J.Schmidt92/journal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
journal/Journal.WebGateway/Security/ApiKeyAuthenticationHandler.cs
stan44 7562cf6fad Add gateway root adoption and mobile polish 
- Add Tauri commands to inspect and adopt the gateway repo root
- Retry locked vault commands by prompting for unlock
- Improve mobile layout, editor mode toggles, and settings UI
2026-03-30 00:00:25 -05:00

40 lines
1.6 KiB
C#
Raw Blame History

using System.Text.Encodings.Web;
using Microsoft.Extensions.Options;
using Microsoft.AspNetCore.Authentication;
namespace Journal.WebGateway.Security;
public class ApiKeyAuthenticationHandler(
IOptionsMonitor<AuthenticationSchemeOptions> options,
ILoggerFactory logger,
UrlEncoder encoder,
IConfiguration config)
: AuthenticationHandler<AuthenticationSchemeOptions>(options, logger, encoder)
{
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
if (!Request.Headers.TryGetValue("X-API-KEY", out var extractedApiKey))
return Task.FromResult(AuthenticateResult.NoResult()); // Fallback to other schemes (like Cookie)
var expectedApiKey = config.GetValue<string>("Security:ApiKey");
if (string.Equals(expectedApiKey, extractedApiKey, StringComparison.Ordinal))
{
var claims = new[] { new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, "ApiKeyUser") };
var identity = new System.Security.Claims.ClaimsIdentity(claims, Scheme.Name);
var principal = new System.Security.Claims.ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return Task.FromResult(AuthenticateResult.Success(ticket));
}
return Task.FromResult(AuthenticateResult.Fail("Invalid API Key provided."));
}
// Do NOT issue a 401 challenge from this handler.
// Let the Cookie scheme handle it (which redirects to /gateway/login).
protected override Task HandleChallengeAsync(AuthenticationProperties properties)
{
return Task.CompletedTask;
}
}
Reference in New Issue View Git Blame Copy Permalink