All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.http4k.contract.security.ApiKeySecurity.kt Maven / Gradle / Ivy

There is a newer version: 5.31.0.0
Show newest version
package org.http4k.contract.security

import org.http4k.core.Filter
import org.http4k.core.Method
import org.http4k.core.Request
import org.http4k.core.Response
import org.http4k.core.Status.Companion.UNAUTHORIZED
import org.http4k.lens.Lens
import org.http4k.lens.LensFailure

/**
 * Checks the presence of the named Api Key parameter. Filter returns 401 if Api-Key is not found in request.
 *
 * Default implementation of ApiKey. Includes an option to NOT authorise OPTIONS requests, which is
 * currently not enabled for OpenAPI.
 */
class ApiKeySecurity(val param: Lens,
                            validateKey: (T) -> Boolean,
                            authorizeOptionsRequests: Boolean = true,
                            val name: String = "api_key") : Security {
    override val filter = Filter { next ->
        {
            if (!authorizeOptionsRequests && it.method == Method.OPTIONS) {
                next(it)
            } else {
                val keyValid = try {
                    validateKey(param(it))
                } catch (e: LensFailure) {
                    false
                }
                if (keyValid) next(it) else Response(UNAUTHORIZED)
            }
        }
    }

    companion object
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy