-1

I have 6 API methods as you can see:

app.MapGet("/api/customer-money/", ([FromServices] IMediator mediator, string customerIsin)
    => mediator.Send(new GetMoneyQuery(customerIsin)));
app.MapGet("/api/customer-portfolio/", ([FromServices] IMediator mediator, string customerIsin)
    => mediator.Send(new GetPortfolioQuery(customerIsin)));
app.MapGet("/api/customer-order/", ([FromServices] IMediator mediator, string customerIsin)
    => mediator.Send(new GetOrdersQuery(customerIsin)));
app.MapPost("/api/add-order/", ([FromServices] IMediator mediator, AddOrderCommand cmd)
    => mediator.Send(cmd));
app.MapDelete("/api/delete-order/", ([FromServices] IMediator mediator, [FromBody] DeleteOrderCommand cmd)
    => mediator.Send(cmd));
app.MapPut("/api/modify-order/", ([FromServices] IMediator mediator,[FromBody] ModifyOrderCommand cmd)
    => mediator.Send(cmd));

app.Run();

Two teams want to use these API's; the first team needs to use 3 of them and the second team needs others, and the teams shouldn't access others team's API's.

I was thinking about creating an env in appsettings.json.

Would you please let me know if there is a better solution?

Improve this question
5
  • 1
    "and the teams shouldn't access others team's API's." - seems like you should implement some kind of authorization. Commented Jul 26, 2023 at 8:58
  • TBH I don't fully understand. What will prevent the second team from hitting service deployed with EnableOrderCRUD? Commented Jul 26, 2023 at 9:48
  • I define a variable inside appsetting if I set it to false the second team can't access these api's Commented Jul 26, 2023 at 10:04
  • Teams will have separate deployments? Commented Jul 26, 2023 at 10:08
  • @GuruStron Yes exactly,we deploy the service in 2 pods with different Env config Commented Jul 26, 2023 at 10:42

2 Answers 2

Reset to default
1

I would argue that authorization would make more sense if the service was deployed as shared one (i.e. the same instance(s) would be used by both teams), then you would employ the standard approach by providing access tokens to both of the teams and restricting the access based on some authorization rules.

Since you have decided to solve this "infrastructurally" (unless you want explicit 401 Unauthorized) i.e. by deploying different instances of the service for different teams I would solve this by just not mapping the endpoints based on settings. Something along these lines:

// map "shared" endpoints

var opts = app.Services.GetRequiredService<IOptions<OrderOptions>>();

if(opts.Value.EnableOrderCRUD)
{
   // map "non-shared" ones:
   app.MapPut("/api/modify-order/", ...);
   // ...
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

My final solution :

public class CustomAuthenticationFilter : IEndpointFilter
{
    private readonly OrderOptions _option;
    public CustomAuthenticationFilter(IOptions<OrderOptions> options)
    {
        _option= options.Value;
    }
    public async ValueTask<object?> InvokeAsync(EndpointFilterInvocationContext context, EndpointFilterDelegate next)
    {
        if (_option.EnableOrderCRUD) return await next(context);
        return Results.Problem("You don't currently have permission to access this object's");
    }


}
public record OrderOptions
{
    public bool EnableOrderCRUD { get; set; }
}

and

app.MapPut("/api/modify-order/", ([FromServices] IMediator mediator,[FromBody] ModifyOrderCommand cmd)
    => mediator.Send(cmd)).AddEndpointFilter<CustomAuthenticationFilter>();
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.