diff --git a/.vscode/launch.json b/.vscode/launch.json index 65bf423..ebf9ff7 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -9,7 +9,7 @@ "type": "coreclr", "request": "launch", "preLaunchTask": "build", - "launchSettingsProfile": "http", + "launchSettingsProfile": "https", // If you have changed target frameworks, make sure to update the program path. "program": "${workspaceFolder}/bin/Debug/net8.0/TodoApi.dll", "args": [], diff --git a/Helpers/ApiKeyCanReadAttribute.cs b/Helpers/ApiKeyCanReadAttribute.cs index 945984d..c74a185 100644 --- a/Helpers/ApiKeyCanReadAttribute.cs +++ b/Helpers/ApiKeyCanReadAttribute.cs @@ -14,7 +14,7 @@ public class ApiKeyCanReadAttribute : ActionFilterAttribute var apiKey = context.HttpContext.Request.Headers["X-API-KEY"]; // Validate the API key using the IApiKeyValidator service - if (string.IsNullOrEmpty(apiKey) || !apiKeyValidator.CanRead(apiKey)) + if (!apiKeyValidator.CanRead(apiKey)) { // If the API key is invalid, set the response status code to 401 Unauthorized context.Result = new UnauthorizedResult(); diff --git a/Helpers/ApiKeyCanWriteAttribute.cs b/Helpers/ApiKeyCanWriteAttribute.cs index 07768d2..fa4aac5 100644 --- a/Helpers/ApiKeyCanWriteAttribute.cs +++ b/Helpers/ApiKeyCanWriteAttribute.cs @@ -14,7 +14,7 @@ public class ApiKeyCanWriteAttribute : ActionFilterAttribute var apiKey = context.HttpContext.Request.Headers["X-API-KEY"]; // Validate the API key using the IApiKeyValidator service - if (string.IsNullOrEmpty(apiKey) || !apiKeyValidator.CanWrite(apiKey)) + if (!apiKeyValidator.CanWrite(apiKey)) { // If the API key is invalid, set the response status code to 401 Unauthorized context.Result = new UnauthorizedResult(); diff --git a/Program.cs b/Program.cs index 49e4f0e..e1b6cae 100644 --- a/Program.cs +++ b/Program.cs @@ -30,9 +30,23 @@ try if (apiKeysTemp != null) apiKeys = apiKeysTemp; } } -catch {} +catch { } builder.Services.AddSingleton(_ => new ApiKeyValidator(apiKeys)); +//setup CORS if origins were supplied in the config file +string[]? allowedOrigins = builder.Configuration.GetValue("AllowedOrigins"); +if (allowedOrigins != null) +{ + builder.Services.AddCors(options => + { + options.AddPolicy(name: "AllowedOrigins", + policy => + { + policy.WithOrigins(allowedOrigins); + }); + }); +} + // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(c => @@ -64,13 +78,21 @@ builder.Services.AddSwaggerGen(c => var app = builder.Build(); +// // Configure the HTTP request pipeline. +// + // if (app.Environment.IsDevelopment()) // { app.UseSwagger(); app.UseSwaggerUI(); // } +if (allowedOrigins != null) +{ + app.UseCors(); +} + app.UseAuthentication(); app.UseAuthorization(); diff --git a/appsettings.json b/appsettings.json index 154b879..d4d64a3 100644 --- a/appsettings.json +++ b/appsettings.json @@ -3,6 +3,11 @@ "TodoDatabase": "Data Source=data/todo.db" }, "APIKeyFile": "data/apikeys.json", + "AllowedOrigins": [ + "http://localhost:5123", + "http://localhost:7291", + "https://gitea.jumpersplace.net" + ], "Logging": { "LogLevel": { "Default": "Information", diff --git a/data/todo.db-shm b/data/todo.db-shm index da61a74..43af276 100644 Binary files a/data/todo.db-shm and b/data/todo.db-shm differ diff --git a/data/todo.db-wal b/data/todo.db-wal index deeadd4..61fd957 100644 Binary files a/data/todo.db-wal and b/data/todo.db-wal differ