protecting api

4 years ago · 5b6d74d8ee
parent 3b7e286a5b
commit 5b6d74d8ee
6 changed files with 46 additions and 7 deletions
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@ -9,7 +9,8 @@
                "build",
                "${workspaceFolder}/nuget-host.csproj",
                "/property:GenerateFullPaths=true",
-                "/consoleloggerparameters:NoSummary"
+                "/consoleloggerparameters:NoSummary",
+                "/restore"
            ],
            "problemMatcher": "$msCompile"
        },
@ -40,7 +41,8 @@
            "type": "process",
            "args": [
                "bin/Debug/netcoreapp2.0/nuget-host.dll",
-                "/property:GenerateFullPaths=true"
+                "/property:GenerateFullPaths=true",
+                "/restore"
            ],
            "options": {
                "env": {
--- a/Controllers/PackagesController.cs
+++ b/Controllers/PackagesController.cs
@ -3,6 +3,8 @@ using System.Collections.Generic;
 using System.IO;
 using System.IO.Compression;
 using System.Linq;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 using NuGet.Packaging;
@ -12,21 +14,29 @@ namespace nuget_host.Controllers
    public class PackagesController : Controller
    {
        private ILogger<PackagesController> logger;
+        private IDataProtector protector;

-        public PackagesController(ILoggerFactory loggerFactory)
+        public PackagesController(ILoggerFactory loggerFactory, IDataProtectionProvider provider)
        {
            logger = loggerFactory.CreateLogger<PackagesController>();
-
+            protector = provider.CreateProtector("Packages.v1");
        }

        [HttpPut("packages/{*spec}")]
        public IActionResult Put(string spec)
        {
            string path = null;
+            
            if (string.IsNullOrEmpty(spec))
            {
                var clientVersionId = Request.Headers["X-NuGet-Client-Version"];
+                var apiKey = Request.Headers["X-NuGet-ApiKey"];
                ViewData["nuget client "] = "nuget {clientVersionId}";
+                
+                var clearkey = protector.Unprotect(apiKey);
+                if (clearkey!= Startup.RootApiKeySecret)
+                    return Unauthorized();
+
                foreach (var file in Request.Form.Files)
                {
                    string initpath = "package.nupkg";
@ -109,5 +119,12 @@ namespace nuget_host.Controllers
            }
            return Ok(ViewData);
        }
+
+        [Authorize]
+        [HttpGet("api/get-key/{*apikey}")]
+        public IActionResult GetApiKey(string apiKey)
+        {
+            return Ok(protector.Protect(apiKey));
+        }
    }
 }
--- a/Startup.cs
+++ b/Startup.cs
@ -2,7 +2,9 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@ -11,7 +13,7 @@ namespace nuget_host
 {
    public class Startup
    {
-        public Startup(IHostingEnvironment env, IConfiguration config)
+        public Startup(IConfiguration config)
        {
            Configuration = config;
        }
@ -19,11 +21,26 @@ namespace nuget_host
        public IConfiguration Configuration { get; }
        public static string ExternalUrl { get; private set; }
        public static string SourceDir { get; private set; }
+        public static string RootApiKeySecret { get; private set; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
+            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+            .AddJwtBearer(options =>
+            {
+                // base-address of your identityserver
+                options.Authority = ExternalUrl;
+
+                // if you are using API resources, you can specify the name here
+                options.Audience = "packages";
+                
+            });
+
            services.AddMvc();
+
+            services.AddDataProtection();
+
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
@ -40,6 +57,7 @@ namespace nuget_host

            ExternalUrl = Configuration["NuGet:ExternalUrl"];
            SourceDir = Configuration["NuGet:SourceDir"];
+            RootApiKeySecret = Configuration["RootApiKeySecret"];

            app.UseStaticFiles();

--- a/appsettings.Development.json
+++ b/appsettings.Development.json
@ -2,5 +2,6 @@
  "NuGet": {
    "ExternalUrl" : "<http://localhost:5000/Packages",
    "SourceDir" : "packages"
-  }
+  },
+  "RootApiKeySecret": "secret-key"
 }
--- a/appsettings.json
+++ b/appsettings.json
@ -1,4 +1,5 @@
 {
+  "RootApiKeySecret": "<your-root-api-clear-key>",
  "NuGet": {
    "ExternalUrl" : "<http://your-external.url",
    "SourceDir" : "<your-Source-dir>"
--- a/nuget-host.csproj
+++ b/nuget-host.csproj
@ -10,7 +10,7 @@
    <PackageReference Include="Microsoft.AspNetCore.SignalR.Common" Version="1.0.0-alpha2-final" />

    <PackageReference Include="NuGet.Packaging.Core" Version="5.9.0" />
-    
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="2.2.0" />
  </ItemGroup>

  <ItemGroup>