAttributePresent(this RouteHandlerBuilder builder, Type type)
{
var allowAnonymousAttribute = type.GetCustomAttribute<Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute>();
if (allowAnonymousAttribute != null)
{
builder.AllowAnonymous();
}
return builder;
.Produces(403);
}
}