public void It_should_apply_all_configured_operation_filters()
{
var operationFilters = new IOperationFilter[] {new AddStandardResponseCodes(), new AddAuthResponseCodes()};
var swaggerProvider = GetSwaggerProvider(operationFilters: operationFilters);
Api(swaggerProvider, "Products", "/products", api =>
{
Operation(api, "GET", 0, operation => Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(api, "GET", 1, operation => Assert.AreEqual(2, operation.ResponseMessages.Count));
});
Api(swaggerProvider, "Products", "/products/{id}/suspend", api =>
Operation(api, "PUT", 0, operation => Assert.AreEqual(2, operation.ResponseMessages.Count)));
Api(swaggerProvider, "Customers", "/customers", api =>
Operation(api, "POST", 0, operation => Assert.AreEqual(2, operation.ResponseMessages.Count)));
Api(swaggerProvider, "Customers", "/customers/{id}", api =>
Operation(api, "PUT", 0, operation => Assert.AreEqual(2, operation.ResponseMessages.Count)));
Api(swaggerProvider, "RandomStuff", "/kittens", api =>
Operation(api, "POST", 0, operation => Assert.AreEqual(2, operation.ResponseMessages.Count)));
Api(swaggerProvider, "RandomStuff", "/unicorns", api =>
Operation(api, "POST", 0, operation => Assert.AreEqual(2, operation.ResponseMessages.Count)));
Api(swaggerProvider, "RandomStuff", "/unicorns/{id}", api =>
Operation(api, "DELETE", 0, operation => Assert.AreEqual(3, operation.ResponseMessages.Count)));
}
public VerifySignFilter(ILogger <VerifySignFilter> logger, IConfiguration configuration, IOperationFilter verifySignCommon, VerifySignOption verifySignOption)
{
_logger = logger;
_configuration = configuration;
_verifySignCommon = verifySignCommon;
_verifySignOption = verifySignOption;
}
public void It_should_apply_all_configured_operation_filters()
{
var operationFilters = new IOperationFilter[] { new AddStandardResponseCodes(), new AddAuthorizationResponseCodes() };
var swaggerProvider = GetSwaggerProvider(operationFilters: operationFilters);
Operation(swaggerProvider, "Orders", "/api/orders", 0, "POST", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerProvider, "Orders", "/api/orders", 0, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerProvider, "Orders", "/api/orders", 1, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerProvider, "Orders", "/api/orders/{id}", 0, "DELETE", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerProvider, "OrderItems", "/api/orders/{orderId}/items/{id}", 0, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerProvider, "OrderItems", "/api/orders/{orderId}/items", 0, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerProvider, "OrderItems", "/api/orders/{orderId}/items", 0, "PUT", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerProvider, "Customers", "/api/customers/{id}", 0, "GET", operation =>
Assert.AreEqual(3, operation.ResponseMessages.Count));
Operation(swaggerProvider, "Customers", "/api/customers/{id}", 0, "DELETE", operation =>
Assert.AreEqual(3, operation.ResponseMessages.Count));
Operation(swaggerProvider, "Products", "/api/products", 0, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
}
public void It_should_apply_all_configured_operation_filters()
{
var operationFilters = new IOperationFilter[] { new AddStandardResponseCodes(), new AddAuthResponseCodes() };
var swaggerProvider = GetSwaggerProvider(operationFilters: operationFilters);
Api(swaggerProvider, "Products", "/products", api =>
{
Operation(api, "GET", 0, operation => Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(api, "GET", 1, operation => Assert.AreEqual(2, operation.ResponseMessages.Count));
});
Api(swaggerProvider, "Products", "/products/{id}/suspend", api =>
Operation(api, "PUT", 0, operation => Assert.AreEqual(2, operation.ResponseMessages.Count)));
Api(swaggerProvider, "Customers", "/customers", api =>
Operation(api, "POST", 0, operation => Assert.AreEqual(2, operation.ResponseMessages.Count)));
Api(swaggerProvider, "Customers", "/customers/{id}", api =>
Operation(api, "PUT", 0, operation => Assert.AreEqual(2, operation.ResponseMessages.Count)));
Api(swaggerProvider, "RandomStuff", "/kittens", api =>
Operation(api, "POST", 0, operation => Assert.AreEqual(2, operation.ResponseMessages.Count)));
Api(swaggerProvider, "RandomStuff", "/unicorns", api =>
Operation(api, "POST", 0, operation => Assert.AreEqual(2, operation.ResponseMessages.Count)));
Api(swaggerProvider, "RandomStuff", "/unicorns/{id}", api =>
Operation(api, "DELETE", 0, operation => Assert.AreEqual(3, operation.ResponseMessages.Count)));
}
public void It_should_apply_all_configured_operation_filters()
{
var operationFilters = new IOperationFilter[] {new AddStandardResponseCodes(), new AddAuthorizationResponseCodes()};
var swaggerProvider = GetSwaggerProvider(operationFilters: operationFilters);
Operation(swaggerProvider, "Orders", "/api/orders", 0, "POST", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerProvider, "Orders", "/api/orders", 0, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerProvider, "Orders", "/api/orders", 1, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerProvider, "Orders", "/api/orders/{id}", 0, "DELETE", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerProvider, "OrderItems", "/api/orders/{orderId}/items/{id}", 0, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerProvider, "OrderItems", "/api/orders/{orderId}/items", 0, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerProvider, "OrderItems", "/api/orders/{orderId}/items", 0, "PUT", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerProvider, "Customers", "/api/customers/{id}", 0, "GET", operation =>
Assert.AreEqual(3, operation.ResponseMessages.Count));
Operation(swaggerProvider, "Customers", "/api/customers/{id}", 0, "DELETE", operation =>
Assert.AreEqual(3, operation.ResponseMessages.Count));
Operation(swaggerProvider, "Products", "/api/products", 0, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
}
public ExamplesOperationFilterTests()
{
var mvcJsonOptions = new MvcJsonOptions();
var options = Options.Create(mvcJsonOptions);
sut = new ExamplesOperationFilter(options);
}
public VerifySignAttribute()
{
_logger = IoC.Resolve <ILogger <VerifySignAttribute> >();
Order = 1;
_configuration = IoC.Resolve <IConfiguration>();
_verifySignCommon = IoC.Resolve <IOperationFilter>();
_verifySignOption = IoC.Resolve <VerifySignOption>();
}
public SwaggerSpecConfig OperationFilter(IOperationFilter operationFilter)
{
if (operationFilter == null)
{
throw new ArgumentNullException("operationFilter");
}
OperationFilters.Add(operationFilter);
return(this);
}
public SignMiddleware(RequestDelegate next, IConfiguration configuration,
ILogger <SignMiddleware> iLogger,
IMemoryCache memorycache,
IOperationFilter verifySignCommon)
{
_next = next;
_configuration = configuration;
_logger = iLogger;
_memorycache = memorycache;
_verifySignCommon = verifySignCommon;
}
public ServiceProviderExamplesOperationFilterWithXmlDataContractTests()
{
serviceProvider = Substitute.For <IServiceProvider>();
serviceProvider.GetService(typeof(IExamplesProvider <PersonResponse>)).Returns(new PersonResponseAutoExample());
var mvcOutputFormatter = new MvcOutputFormatter(FormatterOptions.WithXmlDataContractFormatter, new FakeLoggerFactory());
sut = new ServiceProviderExamplesOperationFilter(
serviceProvider,
new RequestExample(mvcOutputFormatter, Options.Create(new Swagger.SwaggerOptions())),
new ResponseExample(mvcOutputFormatter));
}
public ServiceProviderExamplesOperationFilterTests()
{
schemaGeneratorOptions = new SchemaGeneratorOptions();
var mvcOutputFormatter = new MvcOutputFormatter(FormatterOptions.WithXmlAndNewtonsoftJsonFormatters, new FakeLoggerFactory());
var requestExample = new RequestExample(mvcOutputFormatter, Options.Create(swaggerOptions));
var responseExample = new ResponseExample(mvcOutputFormatter);
serviceProvider = Substitute.For <IServiceProvider>();
serviceProvider.GetService(typeof(IExamplesProvider <PersonResponse>)).Returns(new PersonResponseAutoExample());
sut = new ServiceProviderExamplesOperationFilter(serviceProvider, requestExample, responseExample);
}
public ExamplesOperationFilterTests()
{
var options = Options.Create(new MvcJsonOptions());
var serializerSettingsDuplicator = new SerializerSettingsDuplicator(options);
var jsonFormatter = new JsonFormatter();
var serviceProvider = Substitute.For <IServiceProvider>();
var requestExample = new RequestExample(jsonFormatter, serializerSettingsDuplicator);
var responseExample = new ResponseExample(jsonFormatter, serializerSettingsDuplicator);
sut = new ExamplesOperationFilter(serviceProvider, requestExample, responseExample);
}
public ServiceProviderExamplesOperationFilterTests()
{
var options = Options.Create(new MvcJsonOptions());
var serializerSettingsDuplicator = new SerializerSettingsDuplicator(options);
var jsonFormatter = new JsonFormatter();
var requestExample = new RequestExample(jsonFormatter, serializerSettingsDuplicator);
var responseExample = new ResponseExample(jsonFormatter, serializerSettingsDuplicator);
serviceProvider = Substitute.For <IServiceProvider>();
serviceProvider.GetService(typeof(IExamplesProvider <PersonResponse>)).Returns(new PersonResponseAutoExample());
sut = new ServiceProviderExamplesOperationFilter(serviceProvider, requestExample, responseExample);
}
public ServiceProviderExamplesOperationFilterWithXmlDataContractTests()
{
serviceProvider = Substitute.For <IServiceProvider>();
serviceProvider.GetService(typeof(IExamplesProvider <PersonResponse>)).Returns(new PersonResponseAutoExample());
var jsonFormatter = new JsonFormatter();
var serializerSettingsDuplicator = new SerializerSettingsDuplicator(
Options.Create(new MvcJsonOptions()),
Options.Create(new SchemaGeneratorOptions()));
var mvcOutputFormatter = new MvcOutputFormatter(FormatterOptions.WithXmlDataContractFormatter, new FakeLoggerFactory());
sut = new ServiceProviderExamplesOperationFilter(
serviceProvider,
new RequestExample(jsonFormatter, serializerSettingsDuplicator, mvcOutputFormatter),
new ResponseExample(jsonFormatter, serializerSettingsDuplicator, mvcOutputFormatter));
}
public ServiceProviderExamplesOperationFilterTests()
{
var mvcJsonOptions = Options.Create(new MvcJsonOptions());
schemaGeneratorOptions = new SchemaGeneratorOptions();
var serializerSettingsDuplicator = new SerializerSettingsDuplicator(mvcJsonOptions, Options.Create(schemaGeneratorOptions));
var jsonFormatter = new JsonFormatter();
var mvcOutputFormatter = new MvcOutputFormatter(FormatterOptions.WithoutFormatters, new FakeLoggerFactory());
var requestExample = new RequestExample(jsonFormatter, serializerSettingsDuplicator, mvcOutputFormatter, Options.Create(swaggerOptions));
var responseExample = new ResponseExample(jsonFormatter, serializerSettingsDuplicator, mvcOutputFormatter);
serviceProvider = Substitute.For <IServiceProvider>();
serviceProvider.GetService(typeof(IExamplesProvider <PersonResponse>)).Returns(new PersonResponseAutoExample());
sut = new ServiceProviderExamplesOperationFilter(serviceProvider, requestExample, responseExample);
}
public void It_should_apply_all_configured_operation_filters()
{
var operationFilters = new IOperationFilter[] {new AddStandardErrorCodes(), new AddAuthorizationErrorCodes()};
var generator = CreateGenerator(operationFilters: operationFilters);
var swaggerSpec = generator.ApiExplorerToSwaggerSpec(_apiExplorer);
Operation(swaggerSpec, "/Orders", "/api/orders", 0, "POST", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerSpec, "/Orders", "/api/orders", 0, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerSpec, "/Orders", "/api/orders", 1, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerSpec, "/Orders", "/api/orders/{id}", 0, "DELETE", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerSpec, "/OrderItems", "/api/orders/{orderId}/items/{id}", 0, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerSpec, "/OrderItems", "/api/orders/{orderId}/items", 0, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerSpec, "/OrderItems", "/api/orders/{orderId}/items", 0, "PUT", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
Operation(swaggerSpec, "/Customers", "/api/customers/{id}", 0, "GET", operation =>
Assert.AreEqual(3, operation.ResponseMessages.Count));
Operation(swaggerSpec, "/Customers", "/api/customers/{id}", 0, "DELETE", operation =>
Assert.AreEqual(3, operation.ResponseMessages.Count));
Operation(swaggerSpec, "/Products", "/api/products", 0, "GET", operation =>
Assert.AreEqual(2, operation.ResponseMessages.Count));
}
public void AddOperationFilter(IOperationFilter operationFilter)
{
OperationFilters[operationFilter.Type].Add(operationFilter);
}
private async Task <Tuple <bool, string> > GetSignValue(HttpContext request, ILogger <VerifySignAttribute> _logger, VerifySignOption _verifySignOption, IOperationFilter _verifySignCommon)
{
try
{
var convertedDictionatry = request.Request.Query.ToDictionary(s => s.Key, s => s.Value);
var queryDic = new Dictionary <string, string>();
foreach (var item in convertedDictionatry)
{
queryDic.Add(item.Key.ToLower(), item.Value);
}
var encryptEnum = EncryptEnum.Default;
var commonParameters = _verifySignOption.CommonParameters;
if (!queryDic.ContainsKey(commonParameters.TimestampName) || !queryDic.ContainsKey(commonParameters.AppIdName) || !queryDic.ContainsKey(commonParameters.SignName))
{
_logger.LogWarning("url参数中未找到签名所需参数[timestamp];[appid];[EncryptFlag]或[sign]");
return(Tuple.Create <bool, string>(false, "签名参数缺失"));
}
if (queryDic.ContainsKey(commonParameters.EncryptFlag) && int.TryParse(queryDic[commonParameters.EncryptFlag].ToString(), out int encryptint))
{
encryptEnum = (EncryptEnum)encryptint;
}
var timestampStr = queryDic[commonParameters.TimestampName];
if (!long.TryParse(timestampStr, out long timestamp) || !CheckTime(timestamp, _verifySignOption))
{
_logger.LogWarning($"{timestampStr}时间戳已过期");
return(Tuple.Create <bool, string>(false, "请校准客户端时间后再试"));
}
var appIdString = queryDic[commonParameters.AppIdName].ToString();
if (string.IsNullOrEmpty(appIdString))
{
_logger.LogWarning(@"The request parameter is missing the Ak/Sk appID parameter
VerifySign:{
AppSecret:{
[AppId]:[Secret]
}}");
return(Tuple.Create <bool, string>(false, "服务异常,AppIdName未配置"));
}
var signvalue = queryDic[commonParameters.SignName].ToString();
queryDic.Remove(commonParameters.SignName);
var bodyValue = await SignCommon.ReadAsStringAsync(request);
if (!string.IsNullOrEmpty(bodyValue) && !"null".Equals(bodyValue))
{
bodyValue = Regex.Replace(bodyValue, @"\s(?=([^""]*""[^""]*"")*[^""]*$)", string.Empty);
bodyValue = bodyValue.Replace("\r\n", "").Replace(" : ", ":").Replace("\n ", "").Replace("\n", "").Replace(": ", ":").Replace(", ", ",");
queryDic.Add("body", bodyValue);
}
var dicOrder = queryDic.OrderBy(s => s.Key, StringComparer.Ordinal).ToList();
StringBuilder requestStr = new StringBuilder();
for (int i = 0; i < dicOrder.Count(); i++)
{
if (i == dicOrder.Count() - 1)
{
requestStr.Append($"{dicOrder[i].Key}={dicOrder[i].Value}");
}
else
{
requestStr.Append($"{dicOrder[i].Key}={dicOrder[i].Value}&");
}
}
var utf8Request = SignCommon.GetUtf8(requestStr.ToString());
var result = _verifySignCommon.GetSignhHash(utf8Request, _verifySignCommon.GetSignSecret(appIdString), encryptEnum);
if (_verifySignOption.IsDebug)
{
_logger.LogInformation($"请求接口地址:{request.Request.Path}");
_logger.LogInformation($"拼装排序后的值{Convert.ToBase64String(Encoding.Default.GetBytes(utf8Request))}");
_logger.LogInformation($"摘要比对: {result}----{signvalue }");
}
else if (signvalue != result)
{
_logger.LogWarning(@$ "摘要被篡改:[iphide]----{signvalue }
查看详情,请设置VerifySignOption节点的IsDebug为true");
}
if (signvalue == result)
{
return(Tuple.Create <bool, string>(true, "签名通过"));
}
return(Tuple.Create <bool, string>(false, "签名异常,请求非法"));
}
catch (Exception ex)
{
_logger.LogError(ex, "签名异常");
return(Tuple.Create <bool, string>(false, "签名异常"));
}
}
public AutoValidationOperationFilterTests()
{
testedFilter = new AutoValidationOperationFilter();
schemaGenerator = new Mock <ISchemaGenerator>();
}
public SwaggerSpecConfig OperationFilter(IOperationFilter operationFilter)
{
OperationFilters.Add(operationFilter);
return(this);
}
/// <summary>
/// Initializes a new instance of the <see cref="RestierOperationExecutor"/> class.
/// </summary>
/// <param name="operationAuthorizer">The operation authorizer to be used for authorization.</param>
/// <param name="operationFilter">The operation filter to be used for filtering.</param>
public RestierOperationExecutor(IOperationAuthorizer operationAuthorizer, IOperationFilter operationFilter)
{
this.operationAuthorizer = operationAuthorizer;
this.operationFilter = operationFilter;
}
public DescriptionOperationFilterTests()
{
sut = new DescriptionOperationFilter();
}
public SecurityRequirementsOperationFilterTests()
{
sut = new SecurityRequirementsOperationFilter();
}
/// <summary>
/// Post:(从头排序后+body json整体 )hash
/// </summary>
/// <param name="context"></param>
/// <param name="requestCacheData"></param>
/// <returns></returns>
public async Task InvokeAsync(HttpContext context, RequestCacheData requestCacheData, VerifySignOption verifySignOption, IOperationFilter _verifySignCommon)
{
if (!context.Request.Path.Value.ToLower().StartsWith("/api"))
{
await _next(context);
return;
}
var endpoint = context.Features.Get <IEndpointFeature>()?.Endpoint;
if (endpoint != null)
{
if (endpoint.Metadata
.Any(m => m is IgnoreSignAttribute))
{
_logger.LogInformation($"{context.Request.Path.Value}路径已绕过签名;如设置了必须签名依旧没命中,请检查HTTP method是否匹配;Method={context.Request.Method}");
await _next(context);
return;
}
}
context.Request.EnableBuffering();
var result = await GetSignValue(context, requestCacheData, verifySignOption, _verifySignCommon);
if (verifySignOption.IsForce && !result.Item1)
{
if (!context?.Response.HasStarted ?? false)
{
context.Response.StatusCode = StatusCodes.Status403Forbidden;
context.Response.ContentType = "application/text";
}
await context.Response.WriteAsync(result.Item2);
await Task.CompletedTask;
return;
}
else
{
goto gotoNext;
}
gotoNext:
await _next(context);
}
public AppendAuthorizeToSummaryOperationFilterTests()
{
sut = new AppendAuthorizeToSummaryOperationFilter();
}
public ReplyOnExceptionOperationFilterTests()
{
testedFilter = new ReplyOnExceptionOperationFilter();
schemaGenerator = new Mock <ISchemaGenerator>();
}