diff --git a/WebAPI/Controllers/LayersController.cs b/WebAPI/Controllers/LayersController.cs index 43c1c4c..6cec597 100644 --- a/WebAPI/Controllers/LayersController.cs +++ b/WebAPI/Controllers/LayersController.cs @@ -1,4 +1,5 @@ using System.Globalization; +using System.Text; using DiunaBIWebAPI.dataImporters; using Google.Apis.Sheets.v4; using Microsoft.AspNetCore.Authorization; @@ -96,7 +97,7 @@ namespace WebAPI.Controllers } } [HttpGet] - [Route("getByNumber/{apiKey}/{number}")] + [Route("getForPowerBI/{apiKey}/{number}")] public IActionResult GetByNumber(string apiKey, int number) { if (apiKey != configuration["apiKey"]) @@ -105,11 +106,23 @@ namespace WebAPI.Controllers } if ( - !Request.Headers.TryGetValue("D-BI-AUTH", out var authKey) - || authKey != configuration["authKey"]) + !Request.Headers.TryGetValue("Authorization", out var authHeader)) { return Unauthorized(); } + string[] credentialsArr = authHeader.ToString().Split(" "); + if (credentialsArr.Length != 2) + { + return Unauthorized(); + } + var authValue = Encoding.UTF8.GetString(Convert.FromBase64String(credentialsArr[1])); + var username = authValue.Split(':')[0]; + var password = authValue.Split(':')[1]; + if (username != configuration["powerBI-user"] || password != configuration["powerBI-pass"]) + { + return Unauthorized(); + } + try { return Ok(db.Layers diff --git a/WebAPI/Program.cs b/WebAPI/Program.cs index a343fb3..e573f06 100644 --- a/WebAPI/Program.cs +++ b/WebAPI/Program.cs @@ -61,7 +61,7 @@ var app = builder.Build(); app.Use(async (context, next) => { string token = context.Request.Headers["Authorization"].ToString(); - if (token.Length > 0) { + if (token.Length > 0 && !context.Request.Path.ToString().Contains("getForPowerBI")) { var handler = new JwtSecurityTokenHandler(); var data = handler.ReadJwtToken(token.Split(' ')[1]); context.Request.Headers.Add("UserId", new Microsoft.Extensions.Primitives.StringValues(data.Subject)); diff --git a/WebAPI/appsettings.Development.json b/WebAPI/appsettings.Development.json index 3b5e335..6710150 100644 --- a/WebAPI/appsettings.Development.json +++ b/WebAPI/appsettings.Development.json @@ -13,7 +13,8 @@ "GoogleClientId": "107631825312-bkfe438ehr9k9ecb2h76g802tj6advma.apps.googleusercontent.com", "Secret": "8393AF8EAEF8478CB738D44858690F9C7E2D19F65896DD9FBAA3EB2A6F493E80", "apiKey": "10763478CB738D4ecb2h76g803478CB738D4e", - "authKey": "0F9C7E2D19FSLOCgKexz2h76g802tj6a", + "powerBI-user": "powerbi", + "powerBI-pass": "0F9C7E2D19FSLOCgKexz2h76g802tj6a", "exportDirectory": "1eTyCUzYbzVQB8f8sbNmvnebFXyW2-axt", "appLogsFile": "13PuDvS3_HAYoSLOCgKexzlzIDLUilkApUF8QiJMTae0", "apiLocalUrl": "localhost:5400", diff --git a/WebAPI/appsettings.json b/WebAPI/appsettings.json index 344cae2..4837dc1 100644 --- a/WebAPI/appsettings.json +++ b/WebAPI/appsettings.json @@ -14,6 +14,8 @@ "Secret": "#{google-backend-login-secret}#", "apiKey": "#{api-key}#", "authKey": "#{auth-key}#", + "powerBI-user": "#{powerBI-user}#", + "powerBI-pass": "#{powerBI-pass}#", "exportDirectory": "#{export-directory}#", "appLogsFile": "#{app-logs-file}#", "apiLocalUrl": "#{api-local-url}#",