fix: ChatController naming consistency and streaming cancellation/error handling (#1089)

- [x] Inspect PR feedback and failing CI for
`/home/runner/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web/Controllers/ChatController.cs`
- [x] Update `StreamMessage` cancellation/error handling to address the
active PR comments and fix the compile error
- [x] Rebuild the solution and run relevant tests to verify the change
- [ ] Run final validation and summarize results

<!-- START COPILOT CODING AGENT SUFFIX -->



<!-- START COPILOT ORIGINAL PROMPT -->



<details>

<summary>Original prompt</summary>


    Please apply the following diffs and create a pull request.
Once the PR is ready, give it a title based on the messages of the fixes
being applied.

[{"message":"The field `_AiChatService` uses inconsistent casing ('Ai'
instead of 'AI'). It should be renamed to `_AIChatService` to match the
type name `AIChatService` and maintain consistency with other fields
like
`_Logger`.","fixFiles":[{"filePath":"EssentialCSharp.Web/Controllers/ChatController.cs","diff":"diff
--git a/EssentialCSharp.Web/Controllers/ChatController.cs
b/EssentialCSharp.Web/Controllers/ChatController.cs\n---
a/EssentialCSharp.Web/Controllers/ChatController.cs\n+++
b/EssentialCSharp.Web/Controllers/ChatController.cs\n@@ -15,13 +15,13
@@\n [IgnoreAntiforgeryToken]\n public partial class ChatController :
ControllerBase\n {\n- private readonly AIChatService _AiChatService;\n+
private readonly AIChatService _AIChatService;\n private readonly
ResponseIdValidationService _ResponseIdValidationService;\n private
readonly ILogger<ChatController> _Logger;\n \n public
ChatController(ILogger<ChatController> logger, AIChatService
aiChatService, ResponseIdValidationService
responseIdValidationService)\n {\n- _AiChatService = aiChatService;\n+
_AIChatService = aiChatService;\n _ResponseIdValidationService =
responseIdValidationService;\n _Logger = logger;\n }\n@@ -46,7 +41,7
@@\n \n try\n {\n- var (response, responseId) = await
_AiChatService.GetChatCompletion(\n+ var (response, responseId) = await
_AIChatService.GetChatCompletion(\n prompt: request.Message,\n
previousResponseId: previousResponseId,\n enableContextualSearch:
request.EnableContextualSearch,\n"}]},{"message":"The method uses
`CancellationToken.None` instead of the provided `cancellationToken`
parameter when writing error responses. This prevents graceful
cancellation of the write operation if the request is aborted. Replace
`CancellationToken.None` with `cancellationToken` throughout the
StreamMessage method (lines 78, 86, 97, 144, 151, 152, 167, 174, 175) to
respect cancellation
requests.","fixFiles":[{"filePath":"EssentialCSharp.Web/Controllers/ChatController.cs","diff":"diff
--git a/EssentialCSharp.Web/Controllers/ChatController.cs
b/EssentialCSharp.Web/Controllers/ChatController.cs\n---
a/EssentialCSharp.Web/Controllers/ChatController.cs\n+++
b/EssentialCSharp.Web/Controllers/ChatController.cs\n@@ -75,7 +75,7 @@\n
if (string.IsNullOrEmpty(request.Message))\n {\n Response.StatusCode =
400;\n- await Response.WriteAsJsonAsync(new { error = \"Message cannot
be empty.\" }, CancellationToken.None);\n+ await
Response.WriteAsJsonAsync(new { error = \"Message cannot be empty.\" },
cancellationToken);\n return;\n }\n \n@@ -83,7 +83,7 @@\n if
(string.IsNullOrEmpty(userId))\n {\n Response.StatusCode = 401;\n- await
Response.WriteAsJsonAsync(new { error = \"Unauthorized.\" },
CancellationToken.None);\n+ await Response.WriteAsJsonAsync(new { error
= \"Unauthorized.\" }, cancellationToken);\n return;\n }\n \n@@ -94,7
+94,7 @@\n if (!_ResponseIdValidationService.ValidateResponseId(userId,
previousResponseId))\n {\n Response.StatusCode = 400;\n- await
Response.WriteAsJsonAsync(new { error = \"Invalid conversation
context.\" }, CancellationToken.None);\n+ await
Response.WriteAsJsonAsync(new { error = \"Invalid conversation
context.\" }, cancellationToken);\n return;\n }\n \n"}]},{"message":"The
when clause checks both `cancellationToken.IsCancellationRequested` and
`HttpContext.RequestAborted.IsCancellationRequested`, but this filter
will not catch `OperationCanceledException` thrown when either token is
cancelled without the corresponding property being set at the exact
moment the filter evaluates. Remove the when clause entirely or simplify
to catch all `OperationCanceledException` instances, as these are
expected during
cancellation.","fixFiles":[{"filePath":"EssentialCSharp.Web/Controllers/ChatController.cs","diff":"diff
--git a/EssentialCSharp.Web/Controllers/ChatController.cs
b/EssentialCSharp.Web/Controllers/ChatController.cs\n---
a/EssentialCSharp.Web/Controllers/ChatController.cs\n+++
b/EssentialCSharp.Web/Controllers/ChatController.cs\n@@ -133,7 +133,7
@@\n await Response.WriteAsync(\"data: [DONE]\\n\\n\",
cancellationToken);\n await
Response.Body.FlushAsync(cancellationToken);\n }\n- catch
(OperationCanceledException) when
(cancellationToken.IsCancellationRequested ||
HttpContext.RequestAborted.IsCancellationRequested)\n+ catch
(OperationCanceledException)\n {\n LogChatStreamCancelled(_Logger,
User.Identity?.Name);\n }\n"}]},{"message":"The exception handling f...

</details>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: BenjaminMichaelis <22186029+BenjaminMichaelis@users.noreply.github.com>
Co-authored-by: Benjamin Michaelis <git@relay.benjamin.michaelis.net>
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>

Author: 3 people

EssentialCSharp.Web/Controllers/ChatController.cs

@@ -1,3 +1,4 @@
+using System.IO;
 using System.Security.Claims;
 using System.Text.Json;
 using EssentialCSharp.Chat.Common.Services;
@@ -15,13 +16,13 @@ namespace EssentialCSharp.Web.Controllers;
 [IgnoreAntiforgeryToken]
 public partial class ChatController : ControllerBase
 {
-    private readonly AIChatService _AiChatService;
+    private readonly AIChatService _AIChatService;
     private readonly ResponseIdValidationService _ResponseIdValidationService;
     private readonly ILogger<ChatController> _Logger;
 
     public ChatController(ILogger<ChatController> logger, AIChatService aiChatService, ResponseIdValidationService responseIdValidationService)
     {
-        _AiChatService = aiChatService;
+        _AIChatService = aiChatService;
         _ResponseIdValidationService = responseIdValidationService;
         _Logger = logger;
     }
@@ -46,7 +47,7 @@ public async Task<IActionResult> SendMessage([FromBody] ChatMessageRequest reque
 
         try
         {
-            var (response, responseId) = await _AiChatService.GetChatCompletion(
+            var (response, responseId) = await _AIChatService.GetChatCompletion(
                 prompt: request.Message,
                 previousResponseId: previousResponseId,
                 enableContextualSearch: request.EnableContextualSearch,
@@ -75,15 +76,15 @@ public async Task StreamMessage([FromBody] ChatMessageRequest request, Cancellat
         if (string.IsNullOrEmpty(request.Message))
         {
             Response.StatusCode = 400;
-            await Response.WriteAsJsonAsync(new { error = "Message cannot be empty." }, CancellationToken.None);
+            await Response.WriteAsJsonAsync(new { error = "Message cannot be empty." }, cancellationToken);
             return;
         }
 
         var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
         if (string.IsNullOrEmpty(userId))
         {
             Response.StatusCode = 401;
-            await Response.WriteAsJsonAsync(new { error = "Unauthorized." }, CancellationToken.None);
+            await Response.WriteAsJsonAsync(new { error = "Unauthorized." }, cancellationToken);
             return;
         }
 
@@ -94,7 +95,7 @@ public async Task StreamMessage([FromBody] ChatMessageRequest request, Cancellat
         if (!_ResponseIdValidationService.ValidateResponseId(userId, previousResponseId))
         {
             Response.StatusCode = 400;
-            await Response.WriteAsJsonAsync(new { error = "Invalid conversation context." }, CancellationToken.None);
+            await Response.WriteAsJsonAsync(new { error = "Invalid conversation context." }, cancellationToken);
             return;
         }
 
@@ -104,7 +105,7 @@ public async Task StreamMessage([FromBody] ChatMessageRequest request, Cancellat
 
         try
         {
-            await foreach (var (text, responseId) in _AiChatService.GetChatCompletionStream(
+            await foreach (var (text, responseId) in _AIChatService.GetChatCompletionStream(
                 prompt: request.Message,
                 previousResponseId: previousResponseId,
                 enableContextualSearch: request.EnableContextualSearch,
@@ -133,53 +134,102 @@ public async Task StreamMessage([FromBody] ChatMessageRequest request, Cancellat
             await Response.WriteAsync("data: [DONE]\n\n", cancellationToken);
             await Response.Body.FlushAsync(cancellationToken);
         }
-        catch (OperationCanceledException) when (cancellationToken.IsCancellationRequested || HttpContext.RequestAborted.IsCancellationRequested)
+        catch (OperationCanceledException)
         {
-            LogChatStreamCancelled(_Logger, User.Identity?.Name);
-        }
-        catch (ConversationContextLimitExceededException) when (!Response.HasStarted)
-        {
-            Response.StatusCode = 400;
-            Response.ContentType = "application/json";
-            await Response.WriteAsJsonAsync(new { error = "This conversation has grown too long. Please start a new one.", errorCode = "context_limit_exceeded" }, CancellationToken.None);
+            if (cancellationToken.IsCancellationRequested || HttpContext.RequestAborted.IsCancellationRequested)
+            {
+                LogChatStreamCancelled(_Logger, User.Identity?.Name);
+                return;
+            }
+
+            throw;
         }
         catch (ConversationContextLimitExceededException ex)
         {
-            LogChatStreamErrorMidStream(_Logger, ex, User.Identity?.Name);
-            try
+            if (!Response.HasStarted)
             {
-                await Response.WriteAsync("data: {\"type\":\"error\",\"message\":\"This conversation has grown too long. Please start a new one.\",\"errorCode\":\"context_limit_exceeded\"}\n\n", CancellationToken.None);
-                await Response.Body.FlushAsync(CancellationToken.None);
+                if (cancellationToken.IsCancellationRequested || HttpContext.RequestAborted.IsCancellationRequested)
+                    return;
+
+                Response.StatusCode = 400;
+                Response.ContentType = "application/json";
+                try
+                {
+                    var writeCancellationToken =
+                        cancellationToken.IsCancellationRequested || HttpContext.RequestAborted.IsCancellationRequested
+                            ? CancellationToken.None
+                            : cancellationToken;
+                    await Response.WriteAsJsonAsync(new { error = "This conversation has grown too long. Please start a new one.", errorCode = "context_limit_exceeded" }, writeCancellationToken);
+                }
+                catch (OperationCanceledException) when (cancellationToken.IsCancellationRequested || HttpContext.RequestAborted.IsCancellationRequested)
+                {
+                    // Best-effort write during an aborted request — no response body can be delivered.
+                }
+                catch (IOException) when (HttpContext.RequestAborted.IsCancellationRequested)
+                {
+                    // Expected client disconnect while attempting a best-effort error response write.
+                }
+                catch (ObjectDisposedException) when (HttpContext.RequestAborted.IsCancellationRequested)
+                {
+                    // Response stream can already be disposed after an abrupt client disconnect.
+                }
             }
-            catch (Exception)
+            else
             {
-                // Best-effort write to an already-streaming response. Kestrel can throw
-                // IOException (connection reset), OperationCanceledException, or
-                // ObjectDisposedException on abrupt client disconnect — swallow all to
-                // avoid masking the original exception.
+                LogChatStreamErrorMidStream(_Logger, ex, User.Identity?.Name);
+                try
+                {
+                    await Response.WriteAsync("data: {\"type\":\"error\",\"message\":\"This conversation has grown too long. Please start a new one.\",\"errorCode\":\"context_limit_exceeded\"}\n\n", cancellationToken);
+                    await Response.Body.FlushAsync(cancellationToken);
+                }
+                catch (Exception writeException) when (writeException is IOException or OperationCanceledException or ObjectDisposedException)
+                {
+                    // Best-effort write to an already-streaming response. Kestrel can throw
+                    // IOException (connection reset), OperationCanceledException, or
+                    // ObjectDisposedException on abrupt client disconnect — swallow expected
+                    // transport/disconnect exceptions to avoid masking the original exception.
+                }
             }
         }
         catch (Exception ex) when (!Response.HasStarted)
         {
             LogChatStreamErrorBeforeResponseStarted(_Logger, ex, User.Identity?.Name);
+            if (cancellationToken.IsCancellationRequested || HttpContext.RequestAborted.IsCancellationRequested)
+                return;
+
             Response.StatusCode = 500;
             Response.ContentType = "application/json";
-            await Response.WriteAsJsonAsync(new { error = "Chat service unavailable" }, CancellationToken.None);
+            try
+            {
+                await Response.WriteAsJsonAsync(new { error = "Chat service unavailable" }, cancellationToken);
+            }
+            catch (OperationCanceledException) when (cancellationToken.IsCancellationRequested || HttpContext.RequestAborted.IsCancellationRequested)
+            {
+                // Best-effort write during an aborted request — no response body can be delivered.
+            }
+            catch (IOException) when (HttpContext.RequestAborted.IsCancellationRequested)
+            {
+                // Expected client disconnect while attempting a best-effort error response write.
+            }
+            catch (ObjectDisposedException) when (HttpContext.RequestAborted.IsCancellationRequested)
+            {
+                // Response stream can already be disposed after an abrupt client disconnect.
+            }
         }
         catch (Exception ex)
         {
             LogChatStreamErrorMidStream(_Logger, ex, User.Identity?.Name);
             try
             {
-                await Response.WriteAsync("data: {\"type\":\"error\",\"message\":\"Stream interrupted\"}\n\n", CancellationToken.None);
-                await Response.Body.FlushAsync(CancellationToken.None);
+                await Response.WriteAsync("data: {\"type\":\"error\",\"message\":\"Stream interrupted\"}\n\n", cancellationToken);
+                await Response.Body.FlushAsync(cancellationToken);
             }
-            catch (Exception)
+            catch (Exception writeException) when (writeException is IOException or OperationCanceledException or ObjectDisposedException)
             {
                 // Best-effort write to an already-streaming response. Kestrel can throw
                 // IOException (connection reset), OperationCanceledException, or
-                // ObjectDisposedException on abrupt client disconnect — swallow all to
-                // avoid masking the original exception.
+                // ObjectDisposedException on abrupt client disconnect — swallow expected
+                // transport/disconnect exceptions to avoid masking the original exception.
             }
         }
     }

EssentialCSharp.Web/Extensions/IServiceCollectionExtensions.cs

@@ -1,4 +1,7 @@
-using EssentialCSharp.Web.Services;
+using System.Net;
+using System.Net.Sockets;
+using EssentialCSharp.Web.Services;
+using Microsoft.AspNetCore.HttpOverrides;
 
 namespace EssentialCSharp.Web.Extensions;
 
@@ -13,4 +16,77 @@ public static void AddCaptchaService(this IServiceCollection services, IConfigur
             c.BaseAddress = new Uri("https://api.hcaptcha.com");
         });
     }
+
+    public static void AddTrustedForwardedHeaders(this IServiceCollection services, IConfiguration configuration, IHostEnvironment environment)
+    {
+        services.Configure<ForwardedHeadersOptions>(options =>
+        {
+            options.ForwardedHeaders =
+                ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+            options.ForwardLimit = 1;
+
+            var trustedProxyCidrs = configuration
+                .GetSection("ForwardedHeaders:TrustedProxyCidrs")
+                .Get<string[]>() ?? [];
+            var trustedProxies = configuration
+                .GetSection("ForwardedHeaders:TrustedProxies")
+                .Get<string[]>() ?? [];
+
+            if (trustedProxyCidrs.Length == 0 && trustedProxies.Length == 0)
+            {
+                if (!environment.IsDevelopment())
+                {
+                    throw new InvalidOperationException(
+                        "Forwarded headers are enabled but no trusted proxies are configured. " +
+                        "Set ForwardedHeaders:TrustedProxyCidrs or ForwardedHeaders:TrustedProxies.");
+                }
+                return;
+            }
+
+            options.KnownIPNetworks.Clear();
+            options.KnownProxies.Clear();
+
+            foreach (var cidr in trustedProxyCidrs)
+            {
+                if (!TryParseCidr(cidr, out var network))
+                    throw new InvalidOperationException($"Invalid ForwardedHeaders:TrustedProxyCidrs entry '{cidr}'. Use CIDR notation, e.g. '10.0.0.0/8'.");
+
+                options.KnownIPNetworks.Add(network);
+            }
+
+            foreach (var proxy in trustedProxies)
+            {
+                if (!IPAddress.TryParse(proxy, out var proxyAddress))
+                    throw new InvalidOperationException($"Invalid ForwardedHeaders:TrustedProxies entry '{proxy}'. Use a valid IP address.");
+
+                options.KnownProxies.Add(proxyAddress);
+            }
+        });
+    }
+
+    private static bool TryParseCidr(string cidr, out System.Net.IPNetwork network)
+    {
+        network = default!;
+        if (string.IsNullOrWhiteSpace(cidr))
+            return false;
+
+        string[] parts = cidr.Split('/', 2, StringSplitOptions.TrimEntries);
+        if (parts.Length != 2
+            || !IPAddress.TryParse(parts[0], out var networkAddress)
+            || !int.TryParse(parts[1], out var prefixLength))
+            return false;
+
+        int maxPrefixLength = networkAddress.AddressFamily switch
+        {
+            AddressFamily.InterNetwork => 32,
+            AddressFamily.InterNetworkV6 => 128,
+            _ => -1
+        };
+
+        if (maxPrefixLength < 0 || prefixLength < 0 || prefixLength > maxPrefixLength)
+            return false;
+
+        network = new System.Net.IPNetwork(networkAddress, prefixLength);
+        return true;
+    }
 }

EssentialCSharp.Web/Program.cs

@@ -119,17 +119,7 @@ private static void Main(string[] args)
 
 
 
-        builder.Services.Configure<ForwardedHeadersOptions>(options =>
-        {
-            options.ForwardedHeaders =
-                ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
-
-            // Only loopback proxies are allowed by default.
-            // Clear that restriction because forwarders are enabled by explicit 
-            // configuration.
-            options.KnownIPNetworks.Clear();
-            options.KnownProxies.Clear();
-        });
+        builder.Services.AddTrustedForwardedHeaders(builder.Configuration, builder.Environment);
 
         ConfigurationManager configuration = builder.Configuration;
         string connectionString = builder.Configuration.GetConnectionString("EssentialCSharpWebContextConnection") ?? throw new InvalidOperationException("Connection string 'EssentialCSharpWebContextConnection' not found.");

EssentialCSharp.Web/appsettings.json

@@ -9,6 +9,10 @@
     }
   },
   "AllowedHosts": "*",
+  "ForwardedHeaders": {
+    "TrustedProxyCidrs": [],
+    "TrustedProxies": []
+  },
   "HCaptcha": {
     "SecretKey": "0x0000000000000000000000000000000000000000",
     "SiteKey": "10000000-ffff-ffff-ffff-000000000001"