【新增】Swagger访问增加简单权限验证，防止api文档投产情况下未特意屏蔽api文档访问权限的问题。

2025-12-06 17:13:26 +08:00 · 2023-12-17 01:02:37 +08:00
parent fbc68f72dc
commit 432614ffd0
5 changed files with 100 additions and 0 deletions
--- a/CoreCms.Net.Configuration/AppSettingsConstVars.cs
+++ b/CoreCms.Net.Configuration/AppSettingsConstVars.cs
@@ -144,6 +144,25 @@ namespace CoreCms.Net.Configuration
        public static readonly string WeiXinAppSecret = AppSettingsHelper.GetContent("WeChatOptions", "WeiXinAppSecret");


+        #endregion
+
+        #region Swagger授权访问设置================================================================================
+        /// <summary>
+        /// Swagger文档默认访问路由地址
+        /// </summary>
+        public static readonly string SwaggerRoutePrefix = AppSettingsHelper.GetContent("SwaggerConfig", "RoutePrefix");
+
+        /// <summary>
+        /// Swagger文档登录账号
+        /// </summary>
+        public static readonly string SwaggerUserName = AppSettingsHelper.GetContent("SwaggerConfig", "UserName");
+
+        /// <summary>
+        /// Swagger文档登录密码
+        /// </summary>
+        public static readonly string SwaggerPassWord = AppSettingsHelper.GetContent("SwaggerConfig", "PassWord");
+
+
        #endregion

    }
--- a/CoreCms.Net.Middlewares/MiddlewareHelpers.cs
+++ b/CoreCms.Net.Middlewares/MiddlewareHelpers.cs
@@ -82,5 +82,16 @@ namespace CoreCms.Net.Middlewares
            return app.UseMiddleware<RecordAccessLogsMildd>(dataSources);
        }

+
+        /// <summary>
+        /// Swagger授权中间件
+        /// </summary>
+        /// <param name="app"></param>
+        /// <returns></returns>
+        public static IApplicationBuilder UseSwaggerAuthorizedMildd(this IApplicationBuilder app)
+        {
+            return app.UseMiddleware<SwaggerBasicAuthMiddleware>();
+        }
+
    }
 }
--- a/CoreCms.Net.Middlewares/SwaggerBasicAuthMiddleware.cs
+++ b/CoreCms.Net.Middlewares/SwaggerBasicAuthMiddleware.cs
@@ -0,0 +1,62 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Net.Http.Headers;
+using System.Text;
+using System.Threading.Tasks;
+using CoreCms.Net.Configuration;
+using Microsoft.AspNetCore.Http;
+
+namespace CoreCms.Net.Middlewares
+{
+    /// <summary>
+    /// Swagger授权登录拦截
+    /// </summary>
+    public class SwaggerBasicAuthMiddleware
+    {
+
+        private readonly RequestDelegate next;
+        public SwaggerBasicAuthMiddleware(RequestDelegate next)
+        {
+            this.next = next;
+        }
+        public async Task InvokeAsync(HttpContext context)
+        {
+            var path = "/" + AppSettingsConstVars.SwaggerRoutePrefix;
+
+            if (context.Request.Path.StartsWithSegments(path))
+            {
+                string authHeader = context.Request.Headers["Authorization"];
+                if (authHeader != null && authHeader.StartsWith("Basic "))
+                {
+                    // Get the credentials from request header
+                    var header = AuthenticationHeaderValue.Parse(authHeader);
+                    var inBytes = Convert.FromBase64String(header.Parameter);
+                    var credentials = Encoding.UTF8.GetString(inBytes).Split(':');
+                    var username = credentials[0];
+                    var password = credentials[1];
+
+                    var swaggerUserName = AppSettingsConstVars.SwaggerUserName;
+                    var swaggerPassWord = AppSettingsConstVars.SwaggerPassWord;
+
+                    // validate credentials
+                    if (!string.IsNullOrEmpty(swaggerUserName) && !string.IsNullOrEmpty(swaggerPassWord) && username.Equals(swaggerUserName) && password.Equals(swaggerPassWord))
+                    {
+                        await next.Invoke(context).ConfigureAwait(false);
+                        return;
+                    }
+                }
+                context.Response.Headers["WWW-Authenticate"] = "Basic";
+                context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
+            }
+            else
+            {
+                await next.Invoke(context).ConfigureAwait(false);
+            }
+        }
+
+
+
+    }
+}
--- a/CoreCms.Net.Web.WebApi/Program.cs
+++ b/CoreCms.Net.Web.WebApi/Program.cs
@@ -190,6 +190,8 @@ app.UseRequestResponseLog();
 app.UseRecordAccessLogsMildd(GlobalEnumVars.CoreShopSystemCategory.Api.ToString());
 // 记录ip请求 (注意开启权限，不然本地无法写入)
 app.UseIpLogMildd();
+// Swagger授权登录拦截
+app.UseSwaggerAuthorizedMildd();
 #endregion

 //强制显示中文
--- a/CoreCms.Net.Web.WebApi/appsettings.json
+++ b/CoreCms.Net.Web.WebApi/appsettings.json
@@ -13,6 +13,12 @@
    "Login": "CoreShopProfessional",
    "PassWord": "uzmp0oq9wfbdeasygj647vr53"
  },
+  //Swagger授权访问设置
+  "SwaggerConfig": {
+    "RoutePrefix": "doc", //路由地址，默认doc
+    "UserName": "",
+    "PassWord": ""
+  },
  "AppConfig": {
    "AppUrl": "https://admin.test.pro.coreshop.cn/", //后端管理地址
    "AppPcUrl": "https://pc.test.pro.coreshop.cn/", //PC端访问地址