如何解决.NET-5 向未经授权的用户隐藏 swagger 端点
是否可以在 swagger 中隐藏所有 API 端点,但在用户获得 JWT Bearer Token 授权之前隐藏登录端点?
这是我在startup.cs中使用的代码
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1",new OpenApiInfo {
Title = "API",Version = "v1",Description = "API (.NET 5.0)",Contact = new OpenApiContact()
{
Name = "Contact",Url = null,Email = "email@email.com"
}
});
c.AddSecurityDeFinition("Bearer",new OpenApiSecurityScheme
{
Description = @"Autorización JWT utilizando el esquema Bearer en header. <br />
Introducir el token JWT generado por AuthApi.",Name = "Authorization",In = ParameterLocation.Header,Type = SecuritySchemeType.Http,Scheme = "Bearer"
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement()
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,Id = "Bearer"
},Scheme = "oauth2",Name = "Bearer",},new List<string>()
}
});
});
解决方法
我最终使用 appsettings.json 参数隐藏了 swagger enpoints,这不完全是我所要求的,但我会发布解决方案,以防它对某人有所帮助,因为它可能有助于过滤登录用户:
有一些注释块和未使用的代码可能对您有用,因为它随附在我在网上找到的示例中。
Swagger 忽略过滤器类:
public class SwaggerIgnoreFilter : IDocumentFilter
{
private IServiceProvider _provider;
public SwaggerIgnoreFilter(IServiceProvider provider)
{
if (provider == null) throw new ArgumentNullException(nameof(provider));
this._provider = provider;
}
public void Apply(OpenApiDocument swaggerDoc,DocumentFilterContext context)
{
var allTypes = AppDomain.CurrentDomain.GetAssemblies().SelectMany(i => i.GetTypes()).ToList();
var http = this._provider.GetRequiredService<IHttpContextAccessor>();
var authorizedIds = new[] { "00000000-1111-2222-1111-000000000000" }; // All the authorized user id's.
// When using this in a real application,you should store these safely using appsettings or some other method.
var userId = http.HttpContext.User.Claims.Where(x => x.Type == "jti").Select(x => x.Value).FirstOrDefault();
var show = http.HttpContext.User.Identity.IsAuthenticated && authorizedIds.Contains(userId);
//var Securitytoken = new JwtSecurityTokenHandler().CreateToken(tokenDescriptor);
//var tokenstring = new JwtSecurityTokenHandler().WriteToken(Securitytoken);
//var token = new JwtSecurityTokenHandler().ReadJwtToken(tokenstring);
//var claim = token.Claims.First(c => c.Type == "email").Value;
Parametros parametros = new Parametros();
if (!show)
{
var descriptions = context.ApiDescriptions.ToList();
foreach (var description in descriptions)
{
// Expose login so users can login through Swagger.
if (description.HttpMethod == "POST" && description.RelativePath == "denarioapi/v1/auth/login")
continue;
var route = "/" + description.RelativePath.TrimEnd('/');
OpenApiPathItem path;
swaggerDoc.Paths.TryGetValue(route,out path);
switch(route)
{
case string s when s.Contains("/Contabilidad"):
if (parametros.contabilidadApi != "1")
{
swaggerDoc.Paths.Remove(route);
}
break;
case string s when s.Contains("/Identificativos"):
if (parametros.identificativosApi != "1")
{
swaggerDoc.Paths.Remove(route);
}
break;
case string s when s.Contains("/Centros"):
if (parametros.centrosApi != "1")
{
swaggerDoc.Paths.Remove(route);
}
break;
case string s when s.Contains("/Contratos"):
if (parametros.contratosApi != "1")
{
swaggerDoc.Paths.Remove(route);
}
break;
case string s when s.Contains("/Planificacion"):
if (parametros.planificacionApi != "1")
{
swaggerDoc.Paths.Remove(route);
}
break;
case string s when s.Contains("/Puestotrabajo"):
if (parametros.puestotrabajoApi != "1")
{
swaggerDoc.Paths.Remove(route);
}
break;
case string s when s.Contains("/Usuarios"):
if (parametros.usuariosApi != "1")
{
swaggerDoc.Paths.Remove(route);
}
break;
default:
break;
}
// remove method or entire path (if there are no more methods in this path)
//switch (description.HttpMethod)
//{
//case "DELETE": path. = null; break;
//case "GET": path.Get = null; break;
//case "HEAD": path.Head = null; break;
//case "OPTIONS": path.Options = null; break;
//case "PATCH": path.Patch = null; break;
//case "POST": path.Post = null; break;
//case "PUT": path.Put = null; break;
//default: throw new ArgumentOutOfRangeException("Method name not mapped to operation");
//}
//if (path.Delete == null && path.Get == null &&
// path.Head == null && path.Options == null &&
// path.Patch == null && path.Post == null && path.Put == null)
//swaggerDoc.Paths.Remove(route);
}
}
foreach (var definition in swaggerDoc.Components.Schemas)
{
var type = allTypes.FirstOrDefault(x => x.Name == definition.Key);
if (type != null)
{
var properties = type.GetProperties();
foreach (var prop in properties.ToList())
{
var ignoreAttribute = prop.GetCustomAttribute(typeof(OpenApiIgnoreAttribute),false);
if (ignoreAttribute != null)
{
definition.Value.Properties.Remove(prop.Name);
}
}
}
}
}
}
Startup.cs 配置服务:
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1",new OpenApiInfo
{
Title = "API",Version = "v1",Description = "API (.NET 5.0)",Contact = new OpenApiContact()
{
Name = "Contact name",Url = null,Email = "email@email.com"
}
});
c.AddSecurityDefinition("Bearer",new OpenApiSecurityScheme
{
Description = @"Description",Name = "Authorization",In = ParameterLocation.Header,Type = SecuritySchemeType.Http,Scheme = "Bearer"
});
c.DocumentFilter<SwaggerIgnoreFilter>();
c.AddSecurityRequirement(new OpenApiSecurityRequirement()
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,Id = "Bearer"
},Scheme = "oauth2",Name = "Bearer",},new List<string>()
}
});
});
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
