Move APIKeys to file and allow read vs read/write

2023-11-23 11:41:58 -05:00
parent 15f8385005
commit a7045ea9a4
12 changed files with 100 additions and 17 deletions
--- a/Controllers/TodoItemsController.cs
+++ b/Controllers/TodoItemsController.cs
@@ -7,13 +7,13 @@ namespace TodoApi.Controllers
 {
    [Route("api/[controller]")]
    [ApiController]
-    [ApiKey]
    public class TodoItemsController(TodoContext context) : ControllerBase
    {
        private readonly TodoContext _context = context;

        // GET: api/TodoItems
        [HttpGet]
+        [ApiKeyCanRead]
        public async Task<ActionResult<IEnumerable<TodoItem>>> GetTodoItems()
        {
            return await _context.TodoItems.ToListAsync();
@@ -21,6 +21,7 @@ namespace TodoApi.Controllers

        // GET: api/TodoItems/5
        [HttpGet("{id}")]
+        [ApiKeyCanRead]
        public async Task<ActionResult<TodoItem>> GetTodoItem(long id)
        {
            var todoItem = await _context.TodoItems.FindAsync(id);
@@ -36,6 +37,7 @@ namespace TodoApi.Controllers
        // PUT: api/TodoItems/5
        // To protect from overposting attacks, see https://go.microsoft.com/fwlink/?linkid=2123754
        [HttpPut("{id}")]
+        [ApiKeyCanWrite]
        public async Task<IActionResult> PutTodoItem(long id, TodoItem todoItem)
        {
            if (id != todoItem.Id)
@@ -67,6 +69,7 @@ namespace TodoApi.Controllers
        // POST: api/TodoItems
        // To protect from overposting attacks, see https://go.microsoft.com/fwlink/?linkid=2123754
        [HttpPost]
+        [ApiKeyCanWrite]
        public async Task<ActionResult<TodoItem>> PostTodoItem(TodoItem todoItem)
        {
            _context.TodoItems.Add(todoItem);
@@ -77,6 +80,7 @@ namespace TodoApi.Controllers

        // DELETE: api/TodoItems/5
        [HttpDelete("{id}")]
+        [ApiKeyCanWrite]
        public async Task<IActionResult> DeleteTodoItem(long id)
        {
            var todoItem = await _context.TodoItems.FindAsync(id);