From 85e82d9bb6823c2ec488e68cbabc10a14a31ecee Mon Sep 17 00:00:00 2001
From: Jared <translucency@outlook.com>
Date: Tue, 13 Apr 2021 19:26:19 -0700
Subject: [PATCH] Let API Token also authorize for ExpiringTokenFilter.

---
 Server/Auth/ExpiringTokenFilter.cs | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/Server/Auth/ExpiringTokenFilter.cs b/Server/Auth/ExpiringTokenFilter.cs
index 3b4f2600..a84b2cc0 100644
--- a/Server/Auth/ExpiringTokenFilter.cs
+++ b/Server/Auth/ExpiringTokenFilter.cs
@@ -14,12 +14,15 @@ namespace Remotely.Server.Auth
 {
     public class ExpiringTokenFilter : ActionFilterAttribute, IAuthorizationFilter
     {
+        private readonly IDataService _dataService;
         private readonly IExpiringTokenService _expiringTokenService;
         private readonly ILogger<ExpiringTokenFilter> _logger;
 
         public ExpiringTokenFilter(IExpiringTokenService expiringTokenService,
+            IDataService dataService,
             ILogger<ExpiringTokenFilter> logger)
         {
+            _dataService = dataService;
             _expiringTokenService = expiringTokenService;
             _logger = logger;
         }
@@ -31,8 +34,27 @@ namespace Remotely.Server.Auth
                 return;
             }
 
-            if (context.HttpContext.Request.Headers.TryGetValue("Authorization", out var authorization) &&
-                _expiringTokenService.TryGetExpiration(authorization.ToString(), out var expiration) &&
+            if (!context.HttpContext.Request.Headers.TryGetValue("Authorization", out var authorization))
+            {
+                context.Result = new UnauthorizedResult();
+                return;
+            }
+
+            if (authorization.ToString().Contains(":"))
+            {
+                var keyId = authorization.ToString().Split(":")[0]?.Trim();
+                var apiSecret = authorization.ToString().Split(":")[1]?.Trim();
+
+                if (_dataService.ValidateApiKey(keyId, apiSecret, context.HttpContext.Request.Path, context.HttpContext.Connection.RemoteIpAddress.ToString()))
+                {
+                    var orgID = _dataService.GetApiKey(keyId)?.OrganizationID;
+                    context.HttpContext.Request.Headers["OrganizationID"] = orgID;
+                    return;
+                }
+            }
+
+
+            if (_expiringTokenService.TryGetExpiration(authorization.ToString(), out var expiration) &&
                 expiration > DateTimeOffset.Now)
             {
                 _logger.LogDebug("Expiring token authorized.  Token: {token}.  Expiration: {expiration}", authorization, expiration);