Refactor authentication and update dependencies

Replaced `FirebaseAuthenticationMiddleware` with the new `JwtOrApiKeyAuthenticationMiddleware` to support dual authentication modes (API key and JWT). Added `AuthenticateController` for authentication validation and user info retrieval. Updated `Program.cs` to use the new middleware and added authentication configuration in `appsettings.json`.

Updated package versions:
- `Roslynator.Analyzers` to 4.14.1
- `Polly` to 8.6.4
- `OpenTelemetry` packages to 1.13.0
- `Yarp.ReverseProxy` to 2.3.0

Enhanced XML documentation in `FirebaseAuthorizedController`. Introduced response models for authentication. Performed general refactoring and cleanup to improve code structure.

Author: GioemaNocco

Directory.Build.props

@@ -27,7 +27,7 @@
 
     <ItemGroup>
 
-        <PackageReference Include="Roslynator.Analyzers" Version="4.14.0">
+        <PackageReference Include="Roslynator.Analyzers" Version="4.14.1">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>

src/Genocs.Auth/FirebaseAuthenticationMiddleware.cs renamed to src/Genocs.Auth/JwtOrApiKeyAuthenticationMiddleware.cs

@@ -10,12 +10,20 @@ namespace Genocs.Auth;
 /// Middleware for handling JWT authentication and API key authentication.
 /// </summary>
 /// <remarks>
+/// <para>
 /// This middleware supports dual authentication modes:
+/// </para>
+/// <para>
 /// 1. API Key authentication via x-gnx-apikey header for system-to-system communication
+/// </para>
+/// <para>
 /// 2. JWT Bearer token authentication for user authentication
+/// </para>
+/// <para>
 /// When API key is provided, it bypasses JWT validation and sets up API key-based claims.
+/// </para>
 /// </remarks>
-public class JWTOrApiKeyAuthenticationMiddleware(RequestDelegate next, IConfiguration configuration)
+public class JwtOrApiKeyAuthenticationMiddleware(RequestDelegate next, IConfiguration configuration)
 {
     private readonly RequestDelegate _next = next;
     private readonly IConfiguration _configuration = configuration;

src/Genocs.HTTP/Genocs.HTTP.csproj

@@ -31,7 +31,7 @@
 
     <ItemGroup>
         <PackageReference Include="Microsoft.Extensions.Http" Version="9.0.8" />
-        <PackageReference Include="Polly" Version="8.6.2" />
+        <PackageReference Include="Polly" Version="8.6.4" />
     </ItemGroup>
 
 </Project>

src/Genocs.MessageBrokers.RabbitMQ/Genocs.MessageBrokers.RabbitMQ.csproj

@@ -30,7 +30,7 @@
 
     <ItemGroup>
         <PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
-        <PackageReference Include="Polly" Version="8.6.3" />
+        <PackageReference Include="Polly" Version="8.6.4" />
         <PackageReference Include="RabbitMQ.Client" Version="7.1.2" />
     </ItemGroup>
 

src/Genocs.OpenTelemetry/Genocs.OpenTelemetry.csproj

@@ -30,9 +30,9 @@
 
     <ItemGroup>
         <PackageReference Include="Azure.Monitor.OpenTelemetry.Exporter" Version="1.4.0" />
-        <PackageReference Include="OpenTelemetry.Exporter.Console" Version="1.12.0" />
-        <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.12.0" />
-        <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.12.0" />
+        <PackageReference Include="OpenTelemetry.Exporter.Console" Version="1.13.0" />
+        <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.13.0" />
+        <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.13.0" />
         <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.12.0" />
         <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.12.0" />
         <PackageReference Include="OpenTelemetry.Instrumentation.Runtime" Version="1.12.0" />

src/Genocs.Tracing/Genocs.Tracing.csproj

@@ -28,9 +28,9 @@
 
     <ItemGroup>
         <PackageReference Include="Azure.Monitor.OpenTelemetry.Exporter" Version="1.4.0" />
-        <PackageReference Include="OpenTelemetry.Exporter.Console" Version="1.12.0" />
-        <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.12.0" />
-        <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.12.0" />
+        <PackageReference Include="OpenTelemetry.Exporter.Console" Version="1.13.0" />
+        <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.13.0" />
+        <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.13.0" />
         <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.12.0" />
         <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.12.0" />
         <PackageReference Include="OpenTelemetry.Instrumentation.Runtime" Version="1.12.0" />

src/apps/apigateway/APIGateway.WebApi/APIGateway.WebApi.csproj

@@ -34,7 +34,7 @@
     </ItemGroup>
 
     <ItemGroup>
-        <PackageReference Include="Yarp.ReverseProxy" Version="2.2.0" />
+        <PackageReference Include="Yarp.ReverseProxy" Version="2.3.0" />
     </ItemGroup>
 
     <ItemGroup>

src/demo/Genocs.Core.Demo.WebApi/Controllers/AuthenticateController.Response.cs

@@ -0,0 +1,82 @@
+namespace Genocs.Core.Demo.WebApi.Controllers;
+
+/// <summary>
+/// Response model for authentication validation.
+/// </summary>
+/// <remarks>
+/// Contains authentication status information and user details.
+/// Includes authentication type to distinguish between API key and JWT authentication.
+/// Provides comprehensive claim information for debugging and integration testing.
+/// </remarks>
+public class AuthenticationResponse
+{
+    /// <summary>
+    /// Indicates whether the user is authenticated.
+    /// </summary>
+    public bool IsAuthenticated { get; set; }
+
+    /// <summary>
+    /// The type of authentication used (apikey, firebase, etc.).
+    /// </summary>
+    public string? AuthenticationType { get; set; }
+
+    /// <summary>
+    /// The authenticated user's unique identifier.
+    /// </summary>
+    public string? UserId { get; set; }
+
+    /// <summary>
+    /// The authenticated user's display name.
+    /// </summary>
+    public string? UserName { get; set; }
+
+    /// <summary>
+    /// List of all claims associated with the authenticated user.
+    /// </summary>
+    public List<ClaimInfo> Claims { get; set; } = [];
+}
+
+/// <summary>
+/// Response model for user information.
+/// </summary>
+/// <remarks>
+/// Contains basic user information extracted from JWT token.
+/// Used for standard authenticated user operations.
+/// </remarks>
+public class UserInfoResponse
+{
+    /// <summary>
+    /// The user's unique identifier.
+    /// </summary>
+    public string? UserId { get; set; }
+
+    /// <summary>
+    /// The user's display name.
+    /// </summary>
+    public string? UserName { get; set; }
+
+    /// <summary>
+    /// The authentication method used.
+    /// </summary>
+    public string? AuthenticationType { get; set; }
+}
+
+/// <summary>
+/// Represents a security claim with type and value.
+/// </summary>
+/// <remarks>
+/// Used for debugging and integration testing to examine all available claims.
+/// Provides insight into the authentication context and available user information.
+/// </remarks>
+public class ClaimInfo
+{
+    /// <summary>
+    /// The claim type identifier.
+    /// </summary>
+    public string Type { get; set; } = default!;
+
+    /// <summary>
+    /// The claim value.
+    /// </summary>
+    public string Value { get; set; } = default!;
+}

src/demo/Genocs.Core.Demo.WebApi/Controllers/AuthenticateController.cs

@@ -0,0 +1,112 @@
+using Genocs.Auth.Attributes;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using System.Security.Claims;
+
+namespace Genocs.Core.Demo.WebApi.Controllers;
+
+/// <summary>
+/// Authentication controller for API key and token validation.
+/// </summary>
+/// <remarks>
+/// Provides endpoints for authentication validation and user information retrieval.
+/// Supports both API key authentication via x-gnx-apikey header and JWT Bearer token authentication.
+/// Used for authentication testing, token validation, and system integration verification.
+/// The authenticate endpoint is accessible with API key authentication without additional restrictions.
+/// </remarks>
+[Produces("application/json")]
+[Route("[controller]")]
+public class AuthenticateController : ControllerBase
+{
+    /// <summary>
+    /// Validate authentication and return user information.
+    /// </summary>
+    /// <remarks>
+    /// <para>
+    /// Authenticate endpoint with no auth restriction when API key is provided.
+    /// This endpoint validates the current authentication state and returns user information.
+    /// Supports both API key authentication (via x-gnx-apikey header) and JWT Bearer token authentication.
+    /// When API key is provided, bypasses standard JWT validation requirements.
+    /// Returns different user information based on the authentication method used.
+    /// Essential for system integration testing and authentication verification workflows.
+    /// </para>
+    /// <para>
+    /// Authentication Methods:
+    /// 1. API Key: Include 'x-gnx-apikey' header with valid API key
+    /// 2. JWT Token: Include 'Authorization: Bearer {token}' header
+    /// </para>
+    /// </remarks>
+    /// <response code="200">Authentication successful with user information.</response>
+    /// <response code="401">Authentication failed or missing credentials.</response>
+    /// <returns>Authentication status and user information based on the authentication method.</returns>
+    [ApiKeyOrJwtAuthorize]
+    [HttpGet]
+    [ProducesResponseType(typeof(AuthenticationResponse), StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+    public IActionResult Authenticate()
+    {
+        var user = HttpContext.User;
+
+        if (user.Identity?.IsAuthenticated != true)
+        {
+            return Unauthorized("Authentication required");
+        }
+
+        string authType = user.FindFirst("auth_type")?.Value ?? "unknown";
+        string? userId = user.FindFirst(ClaimTypes.NameIdentifier)?.Value;
+        string? userName = user.FindFirst(ClaimTypes.Name)?.Value;
+
+        var response = new AuthenticationResponse
+        {
+            IsAuthenticated = true,
+            AuthenticationType = authType,
+            UserId = userId,
+            UserName = userName,
+            Claims = [.. user.Claims.Select(c => new ClaimInfo
+            {
+                Type = c.Type,
+                Value = c.Value
+            })]
+        };
+
+        return Ok(response);
+    }
+
+    /// <summary>
+    /// Get current user information (requires standard JWT authentication).
+    /// </summary>
+    /// <remarks>
+    /// Get user information with standard JWT authentication requirement.
+    /// This endpoint requires valid JWT Bearer token authentication and does not accept API key authentication.
+    /// Returns detailed user information from the JWT token claims.
+    /// Used for user profile access and authenticated user operations.
+    /// Demonstrates standard authorization requirements compared to the flexible authenticate endpoint.
+    /// </remarks>
+    /// <response code="200">User information retrieved successfully.</response>
+    /// <response code="401">JWT authentication required.</response>
+    /// <returns>Current user information from JWT token.</returns>
+    [Authorize]
+    [HttpGet("me")]
+    [ProducesResponseType(typeof(UserInfoResponse), StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+    public IActionResult GetUserInfo()
+    {
+        var user = HttpContext.User;
+        string? authType = user.Identity.AuthenticationType;
+
+        // Only allow JWT authentication for this endpoint
+        if (authType != "AuthenticationTypes.Federation")
+        {
+            return Unauthorized("JWT Bearer token authentication required");
+        }
+
+        var response = new UserInfoResponse
+        {
+            UserId = user.FindFirst(ClaimTypes.NameIdentifier)?.Value,
+            UserName = user.FindFirst(ClaimTypes.Name)?.Value,
+            AuthenticationType = authType
+        };
+
+        return Ok(response);
+    }
+}

src/demo/Genocs.Core.Demo.WebApi/Controllers/AuthorizedController.cs

@@ -26,16 +26,17 @@ public class FirebaseAuthorizedController(ILogger<FirebaseAuthorizedController>
     /// Retrieves authorization information for the authenticated user.
     /// </summary>
     /// <remarks>
+    /// <para>
     /// This endpoint demonstrates Firebase authorization by returning the authorization header
     /// from the authenticated request. It serves as a simple test to verify that Firebase
     /// authentication is working correctly.
-    /// 
-    /// **Important:** This endpoint requires the user to have the 'Editor' role.
-    /// 
-    /// Sample request:
-    /// 
+    /// </para>
+    /// <para>**Important:** This endpoint requires the user to have the 'Editor' role.</para>
+    /// <para>Sample request:</para>
+    /// <para>
     ///     GET /FirebaseAuthorized
     ///     Authorization: Bearer your-firebase-jwt-token-here
+    /// </para>
     /// 
     /// </remarks>
     /// <returns>A string containing the authorization header value from the request.</returns>
@@ -58,21 +59,24 @@ public async Task<IActionResult> GetAuthorizedAsync()
     /// Retrieves detailed user information and roles for debugging purposes.
     /// </summary>
     /// <remarks>
+    /// <para>
     /// This endpoint returns detailed information about the authenticated user including
     /// all claims and roles assigned by the Firebase middleware. Useful for debugging
     /// authentication and authorization issues.
-    /// 
+    /// </para>
+    /// <para>
     /// Returns information such as:
     /// - Authentication status
     /// - User ID and email
     /// - Email verification status
     /// - Assigned roles
     /// - All JWT claims
-    /// 
-    /// Sample request:
-    /// 
+    /// </para>
+    /// <para>Sample request:</para>
+    /// <para>
     ///     GET /FirebaseAuthorized/user-info
     ///     Authorization: Bearer your-firebase-jwt-token-here
+    /// </para>
     /// 
     /// </remarks>
     /// <returns>An object containing user details and assigned roles.</returns>
@@ -107,13 +111,15 @@ public IActionResult GetUserInfo()
     /// Submits a request to join a team.
     /// </summary>
     /// <remarks>
+    /// <para>
     /// This endpoint allows authenticated users to submit a request to join a team.
     /// The request is logged and can be processed by team administrators.
-    /// 
-    /// Sample request:
-    /// 
+    /// </para>
+    /// <para>Sample request:</para>
+    /// <para>
     ///     GET /FirebaseAuthorized/join-request
     ///     Authorization: Bearer your-firebase-jwt-token-here
+    /// </para>
     /// 
     /// </remarks>
     /// <returns>A confirmation message indicating the join request was submitted.</returns>