10

我正在使用库 Swashbuckle。目前没有它的stackoverflow标签。

我不太了解这里的文档:https ://github.com/domaindrivendev/Swashbuckle/blob/master/README.md

标题为“描述安全/授权方案”的部分提到了一段代码

   c.ApiKey("apiKey")
                .Description("API Key Authentication")
                .Name("apiKey")
                .In("header");

但是,当我包含此内容时,什么也没有发生。我也希望它只出现在某些 API 方法上。它确实提到

“需要与文档中相应的“安全”属性相结合“

但我不明白这一点。

谁能解释一下?

4

3 回答 3

5

我有同样的问题并以这种方式解决:

在 SwaggerConfig:

var applyApiKeySecurity = new ApplyApiKeySecurity(
    key: "ServiceBusToken",
    name: "Authorization",
    description: "Service Bus Token, e.g. 'SharedAccessSignature sr=...&sig=...&se=...&skn=...'",
    @in: "header"
);
applyApiKeySecurity.Apply(c);

应用ApiKeySecurity:

public class ApplyApiKeySecurity : IDocumentFilter, IOperationFilter
{
    public ApplyApiKeySecurity(string key, string name, string description, string @in)
    {
        Key = key;
        Name = name;
        Description = description;
        In = @in;
    }

    public string Description { get; private set; }

    public string In { get; private set; }

    public string Key { get; private set; }

    public string Name { get; private set; }

    public void Apply(SwaggerDocument swaggerDoc, SchemaRegistry schemaRegistry, System.Web.Http.Description.IApiExplorer apiExplorer)
    {
        IList<IDictionary<string, IEnumerable<string>>> security = new List<IDictionary<string, IEnumerable<string>>>();
        security.Add(new Dictionary<string, IEnumerable<string>> {
            {Key, new string[0]}
        });

        swaggerDoc.security = security;
    }

    public void Apply(Operation operation, SchemaRegistry schemaRegistry, System.Web.Http.Description.ApiDescription apiDescription)
    {
        operation.parameters = operation.parameters ?? new List<Parameter>();
        operation.parameters.Add(new Parameter
        {
            name = Name,
            description = Description,
            @in = In,
            required = true,
            type = "string"
        });
    }

    public void Apply(Swashbuckle.Application.SwaggerDocsConfig c)
    {
        c.ApiKey(Key)
            .Name(Name)
            .Description(Description)
            .In(In);
        c.DocumentFilter(() => this);
        c.OperationFilter(() => this);
    }
}

然后 swagger 文件具有安全定义:

"securityDefinitions":{  
  "ServiceBusToken":{  
     "type":"apiKey",
     "description":"Service Bus Token, e.g. 'SharedAccessSignature sr=...&sig=...&se=...&skn=...'",
     "name":"Authorization",
     "in":"header"
  }
}

应用于文档级别的所有操作:

"security":[  
  {  
     "ServiceBusToken":[]
  }
]

并且所有操作都分配了 header 参数:

"parameters":[  
   {  
      "name":"Authorization",
      "in":"header",
      "description":"Service Bus Token, e.g. 'SharedAccessSignature sr=...&sig=...&se=...&skn=...'",
      "required":true,
      "type":"string"
   }
]
于 2015-04-22T11:08:54.330 回答
2

Swashbuckle 维护者建议我们提供自定义 index.html 来执行此操作,因为他将在下一个主要版本中删除这些配置。看到这个问题

提供您自己的“索引”文件

当请求“索引”时,使用CustomAsset选项指示 Swashbuckle 返回您的版本而不是默认版本。与所有自定义内容一样,该文件必须作为“嵌入式资源”包含在您的项目中,然后将资源的“逻辑名称”传递给方法,如下所示。有关分步说明,请参阅注入自定义内容。

为了兼容性,您应该基于此版本自定义“index.html” 。

httpConfiguration
    .EnableSwagger(c => c.SingleApiVersion("v1", "A title for your API"))
    .EnableSwaggerUi(c =>
        {
            c.CustomAsset("index", yourAssembly, "YourWebApiProject.SwaggerExtensions.index.html");
        });

在 index.html 中,您需要将下面的方法更改为如下所示:

function addApiKeyAuthorization(){
    var key = encodeURIComponent($('#input_apiKey')[0].value);
    if(key && key.trim() != "") {
        var apiKeyAuth = new SwaggerClient.ApiKeyAuthorization("sessionId", key, "header");
        window.swaggerUi.api.clientAuthorizations.add("sessionId", apiKeyAuth);
        log("added key " + key);
    }
}
于 2015-08-28T02:29:29.850 回答
0
        config.EnableSwagger(c =>
        {
            c.SingleApiVersion("v1", "TestApiWithToken");

            c.ApiKey("Token")
            .Description("Filling bearer token here")
            .Name("Authorization")
            .In("header");
        })
        .EnableSwaggerUi(c =>
        {
            c.EnableApiKeySupport("Authorization", "header");
        });
于 2018-04-28T00:57:38.963 回答