Enable CORS on all endpoints

2023-11-28 10:02:30 -05:00
parent 3baec7137c
commit 457a2f1724
7 changed files with 31 additions and 4 deletions
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -9,7 +9,7 @@
            "type": "coreclr",
            "request": "launch",
            "preLaunchTask": "build",
-            "launchSettingsProfile": "http",
+            "launchSettingsProfile": "https",
            // If you have changed target frameworks, make sure to update the program path.
            "program": "${workspaceFolder}/bin/Debug/net8.0/TodoApi.dll",
            "args": [],
--- a/Helpers/ApiKeyCanReadAttribute.cs
+++ b/Helpers/ApiKeyCanReadAttribute.cs
@@ -14,7 +14,7 @@ public class ApiKeyCanReadAttribute : ActionFilterAttribute
        var apiKey = context.HttpContext.Request.Headers["X-API-KEY"];
        // Validate the API key using the IApiKeyValidator service
-        if (string.IsNullOrEmpty(apiKey) || !apiKeyValidator.CanRead(apiKey))
+        if (!apiKeyValidator.CanRead(apiKey))
        {
            // If the API key is invalid, set the response status code to 401 Unauthorized
            context.Result = new UnauthorizedResult();
--- a/Helpers/ApiKeyCanWriteAttribute.cs
+++ b/Helpers/ApiKeyCanWriteAttribute.cs
@@ -14,7 +14,7 @@ public class ApiKeyCanWriteAttribute : ActionFilterAttribute
        var apiKey = context.HttpContext.Request.Headers["X-API-KEY"];
        // Validate the API key using the IApiKeyValidator service
-        if (string.IsNullOrEmpty(apiKey) || !apiKeyValidator.CanWrite(apiKey))
+        if (!apiKeyValidator.CanWrite(apiKey))
        {
            // If the API key is invalid, set the response status code to 401 Unauthorized
            context.Result = new UnauthorizedResult();
--- a/Program.cs
+++ b/Program.cs
@@ -33,6 +33,20 @@ try
 catch { }
 builder.Services.AddSingleton<IApiKeyValidator, ApiKeyValidator>(_ => new ApiKeyValidator(apiKeys));
 //setup CORS if origins were supplied in the config file
 string[]? allowedOrigins = builder.Configuration.GetValue<string[]>("AllowedOrigins");
 if (allowedOrigins != null)
 {
    builder.Services.AddCors(options =>
    {
        options.AddPolicy(name: "AllowedOrigins",
                          policy =>
                          {
                              policy.WithOrigins(allowedOrigins);
                          });
    });
 }
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen(c =>
@@ -64,13 +78,21 @@ builder.Services.AddSwaggerGen(c =>
 var app = builder.Build();
 //
 // Configure the HTTP request pipeline.
 //
 // if (app.Environment.IsDevelopment())
 // {
 app.UseSwagger();
 app.UseSwaggerUI();
 // }
 if (allowedOrigins != null)
 {
    app.UseCors();
 }
 app.UseAuthentication();
 app.UseAuthorization();
--- a/appsettings.json
+++ b/appsettings.json
@@ -3,6 +3,11 @@
    "TodoDatabase": "Data Source=data/todo.db"
  },
  "APIKeyFile": "data/apikeys.json",
  "AllowedOrigins": [
    "http://localhost:5123",
    "http://localhost:7291",
    "https://gitea.jumpersplace.net"
  ],
  "Logging": {
    "LogLevel": {
      "Default": "Information",
--- a/data/todo.db-shm
+++ b/data/todo.db-shm
--- a/data/todo.db-wal
+++ b/data/todo.db-wal