code was added to allow multiple api keys to talk to the api.
This commit is contained in:
parent
39bf92dd53
commit
e4c5d1be29
41
Newsbot.Collector.Api/Middleware/ApiKeyAuthentication.cs
Normal file
41
Newsbot.Collector.Api/Middleware/ApiKeyAuthentication.cs
Normal file
@ -0,0 +1,41 @@
|
||||
namespace Newsbot.Collector.Api.Authentication;
|
||||
|
||||
public class ApiKeyAuthAuthentication
|
||||
{
|
||||
public const string HeaderApiKey = "x-api-key";
|
||||
|
||||
private readonly RequestDelegate _next;
|
||||
|
||||
public ApiKeyAuthAuthentication(RequestDelegate next)
|
||||
{
|
||||
_next = next;
|
||||
}
|
||||
|
||||
public async Task InvokeAsync(HttpContext context)
|
||||
{
|
||||
if (!context.Request.Headers.TryGetValue(HeaderApiKey, out var extractedApiKey))
|
||||
{
|
||||
context.Response.StatusCode = 401;
|
||||
await context.Response.WriteAsync("Api key was not provided.");
|
||||
return;
|
||||
}
|
||||
|
||||
var appSettings = context.RequestServices.GetRequiredService<IConfiguration>();
|
||||
|
||||
var keys = appSettings.GetSection("AuthKeys").Get<string[]>();
|
||||
keys ??= Array.Empty<string>();
|
||||
//var apiKey = appSettings.GetValue<List<string>>("AuthKeys") ?? "";
|
||||
|
||||
foreach (var apiKey in keys)
|
||||
{
|
||||
if (apiKey.Equals(extractedApiKey))
|
||||
{
|
||||
await _next(context);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
context.Response.StatusCode = 401;
|
||||
await context.Response.WriteAsync("Unauthorized");
|
||||
}
|
||||
}
|
@ -2,7 +2,9 @@ using Hangfire;
|
||||
using Hangfire.MemoryStorage;
|
||||
using HealthChecks.UI.Client;
|
||||
using Microsoft.AspNetCore.Diagnostics.HealthChecks;
|
||||
using Microsoft.OpenApi.Models;
|
||||
using Newsbot.Collector.Api;
|
||||
using Newsbot.Collector.Api.Authentication;
|
||||
using Newsbot.Collector.Domain.Consts;
|
||||
using Newsbot.Collector.Domain.Models;
|
||||
using Newsbot.Collector.Domain.Models.Config;
|
||||
@ -42,6 +44,33 @@ builder.Services.Configure<ConfigSectionRssModel>(config.GetSection(ConfigSectio
|
||||
builder.Services.Configure<ConfigSectionYoutubeModel>(config.GetSection(ConfigSectionsConst.Youtube));
|
||||
//builder.Services.Configure<
|
||||
|
||||
builder.Services.AddSwaggerGen(cfg =>
|
||||
{
|
||||
cfg.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme
|
||||
{
|
||||
Description = "The API key to access the API",
|
||||
Type = SecuritySchemeType.ApiKey,
|
||||
Name = "x-api-key",
|
||||
In = ParameterLocation.Header,
|
||||
Scheme = "ApiKeyScheme"
|
||||
});
|
||||
|
||||
var scheme = new OpenApiSecurityScheme
|
||||
{
|
||||
Reference = new OpenApiReference
|
||||
{
|
||||
Type = ReferenceType.SecurityScheme,
|
||||
Id = "ApiKey"
|
||||
},
|
||||
In = ParameterLocation.Header
|
||||
};
|
||||
var requirement = new OpenApiSecurityRequirement
|
||||
{
|
||||
{ scheme, new List<string>() }
|
||||
};
|
||||
cfg.AddSecurityRequirement(requirement);
|
||||
});
|
||||
|
||||
var app = builder.Build();
|
||||
|
||||
// Configure the HTTP request pipeline.
|
||||
@ -58,6 +87,8 @@ BackgroundJobs.SetupRecurringJobs(config);
|
||||
|
||||
app.UseAuthorization();
|
||||
|
||||
app.UseMiddleware<ApiKeyAuthAuthentication>();
|
||||
|
||||
app.MapHealthChecks("/health", new HealthCheckOptions
|
||||
{
|
||||
Predicate = _ => true,
|
||||
|
Loading…
Reference in New Issue
Block a user