feat：swagger增加权限

Author: anjoy8

Blog.Core.Api/Blog.Core.xml

@@ -266,5 +266,30 @@ public string Md5Password(string password = "")
         {
             return MD5Helper.MD5Encrypt32(password);
         }
+
+        /// <summary>
+        /// swagger登录
+        /// </summary>
+        /// <param name="loginRequest"></param>
+        /// <returns></returns>
+        [HttpPost]
+        [Route("swgLogin")]
+        public dynamic SwgLogin([FromBody] SwaggerLoginRequest loginRequest)
+        {
+            // 这里可以查询数据库等各种校验
+            if (loginRequest?.name == "admin" && loginRequest?.pwd == "admin")
+            {
+                HttpContext.Session.SetString("swagger-code", "success");
+                return new { result = true };
+            }
+
+            return new { result = false };
+        }
+    }
+
+    public class SwaggerLoginRequest
+    {
+        public string name { get; set; }
+        public string pwd { get; set; }
     }
 }

Blog.Core.Api/Controllers/LoginController.cs

@@ -92,6 +92,9 @@ public void ConfigureServices(IServiceCollection services)
 
             services.Configure<KestrelServerOptions>(x => x.AllowSynchronousIO = true)
                     .Configure<IISServerOptions>(x => x.AllowSynchronousIO = true);
+            
+            services.AddDistributedMemoryCache();
+            services.AddSession();
 
             services.AddControllers(o =>
             {
@@ -165,6 +168,8 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env, MyContex
                 //app.UseHsts();
             }
 
+            app.UseSession();
+            app.UseSwaggerAuthorized();
             // 封装Swagger展示
             app.UseSwaggerMildd(() => GetType().GetTypeInfo().Assembly.GetManifestResourceStream("Blog.Core.Api.index.html"));
 

Blog.Core.Api/Startup.cs

@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8" />
+    <title>默认首页</title>
+    <script src="http://code.jquery.com/jquery-1.8.3.min.js"></script>
+
+</head>
+<body>
+    <div id="requestMsg"></div>
+    <div style="text-align: center;">
+        <p>用户名：admin，密码：admin</p>
+        <input id="name" placeholder="name" type="text" />
+        <br />
+        <input id="pwd" placeholder="pwd" type="password" />
+        <br />
+        <input type="submit" onclick="submit()" value="submit" />
+    </div>
+    <script>
+        function submit() {
+            let postdata = {
+                "name": $("#name").val(),
+                "pwd": $("#pwd").val(),
+            };
+            if (!(postdata.name && postdata.pwd)) {
+                alert('参数不正确');
+                return
+            }
+            $.ajax({
+                url: "/api/Login/swgLogin",
+                type: "POST",
+                contentType: "application/json; charset=utf-8",
+                data: JSON.stringify(postdata),
+                dataType: 'json',
+                success: function (data) {
+                    if (data?.result) {
+                        window.location.href = "/index.html";
+                    } else {
+                        alert('参数不正确');
+                    }
+                }
+            });
+        }
+
+    </script>
+</body>
+</html>

Blog.Core.Api/wwwroot/swg-login.html

@@ -0,0 +1,78 @@
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using System;
+using System.Net;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Blog.Core.Middlewares
+{
+    public class SwaggerAuthMildd
+    {
+
+        private readonly RequestDelegate next;
+
+        public SwaggerAuthMildd(RequestDelegate next)
+        {
+            this.next = next;
+        }
+
+        public async Task InvokeAsync(HttpContext context)
+        {
+            // 也可以根据是否是本地做判断 IsLocalRequest
+            if (context.Request.Path.Value.ToLower().Contains("index.html"))
+            {
+                // 判断权限是否正确
+                if (IsAuthorized(context))
+                {
+                    await next.Invoke(context);
+                    return;
+                }
+
+                // 无权限，跳转swagger登录页
+                context.Response.Redirect("/swg-login.html");
+            }
+            else
+            {
+                await next.Invoke(context);
+            }
+        }
+
+        public bool IsAuthorized(HttpContext context)
+        {
+            // 使用session模式
+            // 可以使用其他的
+            return context.Session.GetString("swagger-code") == "success";
+        }
+
+        /// <summary>
+        /// 判断是不是本地访问
+        /// 本地不用swagger拦截
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns></returns>
+        public bool IsLocalRequest(HttpContext context)
+        {
+            if (context.Connection.RemoteIpAddress == null && context.Connection.LocalIpAddress == null)
+            {
+                return true;
+            }
+            if (context.Connection.RemoteIpAddress.Equals(context.Connection.LocalIpAddress))
+            {
+                return true;
+            }
+            if (IPAddress.IsLoopback(context.Connection.RemoteIpAddress))
+            {
+                return true;
+            }
+            return false;
+        }
+    }
+    public static class SwaggerAuthorizeExtensions
+    {
+        public static IApplicationBuilder UseSwaggerAuthorized(this IApplicationBuilder builder)
+        {
+            return builder.UseMiddleware<SwaggerAuthMildd>();
+        }
+    }
+}