org.http4k.contract.Security.kt Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of http4k-contract Show documentation

http4k typesafe HTTP contracts and OpenApi support

There is a newer version: 5.31.0.0

package org.http4k.contract

import org.http4k.core.Filter
import org.http4k.core.Request
import org.http4k.core.Response
import org.http4k.core.Status.Companion.UNAUTHORIZED
import org.http4k.lens.Lens
import org.http4k.lens.LensFailure


/**
 * Endpoint security. Provides filter to be applied to endpoints for all requests.
 */
sealed class Security {
    abstract val filter: Filter
}

/**
 * Default NoOp security filter. Filter allows all traffic through.
 */
object NoSecurity : Security() {
    override val filter = Filter { it }
}

/**
 * Checks the presence of the named Api Key parameter. Filter returns 401 if Api-Key is not found in request.
 */
data class ApiKey(val param: Lens, val validateKey: (T) -> Boolean) : Security() {
    override val filter = Filter {
        next ->
        {
            val keyValid = try {
                validateKey(param(it))
            } catch (e: LensFailure) {
                false
            }
            if (keyValid) next(it) else Response(UNAUTHORIZED)
        }
    }
}