diff --git a/src/NzbDrone.Host/Startup.cs b/src/NzbDrone.Host/Startup.cs index 366b8f73a..070930074 100644 --- a/src/NzbDrone.Host/Startup.cs +++ b/src/NzbDrone.Host/Startup.cs @@ -177,20 +177,17 @@ namespace NzbDrone.Host services.AddDataProtection() .PersistKeysToFileSystem(new DirectoryInfo(Configuration["dataProtectionFolder"])); - services.AddSingleton(); - services.AddSingleton(); - services.AddAuthorization(options => { options.AddPolicy("SignalR", policy => { policy.AuthenticationSchemes.Add("SignalR"); - policy.RequireAuthenticatedUser(); + policy.Requirements.Add(new ApiKeyRequirement()); }); // Require auth on everything except those marked [AllowAnonymous] options.FallbackPolicy = new AuthorizationPolicyBuilder("API") - .RequireAuthenticatedUser() + .AddRequirements(new ApiKeyRequirement()) .Build(); }); diff --git a/src/Radarr.Http/Authentication/ApiKeyRequirement.cs b/src/Radarr.Http/Authentication/ApiKeyRequirement.cs new file mode 100644 index 000000000..abe096ce9 --- /dev/null +++ b/src/Radarr.Http/Authentication/ApiKeyRequirement.cs @@ -0,0 +1,20 @@ +using System.Threading.Tasks; +using Microsoft.AspNetCore.Authorization; + +namespace NzbDrone.Http.Authentication +{ + public class ApiKeyRequirement : AuthorizationHandler, IAuthorizationRequirement + { + protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ApiKeyRequirement requirement) + { + var apiKeyClaim = context.User.FindFirst(c => c.Type == "ApiKey"); + + if (apiKeyClaim != null) + { + context.Succeed(requirement); + } + + return Task.CompletedTask; + } + } +}