feat(ConfigController): add authorize attribute

EnvelopeGenerator.Web/Controllers/ConfigController.cs

@@ -1,4 +1,5 @@
 using EnvelopeGenerator.Web.Models.Annotation;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
 
@@ -6,6 +7,7 @@ namespace EnvelopeGenerator.Web.Controllers;
 
 [Route("api/[controller]")]
 [ApiController]
+[Authorize]
 public class ConfigController : ControllerBase
 {
     private readonly AnnotationParams _annotParams;

EnvelopeGenerator.Web/Models/Annotation/AnnotationParams.cs

@@ -36,20 +36,20 @@ public class AnnotationParams
                 foreach (var annot in _annots)
                     annot.Default = DefaultAnnotation;
 
-            foreach (var annot in _annots)
+            for (int i = 0; i < _annots.Count; i++)
             {
                 #region set bound annotations
                 // horizontal
-                if (annot.HorBoundAnnotName is string horBoundAnnotName)
+                if (_annots[i].HorBoundAnnotName is string horBoundAnnotName)
                     if (TryGet(horBoundAnnotName, out var horBoundAnnot))
-                        annot.HorBoundAnnot = horBoundAnnot;
+                        _annots[i].HorBoundAnnot = horBoundAnnot;
                     else
                         throw new InvalidOperationException($"{horBoundAnnotName} added as bound anotation. However, it is not defined.");
 
                 // vertical
-                if (annot.VerBoundAnnotName is string verBoundAnnotName)
+                if (_annots[i].VerBoundAnnotName is string verBoundAnnotName)
                     if (TryGet(verBoundAnnotName, out var verBoundAnnot))
-                        annot.VerBoundAnnot = verBoundAnnot;
+                        _annots[i].VerBoundAnnot = verBoundAnnot;
                     else
                         throw new InvalidOperationException($"{verBoundAnnotName} added as bound anotation. However, it is not defined.");
                 #endregion