public List <ApiKey> GenerateNewApiKeys(string userId, params string[] environments)
{
var now = DateTime.UtcNow;
var apiKeys = new List <ApiKey>();
if (environments.Length == 0)
{
environments = Environments;
}
foreach (var env in environments)
{
foreach (var keyType in KeyTypes)
{
var key = GenerateApiKey(env, keyType, KeySizeBytes);
var apiKey = new ApiKey
{
UserAuthId = userId,
Environment = env,
KeyType = keyType,
Id = key,
CreatedDate = now,
ExpiryDate = ExpireKeysAfter != null?now.Add(ExpireKeysAfter.Value) : (DateTime?)null
};
if (CreateApiKeyFilter != null)
{
CreateApiKeyFilter(apiKey);
}
apiKeys.Add(apiKey);
}
}
return(apiKeys);
}
public virtual async Task PreAuthenticateWithApiKeyAsync(IRequest req, IResponse res, ApiKey apiKey)
{
if (RequireSecureConnection && !req.IsSecureConnection)
{
throw HttpError.Forbidden(ErrorMessages.ApiKeyRequiresSecureConnection.Localize(req));
}
ValidateApiKey(req, apiKey);
var apiSessionKey = GetSessionKey(apiKey.Id);
if (await HasCachedSessionAsync(req, apiSessionKey).ConfigAwait())
{
req.Items[Keywords.ApiKey] = apiKey;
return;
}
//Need to run SessionFeature filter since its not executed before this attribute (Priority -100)
SessionFeature.AddSessionIdToRequestFilter(req, res, null); //Required to get req.GetSessionId()
using var authService = HostContext.ResolveService <AuthenticateService>(req);
var response = await authService.PostAsync(new Authenticate
{
provider = Name,
UserName = "******",
Password = apiKey.Id,
}).ConfigAwait();
await CacheSessionAsync(req, apiSessionKey);
}
public List<ApiKey> GenerateNewApiKeys(string userId, params string[] environments)
{
var now = DateTime.UtcNow;
var apiKeys = new List<ApiKey>();
if (environments.Length == 0)
environments = Environments;
foreach (var env in environments)
{
foreach (var keyType in KeyTypes)
{
var key = GenerateApiKey(env, keyType, KeySizeBytes);
var apiKey = new ApiKey
{
UserAuthId = userId,
Environment = env,
KeyType = keyType,
Id = key,
CreatedDate = now,
ExpiryDate = ExpireKeysAfter != null ? now.Add(ExpireKeysAfter.Value) : (DateTime?) null
};
CreateApiKeyFilter?.Invoke(apiKey);
apiKeys.Add(apiKey);
}
}
return apiKeys;
}
private void PreAuthenticateWithApiKey(IRequest req, IResponse res, ApiKey apiKey)
{
if (RequireSecureConnection && !req.IsSecureConnection)
throw HttpError.Forbidden(ErrorMessages.ApiKeyRequiresSecureConnection);
ValidateApiKey(apiKey);
var apiSessionKey = GetSessionKey(apiKey.Id);
if (SessionCacheDuration != null)
{
var session = req.GetCacheClient().Get<IAuthSession>(apiSessionKey);
if (session != null)
session = HostContext.AppHost.OnSessionFilter(session, session.Id);
if (session != null)
{
req.Items[Keywords.ApiKey] = apiKey;
req.Items[Keywords.Session] = session;
return;
}
}
//Need to run SessionFeature filter since its not executed before this attribute (Priority -100)
SessionFeature.AddSessionIdToRequestFilter(req, res, null); //Required to get req.GetSessionId()
using (var authService = HostContext.ResolveService<AuthenticateService>(req))
{
var response = authService.Post(new Authenticate
{
provider = Name,
UserName = "******",
Password = apiKey.Id,
});
}
if (SessionCacheDuration != null)
{
var session = req.GetSession();
req.GetCacheClient().Set(apiSessionKey, session, SessionCacheDuration);
}
}
protected virtual void ValidateApiKey(ApiKey apiKey)
{
if (apiKey == null)
throw HttpError.NotFound("ApiKey does not exist");
if (apiKey.CancelledDate != null)
throw HttpError.Forbidden("ApiKey has been cancelled");
if (apiKey.ExpiryDate != null && DateTime.UtcNow > apiKey.ExpiryDate.Value)
throw HttpError.Forbidden("ApiKey has expired");
}
public List<ApiKey> GenerateNewApiKeys(string userId, params string[] environments)
{
var now = DateTime.UtcNow;
var apiKeys = new List<ApiKey>();
if (environments.Length == 0)
environments = Environments;
foreach (var env in environments)
{
foreach (var keyType in KeyTypes)
{
var key = CreateApiKeyFn(env, keyType, KeySizeBytes);
var apiKey = new ApiKey
{
UserAuthId = userId,
Environment = env,
KeyType = keyType,
Id = key,
CreatedDate = now,
};
if (ApiKeyFilterFn != null)
ApiKeyFilterFn(apiKey);
apiKeys.Add(apiKey);
}
}
return apiKeys;
}
public override void OnRegistered(IRequest httpReq, IAuthSession session, IServiceBase registrationService)
{
var now = DateTime.UtcNow;
var userId = session.UserAuthId;
var apiKeys = new List<ApiKey>();
foreach (var env in apiKeyProvider.Environments)
{
foreach (var keyType in apiKeyProvider.KeyTypes)
{
var key = apiKeyProvider.CreateApiKeyFn(env, keyType, apiKeyProvider.KeySizeBytes);
var apiKey = new ApiKey
{
UserAuthId = userId,
Environment = env,
KeyType = keyType,
Id = key,
CreatedDate = now,
};
if (apiKeyProvider.ApiKeyFilterFn != null)
apiKeyProvider.ApiKeyFilterFn(apiKey);
apiKeys.Add(apiKey);
}
}
var authRepo = (IManageApiKeys)httpReq.TryResolve<IAuthRepository>().AsUserAuthRepository(httpReq);
authRepo.StoreAll(apiKeys);
}
