Initial import into Gitea

2026-03-14 13:50:09 -07:00
parent 8e7e03702e
commit 34c1f09e01
154 changed files with 17666 additions and 1548 deletions
--- a/TikTokApi/Security/InternalAuthFilter.cs
+++ b/TikTokApi/Security/InternalAuthFilter.cs
@@ -0,0 +1,58 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace TikTokApi.Security;
+
+/// <summary>
+/// Validates the X-Internal-Key header for internal service-to-service calls.
+/// Gateway must provide the correct key to call TikTokApi endpoints.
+/// </summary>
+public sealed class InternalAuthFilter : IAsyncActionFilter
+{
+    private readonly IConfiguration _config;
+    private readonly ILogger<InternalAuthFilter> _logger;
+
+    public InternalAuthFilter(IConfiguration config, ILogger<InternalAuthFilter> logger)
+    {
+        _config = config;
+        _logger = logger;
+    }
+
+    public Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
+    {
+        var headerName = _config["InternalAuth:HeaderName"] ?? "X-Internal-Key";
+
+        // Try multiple sources for the key
+        var expectedKey = _config["InternalAuth:Key"]
+            ?? _config["TIKTOK_INTERNAL_KEY"]
+            ?? Environment.GetEnvironmentVariable("TIKTOK_INTERNAL_KEY");
+
+        if (string.IsNullOrWhiteSpace(expectedKey))
+        {
+            _logger.LogError("[InternalAuth] No internal key configured - check TIKTOK_INTERNAL_KEY env var");
+            context.Result = new ObjectResult(new { error = "Internal auth key not configured" })
+            {
+                StatusCode = 500
+            };
+            return Task.CompletedTask;
+        }
+
+        if (!context.HttpContext.Request.Headers.TryGetValue(headerName, out var providedKey) ||
+            string.IsNullOrWhiteSpace(providedKey))
+        {
+            _logger.LogWarning("[InternalAuth] Missing {HeaderName} header", headerName);
+            context.Result = new UnauthorizedObjectResult(new { error = $"Missing {headerName} header" });
+            return Task.CompletedTask;
+        }
+
+        if (!string.Equals(providedKey.ToString(), expectedKey, StringComparison.Ordinal))
+        {
+            _logger.LogWarning("[InternalAuth] Invalid key provided");
+            context.Result = new UnauthorizedObjectResult(new { error = "Invalid internal auth key" });
+            return Task.CompletedTask;
+        }
+
+        _logger.LogDebug("[InternalAuth] Request authorized");
+        return next();
+    }
+}