Swagger中添加Token验证

最新推荐文章于 2024-03-02 15:30:01 发布

dotNET跨平台

最新推荐文章于 2024-03-02 15:30:01 发布

阅读量1.5k

点赞数

文章标签： java c# linq 开发语言

原文链接：https://mp.weixin.qq.com/s?__biz=MzAwNTMxMzg1MA==&mid=2654096385&idx=4&sn=27169cf0c613e0e37af9bc6eb4992205&chksm=80d86854b7afe1423bd2ebf8f288ad263cc71ee02e931d22a7656327cd560d7aa5578ce15c4d&scene=126&sessionid=0

版权

平常做项目使用mvc+webapi，采取前后端分离的方式，后台提供API接口给前端开发人员。这个过程中遇到一个问题后台开发人员怎么提供接口说明文档给前端开发人员。为了解决这个问题，项目中引用swagger（我比较喜欢戏称为“丝袜哥”）。

列出所有API控制器和控制器描述

那么既然是api，肯定涉及到安全验证问题，那么怎么在测试文档增加添加Token安全验证呢；

下面我们来看看

1、定义swagger请求头

using Microsoft.AspNetCore.Authorization;
using Swashbuckle.AspNetCore.Swagger;
using Swashbuckle.AspNetCore.SwaggerGen;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;


namespace CompanyName.ProjectName.HttpApi.Host.Code
{
    /// <summary>
    /// swagger请求头
    /// </summary>
    public class HttpHeaderOperationFilter : IOperationFilter
    {
        /// <summary>
        ///
        /// </summary>
        /// <param name="operation"></param>
        /// <param name="context"></param>
        public void Apply(Operation operation, OperationFilterContext context)
        {
            #region 新方法


            if (operation.Parameters == null)
            {
                operation.Parameters = new List<IParameter>();
            }


            if (context.ApiDescription.TryGetMethodInfo(out MethodInfo methodInfo))
            {
                if (methodInfo.CustomAttributes.All(t => t.AttributeType != typeof(AllowAnonymousAttribute))
                        && !(methodInfo.ReflectedType.CustomAttributes.Any(t => t.AttributeType == typeof(AuthorizeAttribute))))
                {
                    operation.Parameters.Add(new NonBodyParameter
                    {
                        Name = "Authorization",
                        In = "header",
                        Type = "string",
                        Required = true,
                        Description = "请输入Token，格式为bearer XXX"
                    });
                }
            }


            #endregion 新方法
        }
    }
}

2、在ConfigureServices方法添加OperationFilter

/// <summary>
        ///
        /// </summary>
        /// <param name="services"></param>
        // This method gets called by the runtime. Use this method to add services to the container.
        public IServiceProvider ConfigureServices(IServiceCollection services)
        {
            services.Replace(ServiceDescriptor.Transient<IControllerActivator, ServiceBasedControllerActivator>());
            services.AddMvc().AddJsonOptions(options =>
              {
                  options.SerializerSettings.NullValueHandling = Newtonsoft.Json.NullValueHandling.Ignore;
                  options.SerializerSettings.Converters.Add(
                        new Newtonsoft.Json.Converters.IsoDateTimeConverter()
                        {
                            DateTimeFormat = "yyyy-MM-dd HH:mm:ss"
                        }
                      );
                  //小写
                  options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
                  options.SerializerSettings.ContractResolver = new DefaultContractResolver();
                  //   //  options.SerializerSettings.DateFormatString = "yyyy-MM-dd";
              });
            //   services.AddMvc().AddXmlSerializerFormatters();
            //  services.AddMvc().AddXmlDataContractSerializerFormatters();
            services.AddLogging();
            services.AddCors(options =>
         options.AddPolicy("AllowSameDomain", builder => builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader()
     ));
            services.Configure<MvcOptions>(options =>
            {
                options.Filters.Add(new CorsAuthorizationFilterFactory("AllowSameDomain"));
            });


            #region Swagger


            services.AddSwaggerGen(c =>
          {
              c.SwaggerDoc("v1", new Info
              {
                  Version = "v1",
                  Title = "接口文档",
                  Description = "接口文档-基础",
                  TermsOfService = "https://example.com/terms",
                  Contact = new Contact
                  {
                      Name = "XXX1111",
                      Email = "XXX1111@qq.com",
                      Url = "https://example.com/terms"
                  }
                  ,
                  License = new License
                  {
                      Name = "Use under LICX",
                      Url = "https://example.com/license",
                  }
              });


              c.SwaggerDoc("v2", new Info
              {
                  Version = "v2",
                  Title = "接口文档",
                  Description = "接口文档-基础",
                  TermsOfService = "https://example.com/terms",
                  Contact = new Contact
                  {
                      Name = "XXX2222",
                      Email = "XXX2222@qq.com",
                      Url = "https://example.com/terms"
                  }
                   ,
                  License = new License
                  {
                      Name = "Use under LICX",
                      Url = "https://example.com/license",
                  }
              });
              c.OperationFilter<HttpHeaderOperationFilter>();
              c.DocumentFilter<HiddenApiFilter>();
              var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
              var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
              c.IncludeXmlComments(xmlPath);
              c.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, $"CompanyName.ProjectName.ICommonServer.xml"));
          });


            #endregion Swagger


            #region MiniProfiler


            if (bool.Parse(Configuration["IsUseMiniProfiler"]))
            {
                //https://www.cnblogs.com/lwqlun/p/10222505.html
                services.AddMiniProfiler(options =>
    options.RouteBasePath = "/profiler"
 ).AddEntityFramework();
            }


            #endregion MiniProfiler


            services.AddDbContext<EFCoreDBContext>(options => options.UseMySql(Configuration["Data:MyCat:ConnectionString"]));
            var container = AutofacExt.InitAutofac(services, Assembly.GetExecutingAssembly());
            return new AutofacServiceProvider(container);
        }

3、定义一个ActionFilterAttribute

using CompanyName.ProjectName.Core;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Newtonsoft.Json;
using System.Security.Principal;


namespace CompanyName.ProjectName.HttpApi.Host
{
    /// <summary>
    /// 权限
    /// </summary>
    public class BasicAuth : ActionFilterAttribute
    {
        /// <summary>
        ///
        /// </summary>
        /// <param name="context"></param>
        public override void OnActionExecuting(ActionExecutingContext context)
        {
            if (context.HttpContext.Request != null && context.HttpContext.Request.Headers != null && context.HttpContext.Request.Headers["Authorization"].Count > 0)
            {
                var token = context.HttpContext.Request.Headers["Authorization"];
                if (string.IsNullOrWhiteSpace(token))
                {
                    ResultDto meta = ResultDto.Err("Unauthorized");
                    JsonResult json = new JsonResult(new
                    {
                        Meta = meta
                    }
                    );
                    JsonSerializerSettings jsetting = new JsonSerializerSettings();
                    jsetting.NullValueHandling = NullValueHandling.Ignore;
                    jsetting.Converters.Add(
                        new Newtonsoft.Json.Converters.IsoDateTimeConverter()
                        {
                            DateTimeFormat = "yyyy-MM-dd HH:mm:ss"
                        }
                    );
                    json.SerializerSettings = jsetting;
                    json.ContentType = "application/json; charset=utf-8";
                    context.Result = json;
                }
                else
                {
                    GenericIdentity ci = new GenericIdentity(token);
                    ci.Label = "conan1111111";
                    context.HttpContext.User = new GenericPrincipal(ci, null);
                }
            }
            else
            {
                ResultDto meta = ResultDto.Err("Unauthorized");
                JsonResult json = new JsonResult(new
                {
                    Meta = meta
                }
                );
                JsonSerializerSettings jsetting = new JsonSerializerSettings();
                jsetting.NullValueHandling = NullValueHandling.Ignore;
                jsetting.Converters.Add(
                    new Newtonsoft.Json.Converters.IsoDateTimeConverter()
                    {
                        DateTimeFormat = "yyyy-MM-dd HH:mm:ss"
                    }
                );
                json.SerializerSettings = jsetting;
                json.ContentType = "application/json; charset=utf-8";
                context.Result = json;
            }
            base.OnActionExecuting(context);
        }
    }
}

4、最后在需要的地方使用 [BasicAuth]

/// <summary>
        /// 添加
        /// </summary>
        /// <param name="model"></param>
        /// <returns>主键id</returns>
        [BasicAuth]
        [ModelValidationAttribute]
        [ApiExplorerSettings(GroupName = "v1")]
        [HttpPost, Route("Create")]
        public async Task<ResultDto<long>> CreateAsync([FromBody]CreateWebConfigDto model)
        {
            return await _webConfigApp.CreateAsync(model, new Core.CurrentUser());
        }

我们就可以看到Authorization - 请输入Token，格式为bearer XXX

源码地址：

https://github.com/conanl5566/Sampleproject/tree/master/src/03%20Host/CompanyName.ProjectName.HttpApi.Host

dotNET跨平台

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Swagger中添加Token验证

平常做项目使用mvc+webapi，采取前后端分离的方式，后台提供API接口给前端开发人员。这个过程中遇到一个问题后台开发人员怎么提供接口说明文档给前端开发人员。为了解决这个问题，项目中引用swagger（我比较喜欢戏称为“丝袜哥”）。列出所有API控制器和控制器描述那么既然是api，肯定涉及到安全验证问题，那么怎么在测试文档增加添加Token安全验证呢；下面我们来看看1、定义swagger请求头...
复制链接

扫一扫