CoreShop/CoreCms.Net.Middlewares/SwaggerBasicAuthMiddleware.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http.Headers;
using System.Text;
using System.Threading.Tasks;
using CoreCms.Net.Configuration;
using Microsoft.AspNetCore.Http;

namespace CoreCms.Net.Middlewares
{
    /// <summary>
    /// Swagger授权登录拦截
    /// </summary>
    public class SwaggerBasicAuthMiddleware
    {

        private readonly RequestDelegate next;
        public SwaggerBasicAuthMiddleware(RequestDelegate next)
        {
            this.next = next;
        }
        public async Task InvokeAsync(HttpContext context)
        {
            var path = "/" + AppSettingsConstVars.SwaggerRoutePrefix;

            if (context.Request.Path.StartsWithSegments(path))
            {
                string authHeader = context.Request.Headers["Authorization"];
                if (authHeader != null && authHeader.StartsWith("Basic "))
                {
                    // Get the credentials from request header
                    var header = AuthenticationHeaderValue.Parse(authHeader);
                    var inBytes = Convert.FromBase64String(header.Parameter);
                    var credentials = Encoding.UTF8.GetString(inBytes).Split(':');
                    var username = credentials[0];
                    var password = credentials[1];

                    var swaggerUserName = AppSettingsConstVars.SwaggerUserName;
                    var swaggerPassWord = AppSettingsConstVars.SwaggerPassWord;

                    // validate credentials
                    if (!string.IsNullOrEmpty(swaggerUserName) && !string.IsNullOrEmpty(swaggerPassWord) && username.Equals(swaggerUserName) && password.Equals(swaggerPassWord))
                    {
                        await next.Invoke(context).ConfigureAwait(false);
                        return;
                    }
                }
                context.Response.Headers["WWW-Authenticate"] = "Basic";
                context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
            }
            else
            {
                await next.Invoke(context).ConfigureAwait(false);
            }
        }



    }
}