(refactor): implement agent authorization filter

2025-12-31 04:00:03 +01:00 · 2024-06-09 00:02:10 +02:00 · 2024-06-09 00:02:10 +02:00 · 094acf925b
commit 094acf925b
parent 9a11bbca10
6 changed files with 50 additions and 25 deletions
--- a/src/Agent/AuthorizationFilters/ApiKeyAuthorizationFilter.cs
+++ b/src/Agent/AuthorizationFilters/ApiKeyAuthorizationFilter.cs
@ -0,0 +1,28 @@
+using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+
+namespace MaksIT.Agent.AuthorizationFilters;
+
+public class ApiKeyAuthorizationFilter : IAuthorizationFilter {
+
+  private readonly Configuration _appSettings;
+
+  public ApiKeyAuthorizationFilter(
+    IOptions<Configuration> appSettings
+  ) {
+    _appSettings = appSettings.Value;
+  }
+
+  public void OnAuthorization(AuthorizationFilterContext context) {
+    if (!context.HttpContext.Request.Headers.TryGetValue("X-API-KEY", out var extractedApiKey)) {
+      context.Result = new UnauthorizedResult();
+      return;
+    }
+
+    if (!_appSettings.ApiKey.Equals(extractedApiKey)) {
+      context.Result = new UnauthorizedResult();
+      return;
+    }
+  }
+}
--- a/src/Agent/Controllers/CertsController.cs
+++ b/src/Agent/Controllers/CertsController.cs
@ -1,15 +1,14 @@
-
-using System.Diagnostics;
-
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;

 using MaksIT.Models.Agent.Requests;
+using MaksIT.Agent.AuthorizationFilters;

 namespace MaksIT.Agent.Controllers;

 [ApiController]
 [Route("[controller]")]
+[ServiceFilter(typeof(ApiKeyAuthorizationFilter))]
 public class CertsController : ControllerBase {

  private readonly Configuration _appSettings;
@ -22,20 +21,10 @@ public class CertsController : ControllerBase {

  [HttpPost("[action]")]
  public IActionResult Upload([FromBody] CertsUploadRequest requestData) {
-    if (!Request.Headers.TryGetValue("X-API-KEY", out var extractedApiKey)) {
-      return Unauthorized("API Key is missing");
-    }
-
-    if (!_appSettings.ApiKey.Equals(extractedApiKey)) {
-      return Unauthorized("Unauthorized client");
-    }
-
    foreach (var (fileName, fileContent) in requestData.Certs) {
      System.IO.File.WriteAllText(Path.Combine(_appSettings.CertsPath, fileName), fileContent);
    }

    return Ok("Certificates uploaded successfully");
  }
-
 }
-
--- a/src/Agent/Controllers/HelloWorldController.cs
+++ b/src/Agent/Controllers/HelloWorldController.cs
@ -1,9 +1,12 @@
 using Microsoft.AspNetCore.Mvc;

+using MaksIT.Agent.AuthorizationFilters;
+
 namespace Agent.Controllers {

  [ApiController]
  [Route("[controller]")]
+  [ServiceFilter(typeof(ApiKeyAuthorizationFilter))]
  public class HelloWorldController : ControllerBase {

    [HttpGet]
--- a/src/Agent/Controllers/ServiceController.cs
+++ b/src/Agent/Controllers/ServiceController.cs
@ -1,12 +1,16 @@
 using System.Diagnostics;
-using MaksIT.Models.Agent.Requests;
+
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;

+using MaksIT.Agent.AuthorizationFilters;
+using MaksIT.Models.Agent.Requests;
+
 namespace MaksIT.Agent.Controllers;

 [ApiController]
 [Route("[controller]")]
+[ServiceFilter(typeof(ApiKeyAuthorizationFilter))]
 public class ServiceController : ControllerBase {

  private readonly Configuration _appSettings;
@ -21,14 +25,6 @@ public class ServiceController : ControllerBase {
  public IActionResult Reload([FromBody] ServiceReloadRequest requestData) {
    var serviceName = requestData.ServiceName;

-    if (!Request.Headers.TryGetValue("X-API-KEY", out var extractedApiKey)) {
-      return Unauthorized("API Key is missing");
-    }
-
-    if (!_appSettings.ApiKey.Equals(extractedApiKey)) {
-      return Unauthorized("Unauthorized client");
-    }
-
    try {
      var processStartInfo = new ProcessStartInfo {
        FileName = "/bin/systemctl",
--- a/src/Agent/Program.cs
+++ b/src/Agent/Program.cs
@ -1,4 +1,5 @@
 using MaksIT.Agent;
+using MaksIT.Agent.AuthorizationFilters;

 var builder = WebApplication.CreateBuilder(args);

@ -19,6 +20,8 @@ builder.Services.AddControllers();
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen();

+builder.Services.AddScoped<ApiKeyAuthorizationFilter>();
+
 var app = builder.Build();

 // Configure the HTTP request pipeline.
--- a/src/LetsEncryptServer/BackgroundServices/AutoRenewal.cs
+++ b/src/LetsEncryptServer/BackgroundServices/AutoRenewal.cs
@ -52,8 +52,14 @@ namespace MaksIT.LetsEncryptServer.BackgroundServices {
      }

      var hostnames = cache.GetHostsWithUpcomingSslExpiry();
-      if (hostnames == null || !hostnames.Any()) {
-        _logger.LogError("No hosts found with upcoming SSL expiry");
+      if (hostnames == null) {
+        _logger.LogError("Unexpected hostnames null");
+        return IDomainResult.Success();
+      }
+
+
+      if (!hostnames.Any()) {
+        _logger.LogInformation("No hosts found with upcoming SSL expiry");
        return IDomainResult.Success();
      }