using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;

namespace TodoApi.Helpers;

public class ApiKeyCanReadAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext context)
    {
        // Get the required service to validate the API key
        var apiKeyValidator = context.HttpContext.RequestServices.GetRequiredService<IApiKeyValidator>();

        // Get the API key from the X-API-KEY header
        var apiKey = context.HttpContext.Request.Headers["X-API-KEY"];

        // Validate the API key using the IApiKeyValidator service
        if (!apiKeyValidator.CanRead(apiKey))
        {
            // If the API key is invalid, set the response status code to 401 Unauthorized
            context.Result = new UnauthorizedResult();
            return;
        }

        // If the API key is valid, continue with the action execution
        base.OnActionExecuting(context);
    }
}