2023年6月20日发(作者：)

四、Swagger验证（⾮全局token）⼀、⾮全局token 看起来全部是token验证，⽆法区分那个⽅法是需要token验证的和⾮token验证的，很混乱。 选择 实现IOperationFilter接⼝ 代码如下：using ization;using r;using rGen;using System;using c;using ;using tion;using ;namespace ZanLveCore{ public class SwaggerOperationFilter : IOperationFilter { public void Apply(ion operation, OperationFilterContext context) { ters = ters ?? new List(); var info = Info; MethodInfo(out info); try { Attribute attribute = tomAttribute(typeof(AuthorizeAttribute)); if (attribute != null) { (new BodyParameter { Name = "Authorization", @In = "header", Description = "access_token", Required = true }); } } catch { } } }}接下来调⽤ ionFilter(); 就好啦 效果如图：Authorization 的⼆、core3.1 全局⼩锁只是检查contorller的authroize注解。有就在swagger⽂档加锁。没有就不加。代码如下：using ization;using ions;using ;using r;using rGen;using System;using c;using ;using ;namespace r{ public class AuthResponsesOperationFilter : IOperationFilter { public void Apply(OpenApiOperation operation, OperationFilterContext context) { var authAttributes = tomAttributes(true) .Union(tomAttributes(true)) .OfType(); if (()) { ("401", new OpenApiResponse { Description = "未经许可的访问(Unauthorized)" }); ("403", new OpenApiResponse { Description = "禁⽌访问(Forbidden)" }); var BearerScheme = new OpenApiSecurityScheme { Reference = new OpenApiReference { Type = tyScheme, Id = "Bearer" } }; ty = new List { new OpenApiSecurityRequirement { [BearerScheme] = new List() } }; } } }}引⽤ 三、core 2.1 全局⼩锁只是检查contorller的authroize注解。有就在swagger⽂档加锁。没有就不加。using ization;using r;using rGen;using c;using ;namespace ZanLveCore{ public class AuthResponsesOperationFilter : IOperationFilter { public void Apply(Operation operation, OperationFilterContext context) { var authAttributes = tomAttributes(true) .Union(tomAttributes(true)) .OfType(); if (()) { ("401", new Response { Description = "未经许可的访问(Unauthorized)" }); ("403", new Response { Description = "禁⽌访问(Forbidden)" }); ty = new List>> { new Dictionary> { { "Bearer", () } } }; } } }}效果： 注意：虽然ui⼩锁实现，但是点击没触发，需要更改添加上⽀持Swagger验证 对应 代码如下： //添加⼀个必须的全局安全信息 /*var security = new Dictionary> { { "ZanLveCore", new string[] { } }, }; urityRequirement(security);*/ urityDefinition("Bearer", new ApiKeyScheme { Description = "JWT授权(数据将在请求头中进⾏传输) 在下⽅输⼊Bearer {token} 即可，注意两者之间有空格", Name = "Authorization",//jwt默认的参数名称 In = "header",//jwt默认存放Authorization信息的位置(请求头中) Type = "apiKey" }); // Token绑定到ConfigureServices

最好将Bearer更改ZanLveCore（授权解决⽅案名）