Add more than one APIKey support (#4676)

Azure · Nov 10, 2022 · e9288f1 · e9288f1
1 parent 4026d0b
commit e9288f1
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/src/dotnet/APIView/APIViewWeb/Filters/ApiKeyAuthorizeAsyncFilter.cs b/src/dotnet/APIView/APIViewWeb/Filters/ApiKeyAuthorizeAsyncFilter.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
+// Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
 using Microsoft.AspNetCore.Mvc;
@@ -15,14 +15,14 @@ public class ApiKeyAuthorizeAsyncFilter : Attribute, IAsyncAuthorizationFilter
     {
         private static string _apiKeyHeader = "ApiKey";
         private string _azure_sdk_bot = "azure-sdk";
-        private string _apiKeyValue;
+        private HashSet<string> _apiKeyValues = new HashSet<string>();
 
         public ApiKeyAuthorizeAsyncFilter(IConfiguration configuration)
         {
             var apiKey = configuration[_apiKeyHeader];
             if (!string.IsNullOrEmpty(apiKey))
             {
-                _apiKeyValue = apiKey;
+                _apiKeyValues.UnionWith(apiKey.Split(","));
             }
         }
 
@@ -32,7 +32,7 @@ public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
         {
             var request = context.HttpContext.Request;
             var hasApiKeyHeader = request.Headers.TryGetValue(_apiKeyHeader, out var apiKeyValue);
-            if (hasApiKeyHeader && apiKeyValue == _apiKeyValue)
+            if (hasApiKeyHeader && _apiKeyValues.Contains(apiKeyValue))
             {
                 //Adding claim as github login type to keep it uniform across the checks
                 var user = new Claim("urn:github:login", _azure_sdk_bot);