swagger页面增加登录验证；不再将默认用户密码写入提示框；验证增加cookie模式；

vanjoge · Sep 23, 2024 · 96881e0 · 96881e0
1 parent f411023
commit 96881e0
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 13 deletions.
diff --git a/GBWeb/Filter/AuthenFilter.cs b/GBWeb/Filter/AuthenFilter.cs
@@ -30,11 +30,11 @@ public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
             }
             else
             {
-                if (await Check(context)) return;
+                if (await Check(context.HttpContext)) return;
                 context.Result = new JsonResult(new ApiResult(11001));
             }
         }
-        private async Task<bool> Check(AuthorizationFilterContext context)
+        public static async Task<bool> Check(HttpContext context)
         {
             if (GetHeadAuthorization(context, out var auth) && await Program.sipServer.DB.CheckToken(auth))
             {
@@ -53,13 +53,13 @@ private bool CheckAPIAuthorization(AuthorizationFilterContext context)
                 return true;
             }
 
-            return GetHeadAuthorization(context, out var auth)
+            return GetHeadAuthorization(context.HttpContext, out var auth)
                 && auth == Program.sipServer.Settings.APIAuthorization;
 
         }
-        private bool GetHeadAuthorization(AuthorizationFilterContext context, out StringValues auth)
+        private static bool GetHeadAuthorization(HttpContext context, out StringValues auth)
         {
-            foreach (var p in context.HttpContext.Request.Headers)
+            foreach (var p in context.Request.Headers)
             {
                 if ("authorization".IgnoreEquals(p.Key))
                 {
@@ -68,6 +68,11 @@ private bool GetHeadAuthorization(AuthorizationFilterContext context, out String
                     return true;
                 }
             }
+            if (context.Request.Cookies.TryGetValue("authorization", out var tmp))
+            {
+                auth = tmp;
+                return true;
+            }
             return false;
         }
         /// <summary>
@@ -96,4 +101,4 @@ private bool HasAllowAnonymous(FilterContext context)
         }
 
     }
-}
+}
diff --git a/GBWeb/Startup.cs b/GBWeb/Startup.cs
@@ -2,16 +2,12 @@
 using IGeekFan.AspNetCore.Knife4jUI;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.HttpsPolicy;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
-using Microsoft.Extensions.Options;
 using Microsoft.OpenApi.Models;
-using Swashbuckle.AspNetCore.SwaggerGen;
 using System;
-using System.Collections.Generic;
-using System.Linq;
 using System.Text.Json;
 using System.Threading.Tasks;
 
@@ -82,6 +78,7 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 
             if (Program.sipServer.Settings.SwaggerDoc)
             {
+                app.UseMiddleware<SwaggerAuthMiddleware>();
                 // 添加Swagger有关中间件
                 app.UseSwagger();
                 app.UseSwaggerUI(c =>
@@ -125,5 +122,31 @@ public override void Write(Utf8JsonWriter writer, DateTime value, JsonSerializer
                 writer.WriteStringValue(value.ToString("yyyy-MM-dd HH:mm:ss"));
             }
         }
+
+        public class SwaggerAuthMiddleware
+        {
+            private readonly RequestDelegate _next;
+
+            public SwaggerAuthMiddleware(RequestDelegate next)
+            {
+                _next = next;
+            }
+
+            public async Task Invoke(HttpContext context)
+            {
+                if (
+                    (context.Request.Path.StartsWithSegments("/swagger") || context.Request.Path.StartsWithSegments("/Help"))
+                    && !await AuthenFilter.Check(context))
+                {
+                    //context.Response.Redirect("/Login/SignIn");
+                    // 如果没有登录，重定向到登录页面或返回未授权状态
+                    context.Response.StatusCode = 401;
+                    await context.Response.WriteAsync("Unauthorized - Please login to access Swagger.");
+                    return;
+                }
+
+                await _next(context);
+            }
+        }
     }
 }
diff --git a/ui/src/store/modules/user.ts b/ui/src/store/modules/user.ts
@@ -50,12 +50,14 @@ export const useUserStore = defineStore({
       this.menus = [];
       this.userInfo = {};
       Storage.clear();
+      Storage.removeCookie('authorization');
     },
     /** 登录成功保存token */
     setToken(token: string) {
       this.token = token ?? '';
       const ex = 7 * 24 * 60 * 60 * 1000;
       Storage.set(ACCESS_TOKEN_KEY, this.token, ex);
+      Storage.setCookie('authorization', this.token, ex);
     },
     /** 登录 */
     async login(params: API.LoginParams) {

diff --git a/ui/src/views/login/index.vue b/ui/src/views/login/index.vue
@@ -7,7 +7,7 @@
     </div>
     <a-form layout="horizontal" :model="state.formInline" @submit.prevent="handleSubmit">
       <a-form-item>
-        <a-input v-model:value="state.formInline.UserName" size="large" placeholder="gbsip">
+        <a-input v-model:value="state.formInline.UserName" size="large" placeholder="请输入用户名">
           <template #prefix><user-outlined type="user" /></template>
         </a-input>
       </a-form-item>
@@ -16,7 +16,7 @@
           v-model:value="state.formInline.Password"
           size="large"
           type="password"
-          placeholder="admin"
+          placeholder="请输入密码"
           autocomplete="new-password"
         >
           <template #prefix><lock-outlined type="user" /></template>