🔐add configurable API key validation with enable/disable toggle in ga…

…teway service
miliariadnane · Nov 30, 2024 · 283e77b · 283e77b
1 parent 6059d11
commit 283e77b
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/gateway/src/main/java/dev/nano/gateway/security/ApiAuthorizationFilter.java b/gateway/src/main/java/dev/nano/gateway/security/ApiAuthorizationFilter.java
@@ -2,6 +2,7 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 import org.springframework.cloud.gateway.filter.GlobalFilter;
 import org.springframework.cloud.gateway.route.Route;
@@ -19,6 +20,9 @@
 @Component
 public class ApiAuthorizationFilter implements GlobalFilter, Ordered {
 
+    @Value("${spring.security.api-key.enabled:true}")
+    private boolean apiKeyEnabled;
+
     final ApiKeyAuthorizationChecker apiKeyAuthorizationChecker;
 
     @Autowired
@@ -30,6 +34,9 @@ public ApiAuthorizationFilter(
 
     @Override
     public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
+        if (!apiKeyEnabled) {
+            return chain.filter(exchange);
+        }
 
         Route route = exchange.getAttribute(ServerWebExchangeUtils.GATEWAY_ROUTE_ATTR);
         String applicationName = route.getId();
@@ -47,6 +54,6 @@ public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
 
     @Override
     public int getOrder() {
-        return Ordered.LOWEST_PRECEDENCE; // lowest priority filter
+        return Ordered.LOWEST_PRECEDENCE;
     }
 }
diff --git a/gateway/src/main/resources/application.yml b/gateway/src/main/resources/application.yml
@@ -9,6 +9,9 @@ spring:
   main:
     web-application-type: reactive
     allow-bean-definition-overriding: true
+  security:
+    api-key:
+      enabled: false
   cloud:
     gateway:
       routes: