6

指出正确的文档、教程、示例,或者提供一个,展示如何在 Python 中 Swagger 生成的 API 客户端中的特定标头中添加特定的身份验证令牌?

这是我尝试过的:
我的 API 调用使用正确的 curl 命令可以正常工作:

curl -v -H 'X-CAG-Authorization: AG_CONSUMER_TOKEN access-key=31337-70k3n' \
     'https://api.company.net/api/v1/user/detail?user=1'

*   Trying 10.10.1.10...
* Connected to api.company.net (10.10.1.10) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: *.company.net
* Server certificate: COMODO RSA Organization Validation Secure Server CA
* Server certificate: COMODO RSA Certification Authority
> GET /api/v1/user/detail?user=1 HTTP/1.1
> Host: api.company.net
> User-Agent: curl/7.49.1
> Accept: */*
> X-CAG-Authorization: AG_CONSUMER_TOKEN access-key=31337-70k3n
> 
< HTTP/1.1 200 OK
< Server: openresty
< Date: Thu, 22 Dec 2016 19:46:05 GMT
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Connection: close
< Vary: Accept-Encoding
< Vary: Accept-Encoding
< X-UA-Compatible: IE=edge
< 
{"successful":true,"message":"SUCCESS","body":{"…

但是,当我在我的 Python (2.7.12) 客户端中尝试相同的基本请求时,我得到了授权失败,尽管确认令牌使其成为即将使用的标头。有关使用客户端的正确方法或如何获取确切请求和响应的更多详细信息的更多详细信息,我们将不胜感激。

/Users/me/VEnvs/sku-grade/bin/python /Users/me/prj/code/python_client/api_example.py
HEADERS:
{'X-CAG-Authorization': 'AG_CONSUMER_TOKEN access-key=31337-70k3n', 'User-Agent': 'Swagger-Codegen/1.0.0/python'}
Exception when calling SupplierApi->get_api_v1_user_details: (401)
Reason: Unauthorized
HTTP response headers: HTTPHeaderDict({'Date': 'Thu, 22 Dec 2016 21:09:30 GMT', 'Content-Length': '636', 'Content-Type': 'application/json; charset=UTF-8', 'Connection': 'keep-alive', 'Server': 'nginx'})
HTTP response body: {
  "code" : "PRECONDITION_FAILED",
  "type" : "UnauthorizedApiDeniedException",
  "message" : "Target API(/api/v1/user/details) is not available, you have to get a grant in advance.",
  "messages" : {…

这是一个招摇的 api 规范:swagger.yaml

---
swagger: "2.0"
info:
  description: "API"
  version: "TEMPORARY"
  title: "User Details"
  termsOfService: "http://wiki.company.net/tos"
  contact:
    name: "…"
  license:
    name: "…"
host: "api.company.net"
basePath: "/api/v1"
tags:
- name: "supplier"
  description: "Supplier"
schemes:
- "https"
produces:
- "application/json"
paths:
  /user/details:
    get:
      tags:
      - "supplier"
      summary: "userDetails"
      operationId: "getApiV1UserDetails"
      consumes:
      - "application/json"
      produces:
      - "application/json;charset=utf-8"
      parameters:
      - name: "user"
        in: "query"
        description: "user id"
        required: true
        type: "integer"
        format: "Long"
      responses:
        200:
          description: "OK"
          schema:
            $ref: "#/definitions/SupplierResponseOfUserDetailsDto"
        401:
          description: "Unauthorized"
        403:
          description: "Forbidden"
        404:
          description: "Not Found"
definitions:
  SupplierResponseOfUserDetailsDto:
    type: "object"
    properties:
      body:
        $ref: "#/definitions/UserDetailsDto"
      message:
        type: "string"
      successful:
        type: "boolean"
  UserDetailsDto:
    type: "object"
    properties:
      name:
        type: "string"

swagger-codegen 是从http://editor.swagger.io/运行的,我按照 api 示例尝试添加额外的标头:api_example.py

from __future__ import print_function
import time
import swagger_client
from swagger_client import ApiClient
from swagger_client import Configuration
from swagger_client.rest import ApiException
from pprint import pprint

# Setup the authentication token header
conf = Configuration()
conf.api_key_prefix = {"teamname": "AG_CONSUMER_TOKEN"}
conf.api_key = {
    "teamname": "access-key=31337-70k3n"
}
conf.api_client = ApiClient(None, "X-CAG-Authorization",
                            conf.get_api_key_with_prefix("teamname"))

# create an instance of the API class
api_instance = swagger_client.SupplierApi()
user = 1
try:
    api_response = api_instance.get_api_v1_user_details(user)
    pprint(api_response)
except ApiException as e:
    print("Exception when calling "
          "SupplierApi->get_api_v1_user_details: %s\n" % e)

通过将 aprint(self.api_client.default_headers)放入supplier_api.py我可以看到标题确实似乎已设置。

{'X-CAG-Authorization': 'AG_CONSUMER_TOKEN access-key=31337-70k3n', 'User-Agent': 'Swagger-Codegen/1.0.0/python'}

那么我应该在我的示例中更改什么以使其传递标头并完全按照简单 curl 调用的方式获得授权?

更新我也尝试过定义它:

      security:
      - api_key: []
securityDefinitions:
  api_key:
    type: "apiKey"
    name: "X-CAG-Authorization"
    in: "header"

然后只设置密钥:

swagger_client.configuration.api_key['X-CAG-Authorization'] = \
    'access-key=31337-70k3n'
swagger_client.configuration.api_key_prefix['X-CAG-Authorization'] = \
    'AG_CONSUMER_TOKEN'

但是除了标题从我打印的默认标题中消失之外,这并没有太大变化。

4

2 回答 2

3

我已经尝试了您的代码示例,看起来您的标头实际上已传递给服务器。

您可以通过在此之前添加print headers到文件来确认这一点:swagger_client/rest.py

r = self.pool_manager.request(method, url,
                              fields=query_params,
                              preload_content=_preload_content,
                              timeout=timeout,
                              headers=headers)

你确定服务器端没有问题吗?也许有些标头破坏了身份验证?

以下 curl 命令是否也有效?

curl -v \
 -H 'X-CAG-Authorization: AG_CONSUMER_TOKEN access-key=31337-70k3n' \
 -H 'Content-Type: application/json' \
 -H 'Accept: application/json;charset=utf-8' \
 -H 'User-Agent: Swagger-Codegen/1.0.0/python' \
 'https://api.company.net/api/v1/user/detail?user=1'

因为这应该给你返回到 swagger 的完全相同的答案,即 401 错误。如果是这样,您可以在服务器端从那里进行调试。如果没有,我不知道。

于 2017-01-02T23:07:23.057 回答
2

在您的规范中,您将需要描述类似于OpenAPI/Swagger 规范部分中定义的此示例的安全设置(在您的情况下为 API 密钥)。securityDefinitions

然后在端点中,您将需要“应用”类似于此示例的安全定义

之后,您可以在自动生成的 Python API 客户端的configuration.py中设置 API 密钥,HTTP 请求将相应地包含 API 密钥(在规范的安全设置中定义的标头或 URL 查询字符串中)

自从 Swagger Codegen 的最后一个稳定版本以来,自动生成的 Python API 客户端已经有了相当多的增强,所以我建议你拉最新的 master 并在本地构建 JAR 以生成 API 客户端。

于 2017-01-04T03:58:36.180 回答