From 373449ba4870bf1b2a01751a6ef040b4c5a9ebd5 Mon Sep 17 00:00:00 2001
From: dmolinari <dmolinari@eldia.com>
Date: Wed, 18 Jun 2025 13:24:46 -0300
Subject: [PATCH] Vuelta a Key en Secret.

---
 .gitea/workflows/deploy.yml                  |  2 -
 Backend/GestionIntegral.Api/Program.cs       | 58 ++------------------
 Backend/GestionIntegral.Api/appsettings.json |  7 +--
 3 files changed, 9 insertions(+), 58 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 6e93744..e702ee8 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -65,8 +65,6 @@ jobs:
             # Gitea reemplaza los secretos aquí. Es seguro.
             export DB_SA_PASSWORD='${{ secrets.DB_SA_PASSWORD_SECRET }}'
             export JWTSETTINGS__KEY_SECRET= ${{ secrets.JWTSETTINGS__KEY }}
-            export JWTSETTINGS__ISSUER_SECRET= ${{ secrets.JWTSETTINGS__ISSUER }}
-            export JWTSETTINGS__AUDIENCE_SECRET= ${{ secrets.JWTSETTINGS__AUDIENCE }}
             docker compose up -d
 
             # --- PARTE 4: LIMPIEZA (EN EL HOST) ---
diff --git a/Backend/GestionIntegral.Api/Program.cs b/Backend/GestionIntegral.Api/Program.cs
index de7dc45..774e6b7 100644
--- a/Backend/GestionIntegral.Api/Program.cs
+++ b/Backend/GestionIntegral.Api/Program.cs
@@ -93,62 +93,16 @@ builder.Services.AddScoped<IReportesRepository, ReportesRepository>();
 // Servicios de Reportes
 builder.Services.AddScoped<IReportesService, ReportesService>();
 
-
-// --- INICIO DE CAMBIOS: Configuración de Autenticación JWT ---
-
-// 1. Obtener la sección de configuración de JWT.
-//    Esto leerá desde appsettings.json y SOBRESCRIBIRÁ con variables de entorno si existen.
-var jwtSection = builder.Configuration.GetSection("JwtSettings");
-var jwtKey = jwtSection["Key"];
-var jwtIssuer = jwtSection["Issuer"];
-var jwtAudience = jwtSection["Audience"];
-
-// 2. Validar que todas las configuraciones necesarias existan.
-if (string.IsNullOrEmpty(jwtKey) || string.IsNullOrEmpty(jwtIssuer) || string.IsNullOrEmpty(jwtAudience))
-{
-    throw new InvalidOperationException("La configuración de JWT (Key, Issuer, Audience) no está completa. Verifique appsettings.json o las variables de entorno.");
-}
-
-var keyBytes = Encoding.ASCII.GetBytes(jwtKey);
-
-builder.Services.AddAuthentication(options =>
-{
-    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
-    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
-    options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
-})
-.AddJwtBearer(options =>
-{
-    // Es buena práctica usar HTTPS en producción. Si tu proxy inverso maneja SSL, esto puede ser false.
-    options.RequireHttpsMetadata = builder.Environment.IsProduction();
-    options.SaveToken = true;
-    options.TokenValidationParameters = new TokenValidationParameters
-    {
-        ValidateIssuerSigningKey = true,
-        IssuerSigningKey = new SymmetricSecurityKey(keyBytes),
-        
-        ValidateIssuer = true,
-        ValidIssuer = jwtIssuer, // Usar la variable leída de la configuración
-
-        ValidateAudience = true,
-        ValidAudience = jwtAudience, // Usar la variable leída de la configuración
-
-        ValidateLifetime = true,
-        ClockSkew = TimeSpan.Zero
-    };
-});
-
-
 // --- Configuración de Autenticación JWT ---
-
-/*var jwtSettings = builder.Configuration.GetSection("Jwt");
+var jwtSettings = builder.Configuration.GetSection("Jwt");
 
 // Le decimos que busque la clave JWT en la raíz de la configuración (donde están las variables de entorno).
 // Si no la encuentra, como respaldo, busca en la sección "Jwt" del appsettings.
 //var jwtKey = builder.Configuration["JWT_KEY"] ?? jwtSettings["Key"] ?? throw new ArgumentNullException("JWT_KEY or Jwt:Key not configured");
-//var jwtKey = jwtSettings["Key"] ?? throw new ArgumentNullException("Jwt:Key", "JWT Key not configured in appsettings.json");
+var jwtKey = Environment.GetEnvironmentVariable("JWTSETTINGS__KEY") ?? throw new ArgumentNullException("Jwt:Key", "JWT Key not configured in appsettings.json");
+//Environment.GetEnvironmentVariable("JWT_KEY");
 
-//var keyBytes = Encoding.ASCII.GetBytes(jwtKey);
+var keyBytes = Encoding.ASCII.GetBytes(jwtKey);
 
 builder.Services.AddAuthentication(options =>
 {
@@ -171,7 +125,7 @@ builder.Services.AddAuthentication(options =>
         ValidateLifetime = true,
         ClockSkew = TimeSpan.Zero
     };
-});*/
+});
 
 // --- Configuración de Autorización ---
 builder.Services.AddAuthorization();
@@ -268,7 +222,7 @@ if (app.Environment.IsDevelopment())
 
 app.UseCors(MyAllowSpecificOrigins);
 
-app.UseAuthentication(); // SIEMPRE ANTES de UseAuthorization
+app.UseAuthentication(); // Debe ir ANTES de UseAuthorization
 app.UseAuthorization();
 
 app.MapControllers();
diff --git a/Backend/GestionIntegral.Api/appsettings.json b/Backend/GestionIntegral.Api/appsettings.json
index 3a314ee..68c4fbb 100644
--- a/Backend/GestionIntegral.Api/appsettings.json
+++ b/Backend/GestionIntegral.Api/appsettings.json
@@ -5,10 +5,9 @@
       "Microsoft.AspNetCore": "Warning"
     }
   },
-  "JwtSettings": {
-    "Key": "",
-    "Issuer": "",
-    "Audience": "",
+  "Jwt": {
+    "Issuer": "GestionIntegralApi",
+    "Audience": "GestionIntegralClient",
     "DurationInHours": 8
   },
   "AllowedHosts": "*"