【新增】Swagger访问增加简单权限验证，防止api文档投产情况下未特意屏蔽api文档访问权限的问题。

2025-12-06 16:13:26 +08:00 · 2023-12-17 01:02:37 +08:00
parent fbc68f72dc
commit 432614ffd0
5 changed files with 100 additions and 0 deletions
--- a/CoreCms.Net.Middlewares/MiddlewareHelpers.cs
+++ b/CoreCms.Net.Middlewares/MiddlewareHelpers.cs
@@ -82,5 +82,16 @@ namespace CoreCms.Net.Middlewares
            return app.UseMiddleware<RecordAccessLogsMildd>(dataSources);
        }

+
+        /// <summary>
+        /// Swagger授权中间件
+        /// </summary>
+        /// <param name="app"></param>
+        /// <returns></returns>
+        public static IApplicationBuilder UseSwaggerAuthorizedMildd(this IApplicationBuilder app)
+        {
+            return app.UseMiddleware<SwaggerBasicAuthMiddleware>();
+        }
+
    }
 }
--- a/CoreCms.Net.Middlewares/SwaggerBasicAuthMiddleware.cs
+++ b/CoreCms.Net.Middlewares/SwaggerBasicAuthMiddleware.cs
@@ -0,0 +1,62 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Net.Http.Headers;
+using System.Text;
+using System.Threading.Tasks;
+using CoreCms.Net.Configuration;
+using Microsoft.AspNetCore.Http;
+
+namespace CoreCms.Net.Middlewares
+{
+    /// <summary>
+    /// Swagger授权登录拦截
+    /// </summary>
+    public class SwaggerBasicAuthMiddleware
+    {
+
+        private readonly RequestDelegate next;
+        public SwaggerBasicAuthMiddleware(RequestDelegate next)
+        {
+            this.next = next;
+        }
+        public async Task InvokeAsync(HttpContext context)
+        {
+            var path = "/" + AppSettingsConstVars.SwaggerRoutePrefix;
+
+            if (context.Request.Path.StartsWithSegments(path))
+            {
+                string authHeader = context.Request.Headers["Authorization"];
+                if (authHeader != null && authHeader.StartsWith("Basic "))
+                {
+                    // Get the credentials from request header
+                    var header = AuthenticationHeaderValue.Parse(authHeader);
+                    var inBytes = Convert.FromBase64String(header.Parameter);
+                    var credentials = Encoding.UTF8.GetString(inBytes).Split(':');
+                    var username = credentials[0];
+                    var password = credentials[1];
+
+                    var swaggerUserName = AppSettingsConstVars.SwaggerUserName;
+                    var swaggerPassWord = AppSettingsConstVars.SwaggerPassWord;
+
+                    // validate credentials
+                    if (!string.IsNullOrEmpty(swaggerUserName) && !string.IsNullOrEmpty(swaggerPassWord) && username.Equals(swaggerUserName) && password.Equals(swaggerPassWord))
+                    {
+                        await next.Invoke(context).ConfigureAwait(false);
+                        return;
+                    }
+                }
+                context.Response.Headers["WWW-Authenticate"] = "Basic";
+                context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
+            }
+            else
+            {
+                await next.Invoke(context).ConfigureAwait(false);
+            }
+        }
+
+
+
+    }
+}