Move APIKeys to file and allow read vs read/write

Helpers/ApiKeyCanReadAttribute.cs

@@ -0,0 +1,27 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace TodoApi.Helpers;
+
+public class ApiKeyCanReadAttribute : ActionFilterAttribute
+{
+    public override void OnActionExecuting(ActionExecutingContext context)
+    {
+        // Get the required service to validate the API key
+        var apiKeyValidator = context.HttpContext.RequestServices.GetRequiredService<IApiKeyValidator>();
+
+        // Get the API key from the X-API-KEY header
+        var apiKey = context.HttpContext.Request.Headers["X-API-KEY"];
+
+        // Validate the API key using the IApiKeyValidator service
+        if (string.IsNullOrEmpty(apiKey) || !apiKeyValidator.CanRead(apiKey))
+        {
+            // If the API key is invalid, set the response status code to 401 Unauthorized
+            context.Result = new UnauthorizedResult();
+            return;
+        }
+
+        // If the API key is valid, continue with the action execution
+        base.OnActionExecuting(context);
+    }
+}