org.http4k.contract.security.ApiKeySecurity.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of http4k-contract Show documentation
Show all versions of http4k-contract Show documentation
http4k typesafe HTTP contracts and OpenApi support
package org.http4k.contract.security
import org.http4k.core.Filter
import org.http4k.core.Method
import org.http4k.core.Request
import org.http4k.core.Response
import org.http4k.core.Status.Companion.UNAUTHORIZED
import org.http4k.lens.Lens
import org.http4k.lens.LensFailure
/**
* Checks the presence of the named Api Key parameter. Filter returns 401 if Api-Key is not found in request.
*
* Default implementation of ApiKey. Includes an option to NOT authorise OPTIONS requests, which is
* currently not enabled for OpenAPI.
*/
class ApiKeySecurity(val param: Lens,
validateKey: (T) -> Boolean,
authorizeOptionsRequests: Boolean = true,
val name: String = "api_key") : Security {
override val filter = Filter { next ->
{
if (!authorizeOptionsRequests && it.method == Method.OPTIONS) {
next(it)
} else {
val keyValid = try {
validateKey(param(it))
} catch (e: LensFailure) {
false
}
if (keyValid) next(it) else Response(UNAUTHORIZED)
}
}
}
companion object
}