using BMA.EHR.Domain.Common; using BMA.EHR.Domain.Shared; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Configuration; using Nest; using Newtonsoft.Json; using System.Diagnostics; using System.Net; using System.Net.Http.Headers; using System.Security.Claims; using System.Text.Encodings.Web; using System.Text.Json; using JsonSerializer = System.Text.Json.JsonSerializer; namespace BMA.EHR.Domain.Middlewares { public class CombinedErrorHandlerAndLoggingMiddleware { private readonly RequestDelegate _next; private readonly IConfiguration _configuration; private string Uri = ""; private string IndexFormat = ""; private string SystemName = ""; public CombinedErrorHandlerAndLoggingMiddleware(RequestDelegate next, IConfiguration configuration) { _next = next; _configuration = configuration; Uri = _configuration["ElasticConfiguration:Uri"] ?? "http://192.168.1.40:9200"; IndexFormat = _configuration["ElasticConfiguration:IndexFormat"] ?? "bma-ehr-log-index"; SystemName = _configuration["ElasticConfiguration:SystemName"] ?? "Unknown"; } public async Task Invoke(HttpContext context) { Console.WriteLine("=== CombinedErrorHandlerAndLoggingMiddleware Start ==="); var settings = new ConnectionSettings(new Uri(Uri)) .DefaultIndex(IndexFormat); var client = new ElasticClient(settings); var startTime = DateTime.UtcNow; var stopwatch = Stopwatch.StartNew(); string? responseBodyJson = null; string? requestBodyJson = null; Exception? caughtException = null; // อ่าน Request Body string requestBody = await ReadRequestBodyAsync(context); if (!string.IsNullOrEmpty(requestBody)) { requestBodyJson = await FormatRequestBody(context, requestBody); } var originalBodyStream = context.Response.Body; using (var memoryStream = new MemoryStream()) { // เปลี่ยน stream ของ Response เพื่อให้สามารถอ่านได้ context.Response.Body = memoryStream; string keycloakId = Guid.Empty.ToString("D"); var token = context.Request.Headers["Authorization"]; GetProfileByKeycloakIdLocal? pf = null; // ลองดึง keycloakId จาก JWT token ก่อน (ถ้ามี) try { keycloakId = await ExtractKeycloakIdFromToken(token); } catch (Exception ex) { Console.WriteLine($"Error extracting keycloakId from token: {ex.Message}"); } try { if (Guid.TryParse(keycloakId, out var parsedId) && parsedId != Guid.Empty) { pf = await GetProfileByKeycloakIdAsync(parsedId, token); } } catch (Exception ex) { Console.WriteLine($"Error getting profile: {ex.Message}"); } try { await _next(context); Console.WriteLine($"Request completed with status: {context.Response.StatusCode}"); // หลังจาก Authentication middleware ทำงานแล้ว ลองดึง claims อีกครั้ง if (context.User?.Identity?.IsAuthenticated == true) { var authenticatedKeycloakId = context.User.FindFirst(ClaimTypes.NameIdentifier)?.Value ?? context.User.FindFirst("sub")?.Value; if (!string.IsNullOrEmpty(authenticatedKeycloakId) && authenticatedKeycloakId != keycloakId) { keycloakId = authenticatedKeycloakId; Console.WriteLine($"Updated keycloakId from authenticated user: {keycloakId}"); // อัพเดต profile ด้วย keycloakId ที่ถูกต้อง try { if (Guid.TryParse(keycloakId, out var parsedId)) { pf = await GetProfileByKeycloakIdAsync(parsedId, token); } } catch (Exception ex) { Console.WriteLine($"Error updating profile after authentication: {ex.Message}"); } } } // จัดการ response format หลังจาก request ผ่าน pipeline แล้ว await FormatResponse(context, memoryStream); } catch (ObjectDisposedException) { Console.WriteLine("ObjectDisposedException caught in main Invoke"); caughtException = new ObjectDisposedException("Response"); return; } catch (OperationCanceledException) { Console.WriteLine("OperationCanceledException caught in main Invoke"); caughtException = new OperationCanceledException("Operation was cancelled"); return; } catch (Exception error) { Console.WriteLine($"Exception caught in main Invoke: {error.Message}"); caughtException = error; // จัดการ exception และ format เป็น response await FormatExceptionResponse(context, error, memoryStream); } finally { stopwatch.Stop(); await LogRequest(context, client, startTime, stopwatch, pf, keycloakId, requestBodyJson, memoryStream, caughtException); // เขียนข้อมูลกลับไปยัง original Response body if (memoryStream.Length > 0) { memoryStream.Seek(0, SeekOrigin.Begin); await memoryStream.CopyToAsync(originalBodyStream); } } } Console.WriteLine("=== CombinedErrorHandlerAndLoggingMiddleware End ==="); } private async Task FormatRequestBody(HttpContext context, string requestBody) { try { if (context.Request.HasFormContentType) { var form = await context.Request.ReadFormAsync(); var formData = new Dictionary(); foreach (var field in form) { formData[field.Key] = field.Value.ToString(); } if (form.Files.Count > 0) { var fileDataList = new List(); foreach (var file in form.Files) { fileDataList.Add(new { FileName = file.FileName, ContentType = file.ContentType, Size = file.Length }); } formData["Files"] = fileDataList; } var jsonOptions = new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase, Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping, WriteIndented = true, Converters = { new DateTimeFixConverter() } }; return JsonSerializer.Serialize(formData, jsonOptions); } else { var jsonOptions = new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase, Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping, WriteIndented = true, Converters = { new DateTimeFixConverter() } }; return JsonSerializer.Serialize(JsonSerializer.Deserialize(requestBody), jsonOptions); } } catch (Exception ex) { Console.WriteLine($"Error formatting request body: {ex.Message}"); return requestBody; } } private static async Task FormatResponse(HttpContext context, MemoryStream memoryStream) { try { if (context?.Response == null) return; var response = context.Response; var statusCode = response.StatusCode; string? message = null; string? responseBodyJson = null; if (memoryStream.Length > 0) { memoryStream.Seek(0, SeekOrigin.Begin); var responseBody = new StreamReader(memoryStream).ReadToEnd(); var jsonOptions = new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase, Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping, WriteIndented = true, Converters = { new DateTimeFixConverter() } }; responseBodyJson = JsonSerializer.Serialize(JsonSerializer.Deserialize(responseBody), jsonOptions); var json = JsonSerializer.Deserialize(responseBody); if (json.ValueKind == JsonValueKind.Array) { message = "success"; } else { if (json.TryGetProperty("message", out var messageElement)) { message = messageElement.GetString(); } } } Console.WriteLine($"FormatResponse: StatusCode={statusCode}, HasStarted={response.HasStarted}"); // จัดการ response format แม้กับ status code จาก Authentication middleware if (!response.HasStarted && ShouldFormatResponse(statusCode)) { Console.WriteLine($"Formatting response for status: {statusCode}"); var responseModel = CreateResponseModel(statusCode,message); // Clear memory stream และเขียน response ใหม่ memoryStream.SetLength(0); memoryStream.Position = 0; // ไม่เปลี่ยน status code ที่ Authentication middleware ตั้งไว้ response.ContentType = "application/json; charset=utf-8"; var jsonOptions = new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase, WriteIndented = false }; var jsonResponse = JsonSerializer.Serialize(responseModel, jsonOptions); var bytes = System.Text.Encoding.UTF8.GetBytes(jsonResponse); // กำหนด Content-Length ให้ตรงกับขนาดจริง response.ContentLength = bytes.Length; await memoryStream.WriteAsync(bytes, 0, bytes.Length); Console.WriteLine($"Response formatted successfully: {jsonResponse}"); } // หากเป็น 401/403 แต่ยังไม่มี response body ให้สร้างใหม่ else if (!response.HasStarted && (statusCode == 401 || statusCode == 403) && memoryStream.Length == 0) { Console.WriteLine($"Creating response body for {statusCode} status"); var responseModel = CreateResponseModel(statusCode,message); response.ContentType = "application/json; charset=utf-8"; var jsonOptions = new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase, WriteIndented = false }; var jsonResponse = JsonSerializer.Serialize(responseModel, jsonOptions); var bytes = System.Text.Encoding.UTF8.GetBytes(jsonResponse); // กำหนด Content-Length ให้ตรงกับขนาดจริง response.ContentLength = bytes.Length; await memoryStream.WriteAsync(bytes, 0, bytes.Length); Console.WriteLine($"Response body created: {jsonResponse}"); } } catch (ObjectDisposedException) { Console.WriteLine("ObjectDisposedException in FormatResponse"); } catch (Exception ex) { Console.WriteLine($"Error in FormatResponse: {ex.Message}"); } } private static async Task FormatExceptionResponse(HttpContext context, Exception error, MemoryStream memoryStream) { try { Console.WriteLine($"FormatExceptionResponse: Error={error.Message}"); if (context?.Response == null) return; var response = context.Response; Console.WriteLine($"Response HasStarted: {response.HasStarted}"); if (!response.HasStarted) { // Clear memory stream และเขียน error response memoryStream.SetLength(0); memoryStream.Position = 0; response.StatusCode = (int)HttpStatusCode.InternalServerError; response.ContentType = "application/json; charset=utf-8"; var responseModel = new ResponseObject { Status = response.StatusCode, Message = GetErrorMessage(error), Result = null }; var jsonOptions = new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase, WriteIndented = false }; var jsonResponse = JsonSerializer.Serialize(responseModel, jsonOptions); var bytes = System.Text.Encoding.UTF8.GetBytes(jsonResponse); // กำหนด Content-Length ให้ตรงกับขนาดจริง response.ContentLength = bytes.Length; await memoryStream.WriteAsync(bytes, 0, bytes.Length); Console.WriteLine($"Exception response formatted: {jsonResponse}"); } else { Console.WriteLine("Cannot format exception response - response already started"); } } catch (ObjectDisposedException) { Console.WriteLine("ObjectDisposedException in FormatExceptionResponse"); } catch (Exception ex) { Console.WriteLine($"Error in FormatExceptionResponse: {ex.Message}"); } } private async Task LogRequest(HttpContext context, ElasticClient client, DateTime startTime, Stopwatch stopwatch, GetProfileByKeycloakIdLocal? pf, string keycloakId, string? requestBodyJson, MemoryStream memoryStream, Exception? caughtException) { try { var processTime = stopwatch.ElapsedMilliseconds; var endTime = DateTime.UtcNow; var statusCode = caughtException != null ? (int)HttpStatusCode.InternalServerError : context.Response.StatusCode; var logType = caughtException != null ? "error" : statusCode switch { >= 500 => "error", >= 400 => "warning", _ => "info" }; string? message = null; string? responseBodyJson = null; // อ่านข้อมูลจาก Response if (memoryStream.Length > 0) { memoryStream.Seek(0, SeekOrigin.Begin); var responseBody = new StreamReader(memoryStream).ReadToEnd(); if (!string.IsNullOrEmpty(responseBody)) { var contentType = context.Response.ContentType; var isFileResponse = !contentType.StartsWith("application/json") && !contentType.StartsWith("text/html") && ( contentType.StartsWith("application/") || contentType.StartsWith("image/") || contentType.StartsWith("audio/") || context.Response.Headers.ContainsKey("Content-Disposition") ); if (isFileResponse) { responseBodyJson = ""; message = "success"; } else { try { var jsonOptions = new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase, Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping, WriteIndented = true, Converters = { new DateTimeFixConverter() } }; responseBodyJson = JsonSerializer.Serialize(JsonSerializer.Deserialize(responseBody), jsonOptions); var json = JsonSerializer.Deserialize(responseBody); if (json.ValueKind == JsonValueKind.Array) { message = "success"; } else { if (json.TryGetProperty("message", out var messageElement)) { message = messageElement.GetString(); } } } catch { responseBodyJson = responseBody; message = caughtException?.Message ?? "Unknown error"; } } } } if (caughtException != null) { message = caughtException.Message; } var logData = new { logType = logType, ip = context.Connection.RemoteIpAddress?.ToString(), rootId = pf?.RootId, systemName = SystemName, startTimeStamp = startTime.ToString("o"), endTimeStamp = endTime.ToString("o"), processTime = processTime, host = context.Request.Host.Value, method = context.Request.Method, endpoint = context.Request.Path + context.Request.QueryString, responseCode = statusCode == 304 ? "200" : statusCode.ToString(), responseDescription = message, input = requestBodyJson, output = responseBodyJson, userId = keycloakId, userName = $"{pf?.Prefix ?? ""}{pf?.FirstName ?? ""} {pf?.LastName ?? ""}", user = pf?.CitizenId ?? "", exception = caughtException?.ToString() }; await client.IndexDocumentAsync(logData); } catch (Exception ex) { Console.WriteLine($"Error logging request: {ex.Message}"); } } private static bool ShouldFormatResponse(int statusCode) { return statusCode == (int)HttpStatusCode.Unauthorized || statusCode == (int)HttpStatusCode.Forbidden || statusCode == (int)HttpStatusCode.BadRequest || statusCode == (int)HttpStatusCode.NotFound || statusCode == (int)HttpStatusCode.Conflict || statusCode == (int)HttpStatusCode.UnprocessableEntity || statusCode == (int)HttpStatusCode.InternalServerError; } private static ResponseObject CreateResponseModel(int statusCode,string? error) { var message = statusCode switch { (int)HttpStatusCode.Unauthorized => GlobalMessages.NotAuthorized, (int)HttpStatusCode.Forbidden => GlobalMessages.ForbiddenAccess, (int)HttpStatusCode.BadRequest => "Bad Request", (int)HttpStatusCode.NotFound => "Resource Not Found", (int)HttpStatusCode.Conflict => "Conflict", (int)HttpStatusCode.UnprocessableEntity => "Validation Error", (int)HttpStatusCode.InternalServerError => GlobalMessages.ExceptionOccured, _ => "Error" }; return new ResponseObject { Status = statusCode, Message = error ?? message }; } private static string GetErrorMessage(Exception error) { var msg = error.Message; var inner = error.InnerException; while (inner != null) { msg += $" {inner.Message}\r\n"; inner = inner.InnerException; } return msg; } private async Task ExtractKeycloakIdFromToken(string? authorizationHeader) { try { if (string.IsNullOrEmpty(authorizationHeader) || !authorizationHeader.StartsWith("Bearer ")) { return Guid.Empty.ToString("D"); } var token = authorizationHeader.Replace("Bearer ", ""); // แยก JWT token เพื่อดึง payload (แบบง่าย โดยไม่ verify signature) var parts = token.Split('.'); if (parts.Length != 3) { return Guid.Empty.ToString("D"); } // Decode Base64 payload var payload = parts[1]; // เพิ่ม padding ถ้าจำเป็น var padLength = 4 - (payload.Length % 4); if (padLength != 4) { payload += new string('=', padLength); } var payloadBytes = Convert.FromBase64String(payload); var payloadJson = System.Text.Encoding.UTF8.GetString(payloadBytes); Console.WriteLine($"JWT Payload: {payloadJson}"); // Parse JSON และดึง sub (subject) claim var jsonDoc = JsonDocument.Parse(payloadJson); // ลองหา keycloak ID ใน claims ต่างๆ string? keycloakId = null; if (jsonDoc.RootElement.TryGetProperty("sub", out var subElement)) { keycloakId = subElement.GetString(); } else if (jsonDoc.RootElement.TryGetProperty("nameid", out var nameidElement)) { keycloakId = nameidElement.GetString(); } else if (jsonDoc.RootElement.TryGetProperty("user_id", out var userIdElement)) { keycloakId = userIdElement.GetString(); } return keycloakId ?? Guid.Empty.ToString("D"); } catch (Exception ex) { Console.WriteLine($"Error extracting keycloak ID from token: {ex.Message}"); return Guid.Empty.ToString("D"); } } protected async Task GetExternalAPIAsync(string apiPath, string accessToken, string apiKey) { try { using (var client = new HttpClient()) { client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken.Replace("Bearer ", "")); client.DefaultRequestHeaders.Add("api_key", apiKey); var _res = await client.GetAsync(apiPath); if (_res.IsSuccessStatusCode) { var _result = await _res.Content.ReadAsStringAsync(); return _result; } return string.Empty; } } catch { throw; } } public async Task GetProfileByKeycloakIdAsync(Guid keycloakId, string? accessToken) { try { var apiPath = $"{_configuration["API"]}/org/dotnet/keycloak/{keycloakId}"; var apiKey = _configuration["API_KEY"]; var apiResult = await GetExternalAPIAsync(apiPath, accessToken ?? "", apiKey); if (apiResult != null) { var raw = JsonConvert.DeserializeObject(apiResult); if (raw != null) return raw.Result; } return null; } catch { throw; } } private async Task ReadRequestBodyAsync(HttpContext context) { context.Request.EnableBuffering(); using var reader = new StreamReader(context.Request.Body, leaveOpen: true); var body = await reader.ReadToEndAsync(); context.Request.Body.Position = 0; return body; } } // Model classes public class GetProfileByKeycloakIdLocal { public Guid Id { get; set; } public string? Prefix { get; set; } public string? FirstName { get; set; } public string? LastName { get; set; } public string? CitizenId { get; set; } public string? Root { get; set; } public string? Child1 { get; set; } public string? Child2 { get; set; } public string? Child3 { get; set; } public string? Child4 { get; set; } public Guid? RootId { get; set; } public Guid? Child1Id { get; set; } public Guid? Child2Id { get; set; } public Guid? Child3Id { get; set; } public Guid? Child4Id { get; set; } public Guid? RootDnaId { get; set; } public Guid? Child1DnaId { get; set; } public Guid? Child2DnaId { get; set; } public Guid? Child3DnaId { get; set; } public Guid? Child4DnaId { get; set; } public double? Amount { get; set; } public double? PositionSalaryAmount { get; set; } public string? Commander { get; set; } public Guid? CommanderId { get; set; } public Guid? CommanderKeycloak { get; set; } } public class GetProfileByKeycloakIdResultLocal { public string Message { get; set; } = string.Empty; public int Status { get; set; } = -1; public GetProfileByKeycloakIdLocal? Result { get; set; } } }