namespace RR3CommunityServer.Middleware; public class SynergyHeadersMiddleware { private readonly RequestDelegate _next; private readonly ILogger _logger; public SynergyHeadersMiddleware(RequestDelegate next, ILogger logger) { _next = next; _logger = logger; } public async Task InvokeAsync(HttpContext context) { // Log incoming Synergy headers var sessionId = context.Request.Headers["EAM-SESSION"].FirstOrDefault(); var userId = context.Request.Headers["EAM-USER-ID"].FirstOrDefault(); var sellId = context.Request.Headers["EA-SELL-ID"].FirstOrDefault(); var sdkVersion = context.Request.Headers["SDK-VERSION"].FirstOrDefault(); _logger.LogInformation( "Synergy Request: Path={Path}, Session={Session}, User={User}, Sell={Sell}, SDK={SDK}", context.Request.Path, sessionId ?? "none", userId ?? "none", sellId ?? "none", sdkVersion ?? "none" ); // Store in context for controllers context.Items["EAM-SESSION"] = sessionId; context.Items["EAM-USER-ID"] = userId; context.Items["EA-SELL-ID"] = sellId; await _next(context); } } public class SessionValidationMiddleware { private readonly RequestDelegate _next; private readonly ILogger _logger; // Paths that don't require session validation private static readonly HashSet PublicPaths = new() { "/director/api/android/getDirectionByPackage", "/user/api/android/getDeviceID", "/user/api/android/getAnonUid", "/swagger", "/health" }; public SessionValidationMiddleware(RequestDelegate next, ILogger logger) { _next = next; _logger = logger; } public async Task InvokeAsync(HttpContext context) { var path = context.Request.Path.Value ?? ""; // Skip validation for public paths if (PublicPaths.Any(p => path.StartsWith(p, StringComparison.OrdinalIgnoreCase))) { await _next(context); return; } // For now, allow all requests (lenient for community server) // In production, validate session here await _next(context); } }