mirrors/Remotely
3
0
Fork 0
mirror of https://github.com/immense/Remotely.git synced 2025-10-26 11:27:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Let API Token also authorize for ExpiringTokenFilter.

Browse Source
This commit is contained in:
Jared 2021-04-13 19:26:19 -07:00 committed by Jared Goodwin
parent 50ff25277f
commit 85e82d9bb6
1 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Server/Auth/ExpiringTokenFilter.cs
View File

@ -14,12 +14,15 @@ namespace Remotely.Server.Auth
{
public class ExpiringTokenFilter : ActionFilterAttribute, IAuthorizationFilter
{
private readonly IDataService _dataService;
private readonly IExpiringTokenService _expiringTokenService;
private readonly ILogger<ExpiringTokenFilter> _logger;
public ExpiringTokenFilter(IExpiringTokenService expiringTokenService,
IDataService dataService,
ILogger<ExpiringTokenFilter> logger)
{
_dataService = dataService;
_expiringTokenService = expiringTokenService;
_logger = logger;
}
@ -31,8 +34,27 @@ namespace Remotely.Server.Auth
return;
}
if (context.HttpContext.Request.Headers.TryGetValue("Authorization", out var authorization) &&
_expiringTokenService.TryGetExpiration(authorization.ToString(), out var expiration) &&
if (!context.HttpContext.Request.Headers.TryGetValue("Authorization", out var authorization))
{
context.Result = new UnauthorizedResult();
return;
}
if (authorization.ToString().Contains(":"))
{
var keyId = authorization.ToString().Split(":")[0]?.Trim();
var apiSecret = authorization.ToString().Split(":")[1]?.Trim();
if (_dataService.ValidateApiKey(keyId, apiSecret, context.HttpContext.Request.Path, context.HttpContext.Connection.RemoteIpAddress.ToString()))
{
var orgID = _dataService.GetApiKey(keyId)?.OrganizationID;
context.HttpContext.Request.Headers["OrganizationID"] = orgID;
return;
}
}
if (_expiringTokenService.TryGetExpiration(authorization.ToString(), out var expiration) &&
expiration > DateTimeOffset.Now)
{
_logger.LogDebug("Expiring token authorized. Token: {token}. Expiration: {expiration}", authorization, expiration);