code was added to allow multiple api keys to talk to the api.

This commit is contained in:
James Tombleson 2023-06-12 15:15:04 -07:00
parent 39bf92dd53
commit e4c5d1be29
2 changed files with 72 additions and 0 deletions

View File

@ -0,0 +1,41 @@
namespace Newsbot.Collector.Api.Authentication;
public class ApiKeyAuthAuthentication
{
public const string HeaderApiKey = "x-api-key";
private readonly RequestDelegate _next;
public ApiKeyAuthAuthentication(RequestDelegate next)
{
_next = next;
}
public async Task InvokeAsync(HttpContext context)
{
if (!context.Request.Headers.TryGetValue(HeaderApiKey, out var extractedApiKey))
{
context.Response.StatusCode = 401;
await context.Response.WriteAsync("Api key was not provided.");
return;
}
var appSettings = context.RequestServices.GetRequiredService<IConfiguration>();
var keys = appSettings.GetSection("AuthKeys").Get<string[]>();
keys ??= Array.Empty<string>();
//var apiKey = appSettings.GetValue<List<string>>("AuthKeys") ?? "";
foreach (var apiKey in keys)
{
if (apiKey.Equals(extractedApiKey))
{
await _next(context);
return;
}
}
context.Response.StatusCode = 401;
await context.Response.WriteAsync("Unauthorized");
}
}

View File

@ -2,7 +2,9 @@ using Hangfire;
using Hangfire.MemoryStorage; using Hangfire.MemoryStorage;
using HealthChecks.UI.Client; using HealthChecks.UI.Client;
using Microsoft.AspNetCore.Diagnostics.HealthChecks; using Microsoft.AspNetCore.Diagnostics.HealthChecks;
using Microsoft.OpenApi.Models;
using Newsbot.Collector.Api; using Newsbot.Collector.Api;
using Newsbot.Collector.Api.Authentication;
using Newsbot.Collector.Domain.Consts; using Newsbot.Collector.Domain.Consts;
using Newsbot.Collector.Domain.Models; using Newsbot.Collector.Domain.Models;
using Newsbot.Collector.Domain.Models.Config; using Newsbot.Collector.Domain.Models.Config;
@ -42,6 +44,33 @@ builder.Services.Configure<ConfigSectionRssModel>(config.GetSection(ConfigSectio
builder.Services.Configure<ConfigSectionYoutubeModel>(config.GetSection(ConfigSectionsConst.Youtube)); builder.Services.Configure<ConfigSectionYoutubeModel>(config.GetSection(ConfigSectionsConst.Youtube));
//builder.Services.Configure< //builder.Services.Configure<
builder.Services.AddSwaggerGen(cfg =>
{
cfg.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme
{
Description = "The API key to access the API",
Type = SecuritySchemeType.ApiKey,
Name = "x-api-key",
In = ParameterLocation.Header,
Scheme = "ApiKeyScheme"
});
var scheme = new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "ApiKey"
},
In = ParameterLocation.Header
};
var requirement = new OpenApiSecurityRequirement
{
{ scheme, new List<string>() }
};
cfg.AddSecurityRequirement(requirement);
});
var app = builder.Build(); var app = builder.Build();
// Configure the HTTP request pipeline. // Configure the HTTP request pipeline.
@ -58,6 +87,8 @@ BackgroundJobs.SetupRecurringJobs(config);
app.UseAuthorization(); app.UseAuthorization();
app.UseMiddleware<ApiKeyAuthAuthentication>();
app.MapHealthChecks("/health", new HealthCheckOptions app.MapHealthChecks("/health", new HealthCheckOptions
{ {
Predicate = _ => true, Predicate = _ => true,