From 643708627acee737d3da7edcea241ab1a71b52e3 Mon Sep 17 00:00:00 2001
From: Seonkyu_Kim <sean.kk@daum.net>
Date: Tue, 18 Mar 2025 18:00:22 +0900
Subject: [PATCH] =?UTF-8?q?[=E2=9C=A8]=20API=20Header=20=EC=A0=90=EA=B2=80?=
 =?UTF-8?q?=ED=95=98=EB=8A=94=20=EB=A1=9C=EC=A7=81=20=EC=B6=94=EA=B0=80=20?=
 =?UTF-8?q?=EC=A4=912?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Program.cs                             |  3 +-
 Program/Common/Auth/APIHeaderMiddle.cs | 43 +++++++++++++++++++-------
 2 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/Program.cs b/Program.cs
index 3399e82..3fea917 100644
--- a/Program.cs
+++ b/Program.cs
@@ -179,7 +179,8 @@ else
 // app.UseHttpsRedirection();
 
 // 헤더 미들웨어 부분
-app.UseMiddleware<APIHeaderMiddle>("HEAD-CHECK");
+app.UseMiddleware<APIHeaderMiddleware>(new string[] { "X-MyHeader1", "X-MyHeader2", "X-MyHeader3" });
+
 
 // 이부분 봐야 합니다.
 // app.UseMiddleware<CustomHeaderMiddleware>("X-MyHeader");
diff --git a/Program/Common/Auth/APIHeaderMiddle.cs b/Program/Common/Auth/APIHeaderMiddle.cs
index 7d5fcc2..7d757f1 100644
--- a/Program/Common/Auth/APIHeaderMiddle.cs
+++ b/Program/Common/Auth/APIHeaderMiddle.cs
@@ -28,38 +28,57 @@ public class HeaderConfigRepository : IHeaderConfig
 }
 
 
-public class APIHeaderMiddle
+public class APIHeaderMiddleware
 {
     
     private readonly RequestDelegate _next;
-    private readonly string _headerName;
+    private readonly string[] _headerNames;
     private readonly IHeaderConfig _headerConfig;
 
-    public APIHeaderMiddle(RequestDelegate next, string headerName, IHeaderConfig headerConfig)
+    public APIHeaderMiddleware(RequestDelegate next, string[] headerNames, IHeaderConfig headerConfig)
     {
         _next = next;
-        _headerName = headerName;
+        _headerNames = headerNames;
         _headerConfig = headerConfig;
     }
 
     public async Task Invoke(HttpContext context)
     {
-        var expectedValue = await _headerConfig.GetExpectedHeaderValueAsync(_headerName);
+        bool valid = false;
 
-        if (!context.Request.Headers.TryGetValue(_headerName,out var headerValue) || string.IsNullOrWhiteSpace(headerValue)) 
-            // if (!context.Request.Headers.ContainsKey(_headerName) || string.IsNullOrWhiteSpace(context.Request.Headers[_headerName]))
+        foreach (var header in _headerNames)
         {
-            context.Response.StatusCode = StatusCodes.Status400BadRequest;
-            await context.Response.WriteAsync($"Missing or empty header: {_headerName}");
-            return;
+
+            if (!context.Request.Headers.TryGetValue(header, out var headerValue) &&
+                !string.IsNullOrWhiteSpace(headerValue))
+                // if (!context.Request.Headers.ContainsKey(_headerName) || string.IsNullOrWhiteSpace(context.Request.Headers[_headerName]))
+            {
+                var expectedValue = await _headerConfig.GetExpectedHeaderValueAsync(header);
+                if (headerValue == expectedValue)
+                {
+                    valid = true;
+                    break;
+                }
+                // context.Response.StatusCode = StatusCodes.Status400BadRequest;
+                // await context.Response.WriteAsync($"Missing or empty header: {headerName}");
+                // return;
+            }
         }
-        
-        if (headerValue != expectedValue)
+
+        if (!valid)
         {
             context.Response.StatusCode = StatusCodes.Status401Unauthorized;
             await context.Response.WriteAsync($"Invalid header value");
             return;
         }
+        // if (headerValue != expectedValue)
+        //     {
+        //         context.Response.StatusCode = StatusCodes.Status401Unauthorized;
+        //         await context.Response.WriteAsync($"Invalid header value");
+        //         return;
+        //     }
+        // 
+        // }
         await _next(context);
     }
 }
\ No newline at end of file