triggermeelmo/Watcher
1
0
Fork 0
Code Issues 13 Pull Requests Actions 1 Packages Projects 3 Releases Wiki Activity
Files
d8b164e3eb8ba7afc58fe2510ad488e7a6175ccc
Watcher/watcher-monitoring/Attributes/ApiKeyAuthAttribute.cs
triggermeelmo d8b164e3eb
All checks were successful
Gitea CI/CD / dotnet-build-and-test (push) Successful in 10m5s
Details
Gitea CI/CD / Set Tag Name (push) Successful in 5s
Details
Gitea CI/CD / docker-build-and-push (push) Successful in 11m28s
Details
Gitea CI/CD / Create Tag (push) Successful in 5s
Details
Added Authentication with user-auth and apikey-auth
2026-01-09 10:18:06 +01:00

59 lines
2.1 KiB
C#
Raw Blame History

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.EntityFrameworkCore;
using watcher_monitoring.Data;
namespace watcher_monitoring.Attributes;
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class ApiKeyAuthAttribute : Attribute, IAsyncActionFilter
{
private const string ApiKeyHeaderName = "X-API-Key";
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
if (!context.HttpContext.Request.Headers.TryGetValue(ApiKeyHeaderName, out var extractedApiKey))
{
context.Result = new UnauthorizedObjectResult(new { error = "API-Key fehlt im Header" });
return;
}
var apiKeyString = extractedApiKey.ToString();
var dbContext = context.HttpContext.RequestServices.GetRequiredService<WatcherDbContext>();
var logger = context.HttpContext.RequestServices.GetRequiredService<ILogger<ApiKeyAuthAttribute>>();
var apiKey = await dbContext.ApiKeys
.FirstOrDefaultAsync(k => k.Key == apiKeyString);
if (apiKey == null)
{
logger.LogWarning("Ungültiger API-Key verwendet: {ApiKey}", apiKeyString);
context.Result = new UnauthorizedObjectResult(new { error = "Ungültiger API-Key" });
return;
}
if (!apiKey.IsActive)
{
logger.LogWarning("Inaktiver API-Key verwendet: {Name}", apiKey.Name);
context.Result = new UnauthorizedObjectResult(new { error = "API-Key ist deaktiviert" });
return;
}
if (apiKey.IsExpired)
{
logger.LogWarning("Abgelaufener API-Key verwendet: {Name}", apiKey.Name);
context.Result = new UnauthorizedObjectResult(new { error = "API-Key ist abgelaufen" });
return;
}
// Letzten Verwendungszeitpunkt aktualisieren
apiKey.LastUsedAt = DateTime.UtcNow;
await dbContext.SaveChangesAsync();
logger.LogInformation("API-Zugriff mit Key: {Name}", apiKey.Name);
await next();
}
}
Reference in New Issue View Git Blame Copy Permalink