Enable CORS on all endpoints
This commit is contained in:
2
.vscode/launch.json
vendored
2
.vscode/launch.json
vendored
@@ -9,7 +9,7 @@
|
|||||||
"type": "coreclr",
|
"type": "coreclr",
|
||||||
"request": "launch",
|
"request": "launch",
|
||||||
"preLaunchTask": "build",
|
"preLaunchTask": "build",
|
||||||
"launchSettingsProfile": "http",
|
"launchSettingsProfile": "https",
|
||||||
// If you have changed target frameworks, make sure to update the program path.
|
// If you have changed target frameworks, make sure to update the program path.
|
||||||
"program": "${workspaceFolder}/bin/Debug/net8.0/TodoApi.dll",
|
"program": "${workspaceFolder}/bin/Debug/net8.0/TodoApi.dll",
|
||||||
"args": [],
|
"args": [],
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ public class ApiKeyCanReadAttribute : ActionFilterAttribute
|
|||||||
var apiKey = context.HttpContext.Request.Headers["X-API-KEY"];
|
var apiKey = context.HttpContext.Request.Headers["X-API-KEY"];
|
||||||
|
|
||||||
// Validate the API key using the IApiKeyValidator service
|
// Validate the API key using the IApiKeyValidator service
|
||||||
if (string.IsNullOrEmpty(apiKey) || !apiKeyValidator.CanRead(apiKey))
|
if (!apiKeyValidator.CanRead(apiKey))
|
||||||
{
|
{
|
||||||
// If the API key is invalid, set the response status code to 401 Unauthorized
|
// If the API key is invalid, set the response status code to 401 Unauthorized
|
||||||
context.Result = new UnauthorizedResult();
|
context.Result = new UnauthorizedResult();
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ public class ApiKeyCanWriteAttribute : ActionFilterAttribute
|
|||||||
var apiKey = context.HttpContext.Request.Headers["X-API-KEY"];
|
var apiKey = context.HttpContext.Request.Headers["X-API-KEY"];
|
||||||
|
|
||||||
// Validate the API key using the IApiKeyValidator service
|
// Validate the API key using the IApiKeyValidator service
|
||||||
if (string.IsNullOrEmpty(apiKey) || !apiKeyValidator.CanWrite(apiKey))
|
if (!apiKeyValidator.CanWrite(apiKey))
|
||||||
{
|
{
|
||||||
// If the API key is invalid, set the response status code to 401 Unauthorized
|
// If the API key is invalid, set the response status code to 401 Unauthorized
|
||||||
context.Result = new UnauthorizedResult();
|
context.Result = new UnauthorizedResult();
|
||||||
|
|||||||
24
Program.cs
24
Program.cs
@@ -30,9 +30,23 @@ try
|
|||||||
if (apiKeysTemp != null) apiKeys = apiKeysTemp;
|
if (apiKeysTemp != null) apiKeys = apiKeysTemp;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch {}
|
catch { }
|
||||||
builder.Services.AddSingleton<IApiKeyValidator, ApiKeyValidator>(_ => new ApiKeyValidator(apiKeys));
|
builder.Services.AddSingleton<IApiKeyValidator, ApiKeyValidator>(_ => new ApiKeyValidator(apiKeys));
|
||||||
|
|
||||||
|
//setup CORS if origins were supplied in the config file
|
||||||
|
string[]? allowedOrigins = builder.Configuration.GetValue<string[]>("AllowedOrigins");
|
||||||
|
if (allowedOrigins != null)
|
||||||
|
{
|
||||||
|
builder.Services.AddCors(options =>
|
||||||
|
{
|
||||||
|
options.AddPolicy(name: "AllowedOrigins",
|
||||||
|
policy =>
|
||||||
|
{
|
||||||
|
policy.WithOrigins(allowedOrigins);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
|
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
|
||||||
builder.Services.AddEndpointsApiExplorer();
|
builder.Services.AddEndpointsApiExplorer();
|
||||||
builder.Services.AddSwaggerGen(c =>
|
builder.Services.AddSwaggerGen(c =>
|
||||||
@@ -64,13 +78,21 @@ builder.Services.AddSwaggerGen(c =>
|
|||||||
|
|
||||||
var app = builder.Build();
|
var app = builder.Build();
|
||||||
|
|
||||||
|
//
|
||||||
// Configure the HTTP request pipeline.
|
// Configure the HTTP request pipeline.
|
||||||
|
//
|
||||||
|
|
||||||
// if (app.Environment.IsDevelopment())
|
// if (app.Environment.IsDevelopment())
|
||||||
// {
|
// {
|
||||||
app.UseSwagger();
|
app.UseSwagger();
|
||||||
app.UseSwaggerUI();
|
app.UseSwaggerUI();
|
||||||
// }
|
// }
|
||||||
|
|
||||||
|
if (allowedOrigins != null)
|
||||||
|
{
|
||||||
|
app.UseCors();
|
||||||
|
}
|
||||||
|
|
||||||
app.UseAuthentication();
|
app.UseAuthentication();
|
||||||
|
|
||||||
app.UseAuthorization();
|
app.UseAuthorization();
|
||||||
|
|||||||
@@ -3,6 +3,11 @@
|
|||||||
"TodoDatabase": "Data Source=data/todo.db"
|
"TodoDatabase": "Data Source=data/todo.db"
|
||||||
},
|
},
|
||||||
"APIKeyFile": "data/apikeys.json",
|
"APIKeyFile": "data/apikeys.json",
|
||||||
|
"AllowedOrigins": [
|
||||||
|
"http://localhost:5123",
|
||||||
|
"http://localhost:7291",
|
||||||
|
"https://gitea.jumpersplace.net"
|
||||||
|
],
|
||||||
"Logging": {
|
"Logging": {
|
||||||
"LogLevel": {
|
"LogLevel": {
|
||||||
"Default": "Information",
|
"Default": "Information",
|
||||||
|
|||||||
BIN
data/todo.db-shm
BIN
data/todo.db-shm
Binary file not shown.
BIN
data/todo.db-wal
BIN
data/todo.db-wal
Binary file not shown.
Reference in New Issue
Block a user