Startseite Erkunden Hilfe
Anmelden
LBP
/
RackPeek
Mirror von https://github.com/Timmoth/RackPeek.git
4
0
Fork 0
Dateien Issues 0 Wiki
Struktur: af63a9df58
Branches Tags
RackPeek
/
RackPeek.Web
/
Api
/
ApiKeyEndpointFilter.cs

ApiKeyEndpointFilter.cs 1.1 KB
Verlauf Originalformat

1234567891011121314151617181920212223242526272829303132333435 
  1. using System.Security.Cryptography;
    2. 

  2. using System.Text;
    3. 

  3. 

  4. namespace RackPeek.Web.Api;
    5. 

  5. 

  6. public class ApiKeyEndpointFilter(IConfiguration configuration) : IEndpointFilter
    7. 

  7. {
    8. 

  8.     private const string ApiKeyHeaderName = "X-Api-Key";
    9. 

  9. 

  10.     public async ValueTask<object?> InvokeAsync(
    11. 

  11.         EndpointFilterInvocationContext context,
    12. 

  12.         EndpointFilterDelegate next)
    13. 

  13.     {
    14. 

  14.         var expectedKey = configuration["RPK_API_KEY"];
    15. 

  15.         
    16. 

  16.         if (string.IsNullOrWhiteSpace(expectedKey))
    17. 

  17.             return Results.StatusCode(503);
    18. 

  18. 

  19.         if (!context.HttpContext.Request.Headers.TryGetValue(ApiKeyHeaderName, out var providedKey)
    20. 

  20.             || !SecureEquals(providedKey.ToString(), expectedKey))
    21. 

  21.         {
    22. 

  22.             return Results.Json(new { error = "Unauthorized" }, statusCode: 401);
    23. 

  23.         }
    24. 

  24. 

  25.         return await next(context);
    26. 

  26.     }
    27. 

  27.     private static bool SecureEquals(string a, string b)
    28. 

  28.     {
    29. 

  29.         var aBytes = Encoding.UTF8.GetBytes(a);
    30. 

  30.         var bBytes = Encoding.UTF8.GetBytes(b);
    31. 

  31. 

  32.         return CryptographicOperations.FixedTimeEquals(aBytes, bBytes);
    33. 

  33.     }
    34. 

  34.     
    35. 

  35. }
    36.