Swagger原理
Swagger就是利用反射技术遍历所有Api接口,并且从xml文件中读取注释,在利用Swagger内置的模板组合html显示至客户端实现接口可视化,并且可调用。
在WEB Api中,引入了面向切面编程(AOP)的思想,在某些特定的位置可以插入特定的Filter进行过程拦截处理。引入了这一机制可以更好地践行DRY(Don’t Repeat Yourself)思想,通过Filter能统一地对一些通用逻辑进行处理,如:权限校验、参数加解密、参数校验等方面我们都可以利用这一特性进行统一处理,今天我们来介绍Filter的开发、使用以及讨论他们的执行顺序。
Filter的开发和调用
在默认的WebApi中,框架提供了三种Filter,他们的功能和运行条件如下表所示:
| Filter 类型 | 实现的接口 | 描述 |
|---|---|---|
| Authorization | IAuthorizationFilter | 最先运行的Filter,被用作请求权限校验 |
| Action | IActionFilter | 在Action运行的前、后运行 |
| Exception | IExceptionFilter | 当异常发生的时候运行 |
添加注册全局Filter的方法
1.创建一个ApiAuthorizationFilterAttribute.cs和ApiExceptionFilterAttribute.cs两个文件:
ApiAuthorizationFilterAttribute.cs文件如下:
public class ApiAuthorizationFilterAttribute : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
//如果用户方位的Action带有AllowAnonymousAttribute,则不进行授权验证
if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any())
{
return;
}
var authorization = actionContext.Request.Headers.Authorization;
if (authorization == null || authorization.Scheme != "Bearer")
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new { status = "failed", message = "token不正确!!!" });
}
else
{
string username;
var token = authorization.Parameter;
//以下就是验证token的方法,可以自己写方法进行验证啦
if (!ValidateToken(token, out username))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new { status = "failed", message = "token不正确!!!" });
}
}
}
}
ApiExceptionFilterAttribute.cs如下:
/// <summary>
/// 捕捉异常
/// </summary>
public class ApiExceptionFilterAttribute : ExceptionFilterAttribute
{
/// <summary>
/// 重写基类的异常处理方法
/// </summary>
/// <param name="context"></param>
public override void OnException(HttpActionExecutedContext context)
{
//context.Exception.StackTrace
//1.异常日志记录
LogHelper.Error(context.Exception.ToString());
//2.返回调用方具体的异常信息
if (context.Exception is NotImplementedException)
{
context.Response = new HttpResponseMessage(HttpStatusCode.NotImplemented);
}
else if (context.Exception is TimeoutException)
{
context.Response = new HttpResponseMessage(HttpStatusCode.RequestTimeout);
}
else
{
//这里可以根据项目需要返回到客户端特定的状态码。如果找不到相应的异常,统一返回服务端错误500
context.Response = new HttpResponseMessage(HttpStatusCode.InternalServerError);
}
base.OnException(context);
}
private JsonMediaTypeFormatter _JsonFormatter;
private JsonMediaTypeFormatter JsonFormatter
{
get
{
if (_JsonFormatter == null)
{
_JsonFormatter = new JsonMediaTypeFormatter();
_JsonFormatter.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
}
return _JsonFormatter;
}
}
}
2.在WebApiConfig.cs文件中添加”注册全局Filter“的那两行
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Web API 配置和服务
// Web API 路由
config.MapHttpAttributeRoutes();
//注册全局Filter
config.Filters.Add(new ApiAuthorizationFilterAttribute());
config.Filters.Add(new ApiExceptionFilterAttribute());
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
log4net.Config.XmlConfigurator.Configure();
}
}
3.进行swagger的相关配置,新建一个HttpHeaderFilter.cs文件:
public class HttpHeaderFilter : IOperationFilter
{
public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription)
{
if (operation.parameters == null)
{
operation.parameters = new List<Parameter>();
}
var filterPipeline = apiDescription.ActionDescriptor.GetFilterPipeline(); //判断是否添加权限过滤器
var isAuthorized = filterPipeline.Select(filterInfo => filterInfo.Instance).Any(filter => filter is ApiAuthorizationFilterAttribute); //判断是否需要经过验证
var allowAnonymous = apiDescription.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any();//判断是否否允许匿名方法
if (isAuthorized && !allowAnonymous)
{
operation.parameters.Add(new Parameter { name = "Authorization", @in = "header", description = "Token", required = false, type = "string" });
}
}
}
4.在文件SwaggerConfig.cs文件中找到Register方法,GlobalConfiguration.Configuration.EnableSwagger中添加:
c.OperationFilter<HttpHeaderFilter>();
大功告成,如下图:
