Improve authentication middleware and config structure

Added logic to handle cases where both API key and JWT token
are provided, returning a 409 Conflict status. Refactored
JWT token retrieval to use the `Authorization` header
directly. Updated `ValidateApiKeyAsync` to check the new
`Authorization:Enabled` flag and adjusted configuration
keys from `Authentication` to `Authorization`.

Enhanced `GetUserInfo` in `AuthenticateController` to handle
potential null references. Updated `appsettings.json` to
reflect the new `Authorization` section and added an
`enabled` flag for feature toggling.

Author: GioemaNocco

src/Genocs.Auth/JwtOrApiKeyAuthenticationMiddleware.cs

@@ -30,8 +30,22 @@ public class JwtOrApiKeyAuthenticationMiddleware(RequestDelegate next, IConfigur
 
     public async Task Invoke(HttpContext context)
     {
-        // Check for API key authentication first
+        // Get the apiKey if any
         string? apiKey = context.Request.Headers["x-gnx-apikey"];
+
+        // Get JWT authentication if any
+        string? jwt = context.Request.Headers.Authorization;
+
+        // Check if both authentication are in place
+        if (!string.IsNullOrWhiteSpace(apiKey) && !string.IsNullOrWhiteSpace(jwt))
+        {
+            // Invalid API key
+            context.Response.StatusCode = 409;
+            await context.Response.WriteAsync("Invalid Configuration! ApiKey and JWT token cannot be on the same time!");
+            return;
+        }
+
+        // Check for API key authentication first
         if (!string.IsNullOrEmpty(apiKey))
         {
             if (await ValidateApiKeyAsync(apiKey))
@@ -60,11 +74,10 @@ public async Task Invoke(HttpContext context)
             }
         }
 
-        // Check for Firebase JWT authentication
-        string? authHeader = context.Request.Headers.Authorization;
-        if (authHeader?.StartsWith("Bearer ") == true)
+        // Check for JWT authentication
+        if (jwt?.StartsWith("Bearer ") == true)
         {
-            string token = authHeader["Bearer ".Length..].Trim();
+            string token = jwt["Bearer ".Length..].Trim();
 
             try
             {
@@ -100,11 +113,18 @@ public async Task Invoke(HttpContext context)
     /// <returns>True if the API key is valid, false otherwise.</returns>
     private async Task<bool> ValidateApiKeyAsync(string apiKey)
     {
+        // Check if enabled
+        bool isEnabled = _configuration.GetValue<bool>("Authorization:Enabled");
+        if (!isEnabled)
+        {
+            return await Task.FromResult(false);
+        }
+
         // Get valid API keys from configuration
-        string[] validApiKeys = _configuration.GetSection("Authentication:ApiKeys").Get<string[]>() ?? [];
+        string[] validApiKeys = _configuration.GetSection("Authorization:ApiKeys").Get<string[]>() ?? [];
 
         // For development/testing
-        string? devApiKey = _configuration["Authentication:DevApiKey"];
+        string? devApiKey = _configuration["Authorization:DevApiKey"];
 
         bool isOk = validApiKeys.Contains(apiKey) || (!string.IsNullOrWhiteSpace(devApiKey) && devApiKey == apiKey);
 

src/demo/Genocs.Core.Demo.WebApi/Controllers/AuthenticateController.cs

@@ -92,7 +92,7 @@ public IActionResult Authenticate()
     public IActionResult GetUserInfo()
     {
         var user = HttpContext.User;
-        string? authType = user.Identity.AuthenticationType;
+        string? authType = user.Identity?.AuthenticationType;
 
         // Only allow JWT authentication for this endpoint
         if (authType != "AuthenticationTypes.Federation")

src/demo/Genocs.Core.Demo.WebApi/appsettings.json

@@ -162,9 +162,10 @@
     "endpoint": "http://localhost:5070"
   },
   "AllowedHosts": "*",
-  "Authentication": {
-    "DevApiKey": "abc_123",
-    "ApiKeys": [
+  "authorization": {
+    "enabled": true,
+    "devApiKey": "abc_123",
+    "apiKeys": [
       "prod_api_key_1",
       "prod_api_key_2"
     ]