From 457a2f1724c0f0b11d3aafe8b53fac7bb2333310 Mon Sep 17 00:00:00 2001
From: Jeff Jumper <gitea@jumpersplace.net>
Date: Tue, 28 Nov 2023 10:02:30 -0500
Subject: [PATCH] Enable CORS on all endpoints

---
 .vscode/launch.json                |   2 +-
 Helpers/ApiKeyCanReadAttribute.cs  |   2 +-
 Helpers/ApiKeyCanWriteAttribute.cs |   2 +-
 Program.cs                         |  24 +++++++++++++++++++++++-
 appsettings.json                   |   5 +++++
 data/todo.db-shm                   | Bin 32768 -> 32768 bytes
 data/todo.db-wal                   | Bin 16512 -> 32992 bytes
 7 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/.vscode/launch.json b/.vscode/launch.json
index 65bf423..ebf9ff7 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -9,7 +9,7 @@
             "type": "coreclr",
             "request": "launch",
             "preLaunchTask": "build",
-            "launchSettingsProfile": "http",
+            "launchSettingsProfile": "https",
             // If you have changed target frameworks, make sure to update the program path.
             "program": "${workspaceFolder}/bin/Debug/net8.0/TodoApi.dll",
             "args": [],
diff --git a/Helpers/ApiKeyCanReadAttribute.cs b/Helpers/ApiKeyCanReadAttribute.cs
index 945984d..c74a185 100644
--- a/Helpers/ApiKeyCanReadAttribute.cs
+++ b/Helpers/ApiKeyCanReadAttribute.cs
@@ -14,7 +14,7 @@ public class ApiKeyCanReadAttribute : ActionFilterAttribute
         var apiKey = context.HttpContext.Request.Headers["X-API-KEY"];
 
         // Validate the API key using the IApiKeyValidator service
-        if (string.IsNullOrEmpty(apiKey) || !apiKeyValidator.CanRead(apiKey))
+        if (!apiKeyValidator.CanRead(apiKey))
         {
             // If the API key is invalid, set the response status code to 401 Unauthorized
             context.Result = new UnauthorizedResult();
diff --git a/Helpers/ApiKeyCanWriteAttribute.cs b/Helpers/ApiKeyCanWriteAttribute.cs
index 07768d2..fa4aac5 100644
--- a/Helpers/ApiKeyCanWriteAttribute.cs
+++ b/Helpers/ApiKeyCanWriteAttribute.cs
@@ -14,7 +14,7 @@ public class ApiKeyCanWriteAttribute : ActionFilterAttribute
         var apiKey = context.HttpContext.Request.Headers["X-API-KEY"];
 
         // Validate the API key using the IApiKeyValidator service
-        if (string.IsNullOrEmpty(apiKey) || !apiKeyValidator.CanWrite(apiKey))
+        if (!apiKeyValidator.CanWrite(apiKey))
         {
             // If the API key is invalid, set the response status code to 401 Unauthorized
             context.Result = new UnauthorizedResult();
diff --git a/Program.cs b/Program.cs
index 49e4f0e..e1b6cae 100644
--- a/Program.cs
+++ b/Program.cs
@@ -30,9 +30,23 @@ try
         if (apiKeysTemp != null) apiKeys = apiKeysTemp;
     }
 }
-catch {}
+catch { }
 builder.Services.AddSingleton<IApiKeyValidator, ApiKeyValidator>(_ => new ApiKeyValidator(apiKeys));
 
+//setup CORS if origins were supplied in the config file
+string[]? allowedOrigins = builder.Configuration.GetValue<string[]>("AllowedOrigins");
+if (allowedOrigins != null)
+{
+    builder.Services.AddCors(options =>
+    {
+        options.AddPolicy(name: "AllowedOrigins",
+                          policy =>
+                          {
+                              policy.WithOrigins(allowedOrigins);
+                          });
+    });
+}
+
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen(c =>
@@ -64,13 +78,21 @@ builder.Services.AddSwaggerGen(c =>
 
 var app = builder.Build();
 
+//
 // Configure the HTTP request pipeline.
+//
+
 // if (app.Environment.IsDevelopment())
 // {
 app.UseSwagger();
 app.UseSwaggerUI();
 // }
 
+if (allowedOrigins != null)
+{
+    app.UseCors();
+}
+
 app.UseAuthentication();
 
 app.UseAuthorization();
diff --git a/appsettings.json b/appsettings.json
index 154b879..d4d64a3 100644
--- a/appsettings.json
+++ b/appsettings.json
@@ -3,6 +3,11 @@
     "TodoDatabase": "Data Source=data/todo.db"
   },
   "APIKeyFile": "data/apikeys.json",
+  "AllowedOrigins": [
+    "http://localhost:5123",
+    "http://localhost:7291",
+    "https://gitea.jumpersplace.net"
+  ],
   "Logging": {
     "LogLevel": {
       "Default": "Information",
diff --git a/data/todo.db-shm b/data/todo.db-shm
index da61a7457333d07f0fccb7cecd8e1a5031cde318..43af2768f2d4d18f536f0864a6ab60141f0da8d8 100644
GIT binary patch
delta 168
zcmZo@U}|V!s+V}A%K!q55G=p}q*;NuX6wJ6Rl%(bmAAGonaRL2$+24DnYv)fFH+S5
wjRFIZx&M&>RG5i@ZDOPN#*PGUc18wfpv~+X7k+1AXJTMsU}NCexRBWp0OeFKAOHXW

delta 163
zcmZo@U}|V!s+V}A%K!q55G=p~q*;OZzP9|Q>$O3@l()7nnaRL2Nnw&6XV;1R+oY-o
r8U+SSK=MBlfD1ECY!u(PBEWm%0Rd)42Ih?$e={*NF|cgh$ZiM#34kzp

diff --git a/data/todo.db-wal b/data/todo.db-wal
index deeadd4b6a61458177acf6e2d0a30721b7b6041a..61fd9578a4bea69dfc5ff445ac7c729fb66f9fac 100644
GIT binary patch
delta 186
zcmZo@WPH%bw4uR4gMop81&A4xx3(^s$-pz|?TqrPTTV|A;{{3ZA7bGD!vBQ-BLAU{
zft&dGd0AN)<T+9kOB8ZS^O7?rTN>DN)PCgS`_asqx;a4LKfg9Bx_K9r%#t64-WCU$
s$I8D2ZXW-Zje(2!WqH_G7-YdFCMRa6Vl%(z-`1Lit--6n<}<PZ03%~MX#fBK

delta 9
QcmaFR$kfotxS_!T02J5*)&Kwi