Add API key authorisation.

src/Robware.Api.Blog/Startup.cs

@@ -4,8 +4,10 @@ using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using MongoDB.Driver;
+using Robware.Api.Blog.Authentication;
 using Robware.Blog;
 using Robware.Data;
+using System;
 
 namespace Robware.Api.Blog {
 	public class Startup {
@@ -22,6 +24,17 @@ namespace Robware.Api.Blog {
 			services
 				.AddSingleton<IMongoDatabase>(SetupMongoDatabase())
 				.AddSingleton<IBlogRepository, BlogRepository>();
+
+			services.AddHttpClient<ApiKeyValidator>(client => {
+				client.BaseAddress = new Uri(Configuration["authEndpoint"]);
+				client.DefaultRequestHeaders.Add("x-api-key", new[] {Configuration["authApiKey"]});
+			});
+
+			services.AddAuthentication(options => {
+					options.DefaultAuthenticateScheme = ApiKeyAuthenticationOptions.DefaultScheme;
+					options.DefaultChallengeScheme = ApiKeyAuthenticationOptions.DefaultScheme;
+				})
+				.AddApiKeySupport(options => { });
 		}
 
 		private IMongoDatabase SetupMongoDatabase() {
@@ -39,10 +52,12 @@ namespace Robware.Api.Blog {
 
 			app.UseRouting();
 
+			app.UseAuthentication();
+
 			app.UseAuthorization();
 
 			app.UseEndpoints(endpoints => {
-				endpoints.MapControllers();
+				endpoints.MapControllers().RequireAuthorization();
 			});
 		}
 	}