LehrerApp/LehrerApp.Api/Program.cs

using System.Text;
using LehrerApp.Api;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;

var builder = WebApplication.CreateBuilder(args);

// ── Kestrel ───────────────────────────────────────────────────────────────────
builder.WebHost.UseKestrel(options =>
{
    var port = builder.Configuration.GetValue<int>("Api:Port", 5000);
    options.ListenAnyIP(port);
});

// ── JWT Auth ──────────────────────────────────────────────────────────────────
var jwtSecret = builder.Configuration["JWT_SECRET"]
    ?? throw new InvalidOperationException("JWT_SECRET nicht konfiguriert.");

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = new SymmetricSecurityKey(
                Encoding.UTF8.GetBytes(jwtSecret)),
            ValidateIssuer   = false,
            ValidateAudience = false,
            ClockSkew        = TimeSpan.FromMinutes(5),
        };
    });

builder.Services.AddAuthorization();

// ── Services ──────────────────────────────────────────────────────────────────
var dataPath = builder.Configuration["Api:DataPath"] ?? "./data";

builder.Services.AddSingleton<EventStore>(_ => new EventStore(dataPath));
builder.Services.AddSingleton<SnapshotStore>(_ => new SnapshotStore(dataPath));
builder.Services.AddSingleton<ReadableSnapshotStore>(
    _ => new ReadableSnapshotStore(dataPath));
builder.Services.AddSingleton<PlainEventStore>(sp =>
    new PlainEventStore(sp.GetRequiredService<EventStore>()));

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();

// ── Endpoints ─────────────────────────────────────────────────────────────────
app.MapAuthEndpoints(jwtSecret);
app.MapSyncEndpoints();
app.MapSnapshotEndpoints();
app.MapReadableSnapshotEndpoints();
app.MapPlainSyncEndpoints();

app.Run();