Endpoint authorization

Tokens are validated for some of the endpoints. Need to add other measures to rule out bogus tokens.
This commit is contained in:
Kun Deng
2022-08-26 18:01:29 -04:00
parent 2cc13ac9bb
commit d48716a54f
7 changed files with 221 additions and 12 deletions
+30 -1
View File
@@ -47,6 +47,27 @@ namespace Icarus.Controllers.V1
#endregion
private string ParseBearerTokenFromHeader()
{
var token = string.Empty;
const string tokenType = "Bearer";
const string otherTokenType = "Jwt";
var req = Request;
var auth = req.Headers.Authorization;
var val = auth.ToString();
if (val.Contains(tokenType) && val.Split(" ").Count() > 1 ||
val.Contains(otherTokenType) && val.Split(" ").Count() > 1)
{
var split = val.Split(" ");
token = split[1];
}
return token;
}
[HttpGet("download/{id}")]
[Route("private-scoped")]
@@ -112,9 +133,17 @@ namespace Icarus.Controllers.V1
//
[HttpPost("upload/with/data")]
[Route("private-scoped")]
[Authorize("upload:songs")]
// [Authorize("upload:songs")]
public async Task<IActionResult> Post ([FromForm] UploadSongWithDataForm up)
{
var token = ParseBearerTokenFromHeader();
var tokMgr = new TokenManager(_config);
if (!tokMgr.IsTokenValid("upload:songs", token))
{
return StatusCode(401, "Not allowed");
}
try
{
if (up.SongData.Length > 0 && up.CoverArtData.Length > 0 && !string.IsNullOrEmpty(up.SongFile))