From 414ff44b48baa3818e7c24a380765d96366a9e48 Mon Sep 17 00:00:00 2001
From: "soroush.asadi" <soroush.asadi@aliasaas.com>
Date: Wed, 10 Jun 2026 18:32:18 +0330
Subject: [PATCH] =?UTF-8?q?Fix:=20worker=20host=20crashed=20on=20DI=20vali?=
 =?UTF-8?q?dation=20=E2=80=94=20HTTP=20auth=20stack=20is=20web-only?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

IdentityModule registered AddAuthentication/AddJwtBearer/AddAuthorization in both hosts,
but the authorization policy cache requires endpoint routing (EndpointDataSource), which a
Generic Host worker doesn't have — Development's ValidateOnBuild crashed the worker at boot
(found by running it; tests always used WebApplicationFactory). The auth stack now registers
only when IWebHostEnvironment is present; ICurrentUser stays available everywhere (reports
unauthenticated off-request). Verified: worker boots + drains (processor started, heartbeats
healthy); IdentityFlowTests + ReviewFlowTests green.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---
 src/Modules/TeamUp.Modules.Identity/IdentityModule.cs | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/Modules/TeamUp.Modules.Identity/IdentityModule.cs b/src/Modules/TeamUp.Modules.Identity/IdentityModule.cs
index 3f098b0..87372dc 100644
--- a/src/Modules/TeamUp.Modules.Identity/IdentityModule.cs
+++ b/src/Modules/TeamUp.Modules.Identity/IdentityModule.cs
@@ -43,6 +43,17 @@ public sealed class IdentityModule : IModule
         services.Configure<JwtOptions>(configuration.GetSection(JwtOptions.SectionName));
         var jwt = configuration.GetSection(JwtOptions.SectionName).Get<JwtOptions>() ?? new JwtOptions();
 
+        // The HTTP auth stack is web-host-only: AddAuthorization's policy cache requires
+        // endpoint routing (EndpointDataSource), which a Generic Host worker doesn't have —
+        // and the worker never authenticates requests anyway.
+        if (services.Any(d => d.ServiceType == typeof(Microsoft.AspNetCore.Hosting.IWebHostEnvironment)))
+        {
+            AddHttpAuth(services, jwt);
+        }
+    }
+
+    private static void AddHttpAuth(IServiceCollection services, JwtOptions jwt)
+    {
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             .AddJwtBearer(options =>
             {