Added an option to require a key for access to API.

2024-09-28 23:28:02 +02:00 · 2024-09-28 23:28:02 +02:00 · 7c869a63cf
parent e7eef31b7e
commit 7c869a63cf
2 changed files with 68 additions and 0 deletions
--- a/Proculite.GpioRest/Middlewares/SecurityMiddleware.cs
+++ b/Proculite.GpioRest/Middlewares/SecurityMiddleware.cs
@ -0,0 +1,64 @@
 using System.Text;
 namespace Proculite.GpioRest.Middlewares
 {
    public class SecurityMiddleware
    {
        private readonly RequestDelegate _next;
        private readonly IConfiguration _configuration;
        private readonly ILogger<SecurityMiddleware> _logger;
        public SecurityMiddleware(
            RequestDelegate next,
            IConfiguration configuration,
            ILogger<SecurityMiddleware> logger
        )
        {
            _logger = logger;
            _configuration = configuration;
            _next = next;
        }
        public async Task InvokeAsync(HttpContext context)
        {
            IConfigurationSection keySection = _configuration.GetSection("Key");
            if (!keySection.Exists())
            {
                _logger.LogWarning(
                    "Configuration does not contain a key. Running in insecure mode."
                );
                await _next(context);
                return;
            }
            string? accessKey = keySection.Get<string>();
            if (accessKey is null)
            {
                _logger.LogError("Key is expected but is not set.");
                return;
            }
            string? requestKey = context.Request.Headers.Authorization.FirstOrDefault();
            if (requestKey == accessKey)
            {
                await _next(context);
                return;
            }
            context.Response.StatusCode = StatusCodes.Status401Unauthorized;
            context.Response.ContentType = "text/plain; charset=utf-8";
            byte[] messageBytes = Encoding.UTF8.GetBytes("Invalid key is used. Access denied.");
            context.Response.ContentLength = messageBytes.Length;
            await context.Response.Body.WriteAsync(messageBytes);
        }
    }
    public static class SecurityMiddlewareExtensions
    {
        public static IApplicationBuilder UseSecurity(this IApplicationBuilder builder)
        {
            return builder.UseMiddleware<SecurityMiddleware>();
        }
    }
 }
--- a/Proculite.GpioRest/Program.cs
+++ b/Proculite.GpioRest/Program.cs
@ -1,3 +1,4 @@
 using Proculite.GpioRest.Middlewares;
 using Proculite.GpioRest.Services;
 var builder = WebApplication.CreateBuilder(args);
@ -12,6 +13,9 @@ builder.Services.AddSingleton<GpioService>();
 var app = builder.Build();
 // Custom security. Expects traffic to be secure (HTTPS).
 app.UseSecurity();
 app.MapControllers();
 app.UseSwagger();
 app.UseSwaggerUI();