dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(auth): C1 review polish — guard name at seam, document seam contract (throws/O(n)), explicit cookie test (review #1/#2/#3/#5/#8)

Browse Source
This commit is contained in:
Joseph Doherty
2026-06-02 04:01:43 -04:00
parent 55099b19f6
commit 7f7ea3f3c9
4 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ZB.MOM.WW.ScadaBridge.Security/LibraryInboundApiKeyAdmin.cs
+3
View File
@@ -34,8 +34,11 @@ public sealed class LibraryInboundApiKeyAdmin : IInboundApiKeyAdmin
public async Task<InboundApiKeyCreated> CreateAsync(
string name, IReadOnlyCollection<string> methods, CancellationToken ct = default)
{
ArgumentException.ThrowIfNullOrWhiteSpace(name);
ArgumentNullException.ThrowIfNull(methods);
// "N" format = 32 hex chars, no hyphens/underscores — the library rejects underscores
// in keyId because they delimit the sbk_<keyId>_<secret> token.
var keyId = Guid.NewGuid().ToString("N");
var result = await _admin.CreateKeyAsync(
keyId, name, methods.ToHashSet(StringComparer.Ordinal),