Swagger 是否可以从 URL 查询字符串中获取授权令牌?
Is it possible for Swagger to get the authorization token from URL query string?
在 .NET Core 项目中,我添加了一个安全定义(底部的代码),它向页面添加了一个授权按钮,用户可以输入 api 密钥 - 一切正常。
是否可以在 URL 中指定 api 键,以便 Swagger 自动使用它而不必输入它?像 /swagger/index.html?authorization=0123456789 或类似的东西。
现有代码:
services.AddSwaggerGen(c => {
...
c.AddSecurityDefinition("api key", new ApiKeyScheme() {
Description = "Authorization query string expects API key",
In = "query",
Name = "authorization",
Type = "apiKey"
});
var requirements = new Dictionary<string, IEnumerable<string>> {
{ "api key", new List<string>().AsEnumerable() }
};
c.AddSecurityRequirement(requirements);
});
似乎带有 authorization 参数的 URL 应该起作用,但它不起作用。
P.S。使用 Swashbuckle 4.0.x
这确实是可能的,但您必须覆盖 Swagger-UI 的索引页面,以便您可以将自定义处理程序插入 onComplete 回调。
- 从 Swashbuckle's source repo 中获取最新的 index.html(理想情况下,获取匹配的版本)
- 调整
configObject 以添加 OnComplete 回调处理程序,以便在 UI 准备就绪时调用 preauthorizeApiKey
- 覆盖
UserSwaggerUI 扩展方法中的 IndexStream 以提供自定义 html
我最终得到了以下设置(为简洁起见省略了一些位):
wwwroot/swashbuckle.html
<!-- your standard HTML here, nothing special -->
<script>
// some boilerplate initialisation
// Begin Swagger UI call region
configObject.onComplete = () => {
// get the authorization portion of the query string
var urlParams = new URLSearchParams(window.location.search);
if (urlParams.has('authorization')) {
var apikey = urlParams.get('authorization');
// this is the important bit, see documentation
ui.preauthorizeApiKey('api key', apikey );// key name must match the one you defined in AddSecurityDefinition method in Startup.cs
}
}
const ui = SwaggerUIBundle(configObject);
window.ui = ui
}
</script>
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
.........
services.AddSwaggerGen(c => {
c.SwaggerDoc("v1", new Info { Title = "You api title", Version = "v1" });
c.AddSecurityDefinition("api key", new ApiKeyScheme() // key name must match the one you supply to preauthorizeApiKey call in JS
{
Description = "Authorization query string expects API key",
In = "query",
Name = "authorization",
Type = "apiKey"
});
var requirements = new Dictionary<string, IEnumerable<string>> {
{ "api key", new List<string>().AsEnumerable() }
};
c.AddSecurityRequirement(requirements);
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.IndexStream = () => File.OpenRead("wwwroot/swashbuckle.html"); // this is the important bit. see documentation https://github.com/domaindrivendev/Swashbuckle.AspNetCore/blob/master/README.md
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1"); // very standard Swashbuckle init
});
app.UseMvc();
}
完成所有这些后,使用 ?authorization=1234567890 调用标准 swagger URL 应该会自动授权页面。
在 .NET Core 项目中,我添加了一个安全定义(底部的代码),它向页面添加了一个授权按钮,用户可以输入 api 密钥 - 一切正常。
是否可以在 URL 中指定 api 键,以便 Swagger 自动使用它而不必输入它?像 /swagger/index.html?authorization=0123456789 或类似的东西。
现有代码:
services.AddSwaggerGen(c => {
...
c.AddSecurityDefinition("api key", new ApiKeyScheme() {
Description = "Authorization query string expects API key",
In = "query",
Name = "authorization",
Type = "apiKey"
});
var requirements = new Dictionary<string, IEnumerable<string>> {
{ "api key", new List<string>().AsEnumerable() }
};
c.AddSecurityRequirement(requirements);
});
似乎带有 authorization 参数的 URL 应该起作用,但它不起作用。
P.S。使用 Swashbuckle 4.0.x
这确实是可能的,但您必须覆盖 Swagger-UI 的索引页面,以便您可以将自定义处理程序插入 onComplete 回调。
- 从 Swashbuckle's source repo 中获取最新的 index.html(理想情况下,获取匹配的版本)
- 调整
configObject以添加OnComplete回调处理程序,以便在 UI 准备就绪时调用preauthorizeApiKey - 覆盖
UserSwaggerUI扩展方法中的IndexStream以提供自定义 html
我最终得到了以下设置(为简洁起见省略了一些位):
wwwroot/swashbuckle.html
<!-- your standard HTML here, nothing special -->
<script>
// some boilerplate initialisation
// Begin Swagger UI call region
configObject.onComplete = () => {
// get the authorization portion of the query string
var urlParams = new URLSearchParams(window.location.search);
if (urlParams.has('authorization')) {
var apikey = urlParams.get('authorization');
// this is the important bit, see documentation
ui.preauthorizeApiKey('api key', apikey );// key name must match the one you defined in AddSecurityDefinition method in Startup.cs
}
}
const ui = SwaggerUIBundle(configObject);
window.ui = ui
}
</script>
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
.........
services.AddSwaggerGen(c => {
c.SwaggerDoc("v1", new Info { Title = "You api title", Version = "v1" });
c.AddSecurityDefinition("api key", new ApiKeyScheme() // key name must match the one you supply to preauthorizeApiKey call in JS
{
Description = "Authorization query string expects API key",
In = "query",
Name = "authorization",
Type = "apiKey"
});
var requirements = new Dictionary<string, IEnumerable<string>> {
{ "api key", new List<string>().AsEnumerable() }
};
c.AddSecurityRequirement(requirements);
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.IndexStream = () => File.OpenRead("wwwroot/swashbuckle.html"); // this is the important bit. see documentation https://github.com/domaindrivendev/Swashbuckle.AspNetCore/blob/master/README.md
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1"); // very standard Swashbuckle init
});
app.UseMvc();
}
完成所有这些后,使用 ?authorization=1234567890 调用标准 swagger URL 应该会自动授权页面。