/// <summary>
/// Verifies API access token against token hashes in database
/// </summary>
/// <param name="apiToken">API access token for verification</param>
/// <param name="requiredPermission"></param>
/// <returns>True if token was verified, false otherwise</returns>
public bool VerifyApplicationToken(string apiToken, ApiAccessPermissionEnumModel requiredPermission)
{
if (string.IsNullOrEmpty(apiToken))
{
return(false);
}
var hashedKeys = GetAllHashedKeys();
foreach (var hashedKey in hashedKeys)
{
var hashingAlgorithm = hashedKey.HashAlgorithm;
if (m_hasher.ValidateHash(apiToken, hashedKey.ApiKeyHash, hashingAlgorithm))
{
var requiredPermissionInt = Convert.ToInt32(requiredPermission);
if (hashedKey.Permissions.Any(x => x.Permission == requiredPermissionInt))
{
return(true);
}
}
//TODO implement other algorithms
}
return(false);
}
public RequireApiAccessTokenAttribute(ApiAccessPermissionEnumModel requiredPermission = ApiAccessPermissionEnumModel.Internal)
: base(typeof(RequireApiTokenAttributeImpl))
{
Arguments = new object[]
{
requiredPermission
};
}
public RequireApiTokenAttributeImpl(
ApiAccessKeyManager accessKeyManager,
ApiAccessPermissionEnumModel requiredPermission,
ILogger <RequireApiTokenAttributeImpl> logger)
{
m_accessKeyManager = accessKeyManager;
m_requiredPermission = requiredPermission;
m_logger = logger;
}
