-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathProgram.cs
More file actions
107 lines (89 loc) · 3.32 KB
/
Program.cs
File metadata and controls
107 lines (89 loc) · 3.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
using Microsoft.AspNetCore.Authentication;
using Microsoft.OpenApi.Models;
using System.Net.Http.Headers;
using System.Security.Claims;
using System.Text.Encodings.Web;
using Microsoft.Extensions.Options;
using K8sControlApi.Services;
var builder = WebApplication.CreateBuilder(args);
var enableAuth = Environment.GetEnvironmentVariable("ENABLE_BASIC_AUTH")?.ToLower() == "true";
builder.Services.AddControllers();
builder.Services.AddSingleton<K8sService>(); // ✅ Add K8sService to DI
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(c =>
{
if (enableAuth)
{
c.AddSecurityDefinition("basic", new OpenApiSecurityScheme
{
Name = "Authorization",
Type = SecuritySchemeType.Http,
Scheme = "basic", // ✅ Match this
In = ParameterLocation.Header,
Description = "Basic Authentication"
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "basic" }
},
new string[] {}
}
});
}
});
if (enableAuth)
{
builder.Services.AddAuthentication("basic") // ✅ Match scheme name used in Swagger
.AddScheme<AuthenticationSchemeOptions, BasicAuthHandler>("basic", null);
}
var app = builder.Build();
app.UseSwagger();
app.UseSwaggerUI();
if (enableAuth)
{
app.UseAuthentication();
}
app.UseAuthorization();
app.MapControllers();
app.Run();
public class BasicAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
public BasicAuthHandler(
IOptionsMonitor<AuthenticationSchemeOptions> options,
ILoggerFactory logger,
UrlEncoder encoder,
ISystemClock clock)
: base(options, logger, encoder, clock) { }
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
if (!Request.Headers.ContainsKey("Authorization"))
return Task.FromResult(AuthenticateResult.Fail("Missing Authorization Header"));
try
{
var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
var credentials = System.Text.Encoding.UTF8
.GetString(Convert.FromBase64String(authHeader.Parameter ?? ""))
.Split(':', 2);
var username = Environment.GetEnvironmentVariable("BASIC_AUTH_USER");
var password = Environment.GetEnvironmentVariable("BASIC_AUTH_PASSWORD");
if (credentials.Length == 2 &&
credentials[0] == username &&
credentials[1] == password)
{
var claims = new[] { new Claim(ClaimTypes.Name, credentials[0]) };
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return Task.FromResult(AuthenticateResult.Success(ticket));
}
return Task.FromResult(AuthenticateResult.Fail("Invalid Username or Password"));
}
catch
{
return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
}
}
}