swagger web api 学习总结 part2

Part1部分我们学习了在MVC Web Api 中使用Swagger 、和修改swagger的样式还有怎么引入自己的js文件，扩展自己的版本，Part2部分我们学习一下授权

授权分为三部分

1、BasicAuth

2、ApiKey

3、OAuth2

我们这里着重学习一下OAuth2 和ApiKey

下面先学习一下ApiKey，看一下上一节的效果图

头部有个文本框api_key，我们随便请求一个，看一下效果,它会在url后面加上？api_key=111

我们看一下index里面有这样一段代码，它的方式为query

   function addApiKeyAuthorization(){        var key = encodeURIComponent($('#input_apiKey')[0].value);        if (key && key.trim() != "") {          var apiKeyAuth = new SwaggerClient.ApiKeyAuthorization("api_key", key, "query");            window.swaggerUi.api.clientAuthorizations.add("api_key", apiKeyAuth);            log("added key " + key);        }      }      $('#input_apiKey').change(addApiKeyAuthorization);

还有一种方式是要在请求的头文件添加一个key，代码如下

  $('#input_apiKey').change(function() {            var key = $('#input_apiKey')[0].value;            if (key && key.trim() != "") {                swaggerUi.api.clientAuthorizations.add("key", new SwaggerClient.ApiKeyAuthorization("apiKey", key, "header"));            }        });

下面我们看一下什么时候用的header 中添加自定义的key，我的api方法自定义了一个ActionFilterAttribute，请求之前都要验证一下是否登录

 public override void OnActionExecuting(HttpActionContext actionContext)        {            BaseApiController bc = actionContext.ControllerContext.Controller as BaseApiController;            if (bc != null)            {                if (!bc.IsLogin)                {                    throw new HttpResponseException(new HttpResponseMessage()                    {                        StatusCode = System.Net.HttpStatusCode.Forbidden,                        Content = new StringContent("授权时间已过，请重新登录"),                        ReasonPhrase = "Please login again."                    });                }            }            base.OnActionExecuting(actionContext);        }

BaseApiController 代码如下：

public class BaseApiController : ApiController    {        private ICacheStrategy cache;        private int timeout = 3600;//过期时间1小时        public BaseApiController()        {            cache = Ioc.IoCHelper.Resolve<ICacheStrategy>("SessionCache");                    }        public string AccessToken        {            get            {                string token = HttpContext.Current.Request.Headers[AccessTokenData.Key_Header_Token];                return token;            }        }        protected ICacheStrategy Cache        {            get            {                return cache;            }        }        public AccessTokenData AccessTokenData        {            get            {                string key = AccessToken;                if (string.IsNullOrEmpty(key))                {                    return null;                 }                Guid tokenId;                try                {                    tokenId = Guid.Parse(key);                }                catch(Exception ex)                {                    Exception e = new Exception("Token Key不是正确的guid：" + key, ex);                    e.Log();                    return null;                }                try                {                    AccessTokenData data = cache.GetCache<AccessTokenData>("access_token_" + key);                    return data;                }                catch                {                    var token = UserService.Instance.GetUserAppToken(tokenId);                    if (token != null)                    {                        AccessTokenData atd = token.GetToken();                        SetAccessTokenData(key, atd);                        return atd;                    }                    return null;                }            }            set            {                SetAccessTokenData(AccessToken, value);            }        }        public void SetAccessTokenData(string token, AccessTokenData data)        {            cache.SetCache<AccessTokenData>("access_token_" + token, data, data.ExpiredTime);        }        public bool IsLogin        {            get            {                if (AccessTokenData != null)                {                    return true;                }                else                {                    return false;                }            }        }        public string Md5(string key)        {            byte[] hashvalue = (new MD5CryptoServiceProvider()).ComputeHash(Encoding.UTF8.GetBytes(key));            return BitConverter.ToString(hashvalue).Replace("-", "").ToLower();        }        public void ExceptionNotFound(string message)        {            var resp = new HttpResponseMessage(HttpStatusCode.NotFound)            {                Content = new StringContent(message),                ReasonPhrase = "对象没找到"            };            throw new HttpResponseException(resp);        }        public void ExceptionUnknown(Exception ex)        {            var resp = new HttpResponseMessage(HttpStatusCode.ExpectationFailed)            {                                Content = new StringContent(ex.Message),                ReasonPhrase = "其他异常"            };            throw new HttpResponseException(resp);        }    }

登录代码如下：

  [HttpPost]        [Route("api/user/login")]        public TestResult<AccessTokenData> Login(LoginModel login)        {            TestResult<AccessTokenData> result = new TestResult<AccessTokenData>();            try            {                user_sys_info usi = null;                if (login.PhoneNum == 0)                {                    //如果客户端提供了unionID，通过UnionID获取用户信息                    if (!string.IsNullOrEmpty(login.UnionId))                    {                        //测试使用，请删除                        result.exceptionGuid = Utility.SerializeHelper.JsonSerialize<LoginModel>(login);                        usi = UserService.Instance.GetUserSysInfoByUnionId(login.UnionId);                        if (usi == null)                        {                            result.statusCode = app.Model.StatusCode.Account_微信号未绑定账号;                            result.statusMessage = "微信号未绑定账号";                            return result;                        }                    }                    else                    {                        result.statusCode = app.Model.StatusCode.Account_微信号未绑定账号;                        result.statusMessage = "微信号未绑定账号";                        return result;                    }                }                else                {                    //测试使用，请删除                    result.exceptionGuid = "用户名登陆";                    usi = UserService.Instance.GetUserSysInfoByPhoneNum(login.PhoneNum);                }                if (usi != null)                {                    if ((login.PhoneNum == 0) //使用UnionID登陆                        || (usi.password.ToLower().Equals(login.PasswordMd5.ToLower())))                    {                                               var token = TokenExtention.GetToken(usi.id);                        SetAccessTokenData(token.Token, token);                        result.data = token;                        result.statusCode = app.Model.StatusCode.CODE_成功;                        //如果登陆信息中附带了微信UnionId，自动绑定微信UnionID                        if (!string.IsNullOrEmpty(login.UnionId))                        {                            UserService.Instance.BindingWexinUnionId(usi.id, login.UnionId, login.Nickname, login.OpenId, null);                        }                    }                    else                    {                        result.statusCode = app.Model.StatusCode.Account_密码不正确;                        result.statusMessage = "账号或密码不正确，请重新输入";                    }                }                else                {                    result.statusCode = app.Model.StatusCode.Account_用户名不存在;                    result.statusMessage = "账号或密码不正确，请重新输入";                }            }            catch (Exception ex)            {                result.exceptionGuid = ex.Log();                result.statusCode = app.Model.StatusCode.Account_不明原因登陆失败;                result.statusMessage = ex.Message;            }            return result;        }

所以我这里需要模拟一下登录的操作，通过用户名和密码做一下登录，将登录的信息放入缓存，并且返回到页面，那么后面的操作就可以用这个Key了，我目前是这样实现的：

1、从写了index页面，将这个index页面添加到swagger，patr1部分有说明怎么自定义html页面

2、在这个页面添加了两个文本框

<div class='input'>

<input type="text" name="username" maxlength="10"/>

<input type="password" maxlength="10" name="password"/><input type="button" value="登录" onclick="RuxiAuthorization()"/>

3、添加js，通过ajax请求登录方法并获取对应的key，并将自定义的test_api_token 写入头文件

function RuxiAuthorization() {        var username = $("input[name='username']").val();        var pwd = $("input[name='password']").val();        if (username != "" && pwd != "") {            $.ajax( {                type: "post",                url: "http://localhost:37776/api/Account/Logout",                data: { username: username, password: pwd },                success: function (data) {                                      var key = data.Id;                    swaggerUi.api.clientAuthorizations.add("key", new SwaggerClient.ApiKeyAuthorization("ruxi_api_token", key, "header"));                }            });        }    }

4、那么我们之后的请求的头文件就都会有这个key了,有图有真相

 API_KEY 方式就写到这里了，Part3部分我们学习一下swagger 里面OAuth2授权方式