Remove API Key authentication support from CrudApiPlugin and update schema accordingly

garrytrinder · garrytrinder · commit 7e5b9ff16e38 · 2026-05-13T11:25:27.000+01:00
diff --git a/DevProxy.Plugins/Mocking/CrudApiPlugin.cs b/DevProxy.Plugins/Mocking/CrudApiPlugin.cs
@@ -64,7 +64,6 @@ public sealed class CrudApiAction
 {
     [System.Text.Json.Serialization.JsonConverter(typeof(JsonStringEnumConverter))]
     public CrudApiActionType Action { get; set; } = CrudApiActionType.GetAll;
-    public CrudApiApiKeyAuth? ApiKeyAuthConfig { get; set; }
     [System.Text.Json.Serialization.JsonConverter(typeof(JsonStringEnumConverter))]
     public CrudApiAuthType Auth { get; set; } = CrudApiAuthType.None;
     public CrudApiEntraAuth? EntraAuthConfig { get; set; }
@@ -140,26 +139,6 @@ Configuration.ApiKeyAuthConfig is not null &&
             Configuration.Auth = CrudApiAuthType.None;
         }
 
-        foreach (var action in Configuration.Actions)
-        {
-            if (action.Auth == CrudApiAuthType.ApiKey &&
-                action.ApiKeyAuthConfig is null &&
-                Configuration.ApiKeyAuthConfig is null)
-            {
-                Logger.LogError("API Key auth is enabled for action {Action} but no configuration is provided. Action will work anonymously.", action.Action);
-                action.Auth = CrudApiAuthType.None;
-            }
-
-            var effectiveApiKeyConfig = action.ApiKeyAuthConfig ?? Configuration.ApiKeyAuthConfig;
-            if (action.Auth == CrudApiAuthType.ApiKey &&
-                effectiveApiKeyConfig is not null &&
-                string.IsNullOrEmpty(effectiveApiKeyConfig.ApiKey))
-            {
-                Logger.LogError("API Key auth is enabled for action {Action} but no API key is configured. Action will work anonymously.", action.Action);
-                action.Auth = CrudApiAuthType.None;
-            }
-        }
-
         if (!ProxyUtils.MatchesUrlToWatch(UrlsToWatch, Configuration.BaseUrl, true))
         {
             Logger.LogWarning(
@@ -344,22 +323,12 @@ private void AddCORSHeaders(Request request, List<HttpHeader> headers)
             allowHeaders.Add("authorization");
         }
 
-        if (Configuration.ApiKeyAuthConfig is not null ||
-            Configuration.Actions.Any(a => a.Auth == CrudApiAuthType.ApiKey))
+        if (Configuration.ApiKeyAuthConfig is not null &&
+            !string.IsNullOrEmpty(Configuration.ApiKeyAuthConfig.HeaderName))
         {
-            var apiKeyHeaders = new List<string?> { Configuration.ApiKeyAuthConfig?.HeaderName }
-                .Concat(Configuration.Actions
-                    .Where(a => a.ApiKeyAuthConfig is not null)
-                    .Select(a => a.ApiKeyAuthConfig!.HeaderName))
-                .Where(h => !string.IsNullOrEmpty(h))
-                .Distinct(StringComparer.OrdinalIgnoreCase);
-
-            foreach (var apiKeyHeader in apiKeyHeaders)
+            if (!allowHeaders.Contains(Configuration.ApiKeyAuthConfig.HeaderName, StringComparer.OrdinalIgnoreCase))
             {
-                if (!allowHeaders.Contains(apiKeyHeader!, StringComparer.OrdinalIgnoreCase))
-                {
-                    allowHeaders.Add(apiKeyHeader!);
-                }
+                allowHeaders.Add(Configuration.ApiKeyAuthConfig.HeaderName);
             }
         }
 
@@ -388,15 +357,15 @@ private bool AuthorizeRequest(ProxyRequestArgs e, CrudApiAction? action = null)
 
         if (authType == CrudApiAuthType.ApiKey)
         {
-            return AuthorizeApiKeyRequest(e, action);
+            return AuthorizeApiKeyRequest(e);
         }
 
         return AuthorizeEntraRequest(e, action);
     }
 
-    private bool AuthorizeApiKeyRequest(ProxyRequestArgs e, CrudApiAction? action = null)
+    private bool AuthorizeApiKeyRequest(ProxyRequestArgs e)
     {
-        var apiKeyAuthConfig = action?.ApiKeyAuthConfig ?? Configuration.ApiKeyAuthConfig;
+        var apiKeyAuthConfig = Configuration.ApiKeyAuthConfig;
 
         Debug.Assert(apiKeyAuthConfig is not null, "ApiKeyAuthConfig is null when API key auth is required.");
 
diff --git a/schemas/v3.0.0/crudapiplugin.apifile.schema.json b/schemas/v3.0.0/crudapiplugin.apifile.schema.json
@@ -62,31 +62,9 @@
             "type": "string",
             "enum": [
               "none",
-              "entra",
-              "apiKey"
+              "entra"
             ],
-            "description": "Determines if the action is secured. Allowed values: none, entra, apiKey. Default is none."
-          },
-          "apiKeyAuthConfig": {
-            "type": "object",
-            "description": "Configuration for API Key authentication for this action. Overrides the root apiKeyAuthConfig if specified.",
-            "properties": {
-              "apiKey": {
-                "type": "string",
-                "description": "The valid API key that must be present in the request."
-              },
-              "headerName": {
-                "type": "string",
-                "description": "The HTTP header name to read the API key from."
-              },
-              "queryParameterName": {
-                "type": "string",
-                "description": "The name of the query-string parameter to read the API key from."
-              }
-            },
-            "required": [
-              "apiKey"
-            ]
+            "description": "Determines if the action is secured. Allowed values: none, entra. Default is none."
           },
           "entraAuthConfig": {
             "type": "object",
