Implementing api key authentication scheme and validation. Added default value in dtos

2026-01-17 21:05:20 +01:00
parent 01c86406dc
commit 56b14f60f1
8 changed files with 110 additions and 11 deletions
--- a/Moonlight.Api/Implementations/ApiKeyScheme/ApiKeySchemeHandler.cs
+++ b/Moonlight.Api/Implementations/ApiKeyScheme/ApiKeySchemeHandler.cs
@@ -0,0 +1,71 @@
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Caching.Memory;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Moonlight.Api.Database;
+using Moonlight.Api.Database.Entities;
+using Moonlight.Shared;
+
+namespace Moonlight.Api.Implementations.ApiKeyScheme;
+
+public class ApiKeySchemeHandler : AuthenticationHandler<ApiKeySchemeOptions>
+{
+    private readonly DatabaseRepository<ApiKey> ApiKeyRepository;
+    private readonly IMemoryCache MemoryCache;
+
+    public ApiKeySchemeHandler(
+        IOptionsMonitor<ApiKeySchemeOptions> options,
+        ILoggerFactory logger,
+        UrlEncoder encoder,
+        DatabaseRepository<ApiKey> apiKeyRepository,
+        IMemoryCache memoryCache
+    ) : base(options, logger, encoder)
+    {
+        ApiKeyRepository = apiKeyRepository;
+        MemoryCache = memoryCache;
+    }
+
+    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
+    {
+        var authHeaderValue = Request.Headers.Authorization.FirstOrDefault() ?? null;
+
+        if (string.IsNullOrWhiteSpace(authHeaderValue))
+            return AuthenticateResult.NoResult();
+
+        if (authHeaderValue.Length > 32)
+            return AuthenticateResult.Fail("Invalid api key specified");
+
+        if (!MemoryCache.TryGetValue<ApiKeySession>(authHeaderValue, out var apiKey))
+        {
+            apiKey = await ApiKeyRepository
+                .Query()
+                .Where(x => x.Key == authHeaderValue)
+                .Select(x => new ApiKeySession(x.Permissions))
+                .FirstOrDefaultAsync();
+
+            if (apiKey == null)
+                return AuthenticateResult.Fail("Invalid api key specified");
+
+            MemoryCache.Set(authHeaderValue, apiKey, Options.LookupCacheTime);
+        }
+        else
+        {
+            if (apiKey == null)
+                return AuthenticateResult.Fail("Invalid api key specified");
+        }
+
+        return AuthenticateResult.Success(new AuthenticationTicket(
+            new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    apiKey.Permissions.Select(x => new Claim(Permissions.ClaimType, x)).ToArray()
+                )
+            ),
+            Scheme.Name
+        ));
+    }
+
+    private record ApiKeySession(string[] Permissions);
+}
--- a/Moonlight.Api/Implementations/ApiKeyScheme/ApiKeySchemeOptions.cs
+++ b/Moonlight.Api/Implementations/ApiKeyScheme/ApiKeySchemeOptions.cs
@@ -0,0 +1,8 @@
+using Microsoft.AspNetCore.Authentication;
+
+namespace Moonlight.Api.Implementations.ApiKeyScheme;
+
+public class ApiKeySchemeOptions : AuthenticationSchemeOptions
+{
+    public TimeSpan LookupCacheTime { get; set; }
+}