update 20241003

2024-10-03 16:59:24 +02:00
parent 765a5ef350
commit 4fbeb345ee
237 changed files with 44064 additions and 1107832 deletions
@@ -1,6 +1,7 @@
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using API_NetFramework.Models;
 using Swashbuckle.Application;
 using System;
 using System.Collections.Generic;
@@ -111,14 +112,21 @@ namespace SecuringWebApiUsingApiKey.Middleware
    public static class ApiKeyMiddleware
    {
        public static string[] apikeys;
-
+        
        public static string GetValue( string key)
        {
            string res = WebConfigurationManager.AppSettings[key];
            return res;
        }

-        public static Boolean Authorized(HttpRequestMessage request)
+        private static bool checkfunction(string apikey, string function)
+        {
+            string decryptstring = SecuringWebApiUsingApiKey.Middleware.StringCipher.Decrypt(apikey, "OnDoc01");
+            if ( decryptstring.Contains(function))
+                { return true; }
+            else return false;
+        }
+        public static Boolean Authorized(HttpRequestMessage request, string function)
        {
            
            if (GetValue("AuthCheck") == "Yes")
@@ -126,25 +134,27 @@ namespace SecuringWebApiUsingApiKey.Middleware
                apikeys = GetValue("APIKeys").ToString().Split(',');
                IEnumerable<KeyValuePair<string, string>> queryParams = request.GetQueryNameValuePairs();
                var key = queryParams.FirstOrDefault(x => x.Key == "api_key");
-                if (apikeys.Contains(key.Value)) { return true; }
+                if (apikeys.Contains(key.Value) && checkfunction(key.Value,function)==true) { return true; }
                try
                {
                    IEnumerable<string> headerValues = request.Headers.GetValues("api_key");
                    string apikey = headerValues.FirstOrDefault();
                   
-                    if (apikeys.Contains(apikey)) { return true; }
+                    if (apikeys.Contains(apikey) && checkfunction(apikey,function)==true) { return true; }
                }
                catch { }
                try
                {
-                    if (request.Headers.Authorization.Scheme == "Bearer" && apikeys.Contains(request.Headers.Authorization.Parameter.ToString()))
-                        //== GetValue("Bearer"))
+                    if (request.Headers.Authorization.Scheme == "Bearer" && apikeys.Contains(request.Headers.Authorization.Parameter.ToString()) && checkfunction(request.Headers.Authorization.Parameter.ToString(),function)==true)
                    {
                        return true;
                    }
                }
-                catch { return false; }
+                catch {
+                    APILogging.Log(request, "Unberechtigter Zugriff", LogLevelType.Error);
+                    return false; }
            }
+            APILogging.Log(request, "Unberechtigter Zugriff", LogLevelType.Error);
            return false;
        }
        //private readonly RequestDelegate _next;