feat(APIKeyAuthOptions): Datenmodell zur Konfiguration der Autorisierung mit API-Schlüssel erstellt.

- DI-Erweiterung hinzugefügt
2024-10-29 09:29:14 +01:00 · 2024-10-29 09:29:14 +01:00 · 67a62d7311
commit 67a62d7311
parent e17875dad7
6 changed files with 25 additions and 7 deletions
--- a/WorkFlow.API/Attributes/ApiKeyAuthAttribute.cs
+++ b/WorkFlow.API/Attributes/ApiKeyAuthAttribute.cs
@ -6,7 +6,7 @@ namespace WorkFlow.API.Attributes
    public class APIKeyAuthAttribute : ServiceFilterAttribute
    {
        public APIKeyAuthAttribute()
-            : base(typeof(ApiKeyAuthFilter))
+            : base(typeof(APIKeyAuthFilter))
        {
        }
    }
--- a/WorkFlow.API/Extensions/DIExtensions.cs
+++ b/WorkFlow.API/Extensions/DIExtensions.cs
@ -1,10 +1,14 @@
 using WorkFlow.API.Filters;
+using WorkFlow.API.Models;

 namespace WorkFlow.API.Extensions
 {
    public static class DIExtensions
    {
-        public static IServiceCollection AddAPIKeyAuth(this IServiceCollection services, Func<string, bool> isValidKey, string apiKeyHeaderName = "X-API-Key")
-            => services.AddSingleton<APIKeyAuthFilter>(provider => new(isValidKey: isValidKey, apiKeyHeaderName: apiKeyHeaderName));
+        public static IServiceCollection AddAPIKeyAuth(this IServiceCollection services, Func<string, bool> isValidKey, string headerName = "X-API-Key")
+            => services.AddSingleton<APIKeyAuthFilter>(provider => new(isValidKey: isValidKey, headerName: headerName));
+
+        public static IServiceCollection AddAPIKeyAuth(this IServiceCollection services, APIKeyAuthOptions options)
+            => services.AddAPIKeyAuth(isValidKey: key => key == options.Key, headerName: options.HeaderName);
    }
 }
--- a/WorkFlow.API/Filters/ApiKeyAuthFilter.cs
+++ b/WorkFlow.API/Filters/ApiKeyAuthFilter.cs
@ -3,11 +3,11 @@ using Microsoft.AspNetCore.Mvc;

 namespace WorkFlow.API.Filters
 {
-    public class APIKeyAuthFilter(Func<string, bool> isValidKey, string apiKeyHeaderName = "X-API-Key") : IAuthorizationFilter
+    public class APIKeyAuthFilter(Func<string, bool> isValidKey, string headerName = "X-API-Key") : IAuthorizationFilter
    {
        public void OnAuthorization(AuthorizationFilterContext context)
        {
-            string? apiKey = context.HttpContext.Request.Headers[apiKeyHeaderName];
+            string? apiKey = context.HttpContext.Request.Headers[headerName];

            if (apiKey is null || !isValidKey(apiKey))
            {
--- a/WorkFlow.API/Models/APIKeyAuthOptions.cs
+++ b/WorkFlow.API/Models/APIKeyAuthOptions.cs
@ -0,0 +1,9 @@
+namespace WorkFlow.API.Models
+{
+    public class APIKeyAuthOptions
+    {
+        public required string Key { get; init; }
+
+        public string HeaderName { get; init; } = "X-API-Key";
+    }
+}
--- a/WorkFlow.API/Program.cs
+++ b/WorkFlow.API/Program.cs
@ -36,8 +36,9 @@ try
    {
        Claims = user.ToClaimList().ToDictionary(claim => claim.Type, claim => claim.Value as object)
    });
-    if (config.GetValue<string>("API-Key") is string apiKey)
-        builder.Services.AddApiKeyAuth(key => key == apiKey);
+    
+    if (config.GetSection("APIKeyAuth").Get<APIKeyAuthOptions>() is APIKeyAuthOptions options)
+        builder.Services.AddAPIKeyAuth(options);

    builder.Services.AddControllers();

--- a/WorkFlow.API/appsettings.json
+++ b/WorkFlow.API/appsettings.json
@ -62,5 +62,9 @@
      "User": "(&(objectClass=user)(sAMAccountName=*))",
      "Group": "(&(objectClass=group) (samAccountName=*))"
    }
+  },
+  "APIKeyAuth": {
+    "Key": "ULbcOUiAXAoCXPviyCGtObZUGnrCHNgDmtNbQNpq5MOhB0EFQn18dObdQ93INNy8xIcnOPMJfEHqOotllELVrJ2R5AjqOfQszT2j00w215GanD3UiJGwFhwmdoNFsmNj",
+    "HeaderName": "X-API-Key"
  }
 }