From ba4bea18f44ad10305bba3d3f8be31e3899adc74 Mon Sep 17 00:00:00 2001 From: Robert Marshall Date: Sat, 8 May 2021 22:35:27 +0100 Subject: [PATCH] Use API authorisation now provided by library. --- .../ApiKeyAuthenticationHandler.cs | 59 ------------------- .../ApiKeyAuthenticationOptions.cs | 9 --- .../Authentication/ApiKeyValidator.cs | 18 ------ .../AuthenticationBuilderExtensions.cs | 10 ---- src/Robware.Api.Blog/Robware.Api.Blog.csproj | 1 + src/Robware.Api.Blog/Startup.cs | 2 +- 6 files changed, 2 insertions(+), 97 deletions(-) delete mode 100644 src/Robware.Api.Blog/Authentication/ApiKeyAuthenticationHandler.cs delete mode 100644 src/Robware.Api.Blog/Authentication/ApiKeyAuthenticationOptions.cs delete mode 100644 src/Robware.Api.Blog/Authentication/ApiKeyValidator.cs delete mode 100644 src/Robware.Api.Blog/Authentication/AuthenticationBuilderExtensions.cs diff --git a/src/Robware.Api.Blog/Authentication/ApiKeyAuthenticationHandler.cs b/src/Robware.Api.Blog/Authentication/ApiKeyAuthenticationHandler.cs deleted file mode 100644 index 53357a7..0000000 --- a/src/Robware.Api.Blog/Authentication/ApiKeyAuthenticationHandler.cs +++ /dev/null @@ -1,59 +0,0 @@ -using Microsoft.AspNetCore.Authentication; -using Microsoft.Extensions.Logging; -using Microsoft.Extensions.Options; -using System.Collections.Generic; -using System.Linq; -using System.Security.Claims; -using System.Text.Encodings.Web; -using System.Threading.Tasks; - -namespace Robware.Api.Blog.Authentication { - public class ApiKeyAuthenticationHandler : AuthenticationHandler { - private const string ApiKeyHeaderName = "X-Api-Key"; - private readonly ApiKeyValidator _apiKeyValidator; - - public ApiKeyAuthenticationHandler(IOptionsMonitor options, - ILoggerFactory logger, - UrlEncoder encoder, - ISystemClock clock, - ApiKeyValidator apiKeyValidator) - : base(options, logger, encoder, clock) { - _apiKeyValidator = apiKeyValidator; - } - - protected override async Task HandleAuthenticateAsync() { - if (!Request.Headers.TryGetValue(ApiKeyHeaderName, out var apiKeyHeaderValues)) { - return AuthenticateResult.NoResult(); - } - - var apiKey = apiKeyHeaderValues.FirstOrDefault(); - - if (apiKeyHeaderValues.Count == 0 || string.IsNullOrWhiteSpace(apiKey)) { - return AuthenticateResult.NoResult(); - } - - if (await _apiKeyValidator.Validate(apiKey)) { - var claims = new List - { - new Claim(ApiKeyHeaderName, apiKey) - }; - - var identity = new ClaimsIdentity(claims, Options.AuthenticationType); - var principal = new ClaimsPrincipal(new[] { identity }); - var ticket = new AuthenticationTicket(principal, Options.Scheme); - - return AuthenticateResult.Success(ticket); - } - - return AuthenticateResult.Fail("Invalid API Key provided."); - } - - protected override async Task HandleChallengeAsync(AuthenticationProperties properties) { - Response.StatusCode = 401; - } - - protected override async Task HandleForbiddenAsync(AuthenticationProperties properties) { - Response.StatusCode = 403; - } - } -} \ No newline at end of file diff --git a/src/Robware.Api.Blog/Authentication/ApiKeyAuthenticationOptions.cs b/src/Robware.Api.Blog/Authentication/ApiKeyAuthenticationOptions.cs deleted file mode 100644 index 2afef6f..0000000 --- a/src/Robware.Api.Blog/Authentication/ApiKeyAuthenticationOptions.cs +++ /dev/null @@ -1,9 +0,0 @@ -using Microsoft.AspNetCore.Authentication; - -namespace Robware.Api.Blog.Authentication { - public class ApiKeyAuthenticationOptions : AuthenticationSchemeOptions { - public const string DefaultScheme = "API Key"; - public string Scheme => DefaultScheme; - public string AuthenticationType = DefaultScheme; - } -} \ No newline at end of file diff --git a/src/Robware.Api.Blog/Authentication/ApiKeyValidator.cs b/src/Robware.Api.Blog/Authentication/ApiKeyValidator.cs deleted file mode 100644 index 74c0fe2..0000000 --- a/src/Robware.Api.Blog/Authentication/ApiKeyValidator.cs +++ /dev/null @@ -1,18 +0,0 @@ -using System.Net.Http; -using System.Threading.Tasks; - -namespace Robware.Api.Blog.Authentication -{ - public class ApiKeyValidator { - private readonly HttpClient _httpClient; - - public ApiKeyValidator(HttpClient httpClient) { - _httpClient = httpClient; - } - - public async Task Validate(string apiKey) { - var response = await _httpClient.GetAsync("api/validate?key=" + apiKey); - return response.IsSuccessStatusCode; - } - } -} \ No newline at end of file diff --git a/src/Robware.Api.Blog/Authentication/AuthenticationBuilderExtensions.cs b/src/Robware.Api.Blog/Authentication/AuthenticationBuilderExtensions.cs deleted file mode 100644 index df21550..0000000 --- a/src/Robware.Api.Blog/Authentication/AuthenticationBuilderExtensions.cs +++ /dev/null @@ -1,10 +0,0 @@ -using Microsoft.AspNetCore.Authentication; -using System; - -namespace Robware.Api.Blog.Authentication { - public static class AuthenticationBuilderExtensions { - public static AuthenticationBuilder AddApiKeySupport(this AuthenticationBuilder authenticationBuilder, Action options) { - return authenticationBuilder.AddScheme(ApiKeyAuthenticationOptions.DefaultScheme, options); - } - } -} \ No newline at end of file diff --git a/src/Robware.Api.Blog/Robware.Api.Blog.csproj b/src/Robware.Api.Blog/Robware.Api.Blog.csproj index d911a9e..38059f0 100644 --- a/src/Robware.Api.Blog/Robware.Api.Blog.csproj +++ b/src/Robware.Api.Blog/Robware.Api.Blog.csproj @@ -7,6 +7,7 @@ + diff --git a/src/Robware.Api.Blog/Startup.cs b/src/Robware.Api.Blog/Startup.cs index 8114242..a530142 100644 --- a/src/Robware.Api.Blog/Startup.cs +++ b/src/Robware.Api.Blog/Startup.cs @@ -4,9 +4,9 @@ using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using MongoDB.Driver; -using Robware.Api.Blog.Authentication; using Robware.Blog; using Robware.Data; +using Robware.Lib.Auth.ApiKey; using System; namespace Robware.Api.Blog {