AppStd/WorkFlow
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(APIKeyAuthOptions): Schlüsselattribut wird löschbar gemacht.

Browse Source 
- isValidKey-Eintrag wird löschbar gemacht.
 - wenn der Schlüssel null ist und der X-API-Schlüssel nicht existiert, wird die Anfrage authirezred.
This commit is contained in:
Developer 02 2024-10-29 12:23:10 +01:00
parent 2c1abaaf32
commit cbdd6ee295
4 changed files with 8 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
WorkFlow.API/Extensions/DIExtensions.cs
View File

@ -5,7 +5,7 @@ namespace WorkFlow.API.Extensions
{ {
public static class DIExtensions public static class DIExtensions
{ {
public static IServiceCollection AddAPIKeyAuth(this IServiceCollection services, Func<string, bool> isValidKey, string headerName = "X-API-Key") public static IServiceCollection AddAPIKeyAuth(this IServiceCollection services, Func<string?, bool> isValidKey, string headerName = "X-API-Key")
=> services.AddSingleton<APIKeyAuthFilter>(provider => new(isValidKey: isValidKey, headerName: headerName)); => services.AddSingleton<APIKeyAuthFilter>(provider => new(isValidKey: isValidKey, headerName: headerName));
public static IServiceCollection AddAPIKeyAuth(this IServiceCollection services, APIKeyAuthOptions options) public static IServiceCollection AddAPIKeyAuth(this IServiceCollection services, APIKeyAuthOptions options)

8
WorkFlow.API/Filters/ApiKeyAuthFilter.cs
View File

@ -3,16 +3,12 @@ using Microsoft.AspNetCore.Mvc;
namespace WorkFlow.API.Filters namespace WorkFlow.API.Filters
{ {
public class APIKeyAuthFilter(Func<string, bool> isValidKey, string headerName = "X-API-Key") : IAuthorizationFilter public class APIKeyAuthFilter(Func<string?, bool> isValidKey, string headerName = "X-API-Key") : IAuthorizationFilter
{ {
public void OnAuthorization(AuthorizationFilterContext context) public void OnAuthorization(AuthorizationFilterContext context)
{ {
string? apiKey = context.HttpContext.Request.Headers[headerName]; if (!isValidKey(context.HttpContext.Request.Headers[headerName]))
if (apiKey is null || !isValidKey(apiKey))
{
context.Result = new UnauthorizedResult(); context.Result = new UnauthorizedResult();
}
} }
} }
} }

2
WorkFlow.API/Models/APIKeyAuthOptions.cs
View File

@ -2,7 +2,7 @@
{ {
public class APIKeyAuthOptions public class APIKeyAuthOptions
{ {
public required string Key { get; init; } public string? Key { get; init; } = null;
public string HeaderName { get; init; } = "X-API-Key"; public string HeaderName { get; init; } = "X-API-Key";

6
WorkFlow.API/Program.cs
View File

@ -39,11 +39,11 @@ try
}); });
bool disableAPIKeyAuth = config.GetValue<bool>("DisableAPIKeyAuth") && builder.IsDevOrDiP(); bool disableAPIKeyAuth = config.GetValue<bool>("DisableAPIKeyAuth") && builder.IsDevOrDiP();
if (!disableAPIKeyAuth) if (disableAPIKeyAuth)
builder.Services.AddAPIKeyAuth(new());
else
if (config.GetSection("APIKeyAuth").Get<APIKeyAuthOptions>() is APIKeyAuthOptions options) if (config.GetSection("APIKeyAuth").Get<APIKeyAuthOptions>() is APIKeyAuthOptions options)
{
builder.Services.AddAPIKeyAuth(options); builder.Services.AddAPIKeyAuth(options);
}
else else
throw new("The API Key Authorization configuration is not available in the app settings, even though the app is not in development or DiP mode and API Key Authorization is not disabled."); throw new("The API Key Authorization configuration is not available in the app settings, even though the app is not in development or DiP mode and API Key Authorization is not disabled.");