added minimum length of 30 characters for api key

d4eae06d · Jan-Niclas Strüwer · 47b27118 · d4eae06d
Verified Commit d4eae06d authored 1 year ago by Jan-Niclas Strüwer
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/configuration/security/ApiKeyService.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/configuration/security/ApiKeyService.kt
 package de.fraunhofer.iem.dataprovider.configuration.security

+import jakarta.annotation.PostConstruct
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.http.HttpStatus
 import org.springframework.stereotype.Component
@@ -7,6 +8,7 @@ import org.springframework.web.server.ServerWebExchange
 import org.springframework.web.server.WebFilter
 import org.springframework.web.server.WebFilterChain
 import reactor.core.publisher.Mono
+import java.security.InvalidKeyException

 const val API_KEY_HEADER = "Api-Key"
 const val API_HEADER_NOT_FOUND_MSG = "Api-Key header not found."
@@ -16,6 +18,14 @@ class ApiKeyFilter : WebFilter {

    @Value("\${API_KEY}")
    lateinit var API_KEY: String
+
+    @PostConstruct
+    fun postConstruct() {
+        if (API_KEY.length < 30) {
+            throw InvalidKeyException("Provided API_KEY is too short. Minimum key length is 30 characters.")
+        }
+    }
+
    override fun filter(exchange: ServerWebExchange, chain: WebFilterChain): Mono<Void> {
        val apiKey = exchange.request.headers.getFirst(API_KEY_HEADER)
        return if (apiKey == null) {