Swagger API中的JWT身份验证工具?

时间:2019-03-15 10:51:52

标签: swagger swagger-2.0 swagger-codegen swagger-editor

嗨,我正在使用带有nodejs的Swager APi。我是这项技术的新手。我在代码中遇到问题。 试图实现JWT令牌身份验证,但不幸的是我被困住了,不知道如何解决这个问题。我收到403错误。我在下面添加了我的代码和错误。所以请让我知道是否有人知道。

Swagger.yml

swagger: "2.0"
info:
  version: "0.0.1"
  title: Movie DB
# during dev, should point to your local machine
host: localhost:8000
# basePath prefixes all resource paths 
basePath: /
# 
schemes:
  # tip: remove http to make production-grade
  - http
  - https
# format of bodies a client can send (Content-Type)
securityDefinitions:
  Bearer:
    type: apiKey
    name: Authorization
    in: header

consumes:
  - application/json
  - text/html
# format of the responses to the client (Accepts)
produces:
  - application/json
paths:
  /movies:
    # binds a127 app logic to a route
    x-swagger-router-controller: movies
    get:
      security:
        - Bearer: []
      x-security-scopes:
      - admin
      description: Returns 'Hello' to the caller
      # used as the method name of the controller
      operationId: index
      parameters:
        - name: name
          in: query
          description: The name of the person to whom to say hello
          required: false
          type: string
      responses:
        "200":
          description: Success
          schema:
            # a pointer to a definition
            $ref: "#/definitions/MovieListBody"
        # responses may fall through to errors
        default:
          description: Error
          schema:
            $ref: "#/definitions/ErrorResponse"
    post:
      description: Creates a new movie entry
      operationId: create
      parameters:
        - name: movie
          required: true
          in: body
          description: a new movie details
          schema:
            $ref: "#/definitions/MovieBody"
      responses:
        "200":
          description: a successfully stored movie details
          schema:
            $ref: "#/definitions/MovieBody"
        default:
          description: Error
          schema:
            $ref: "#/definitions/ErrorResponse"

  /movies/{id}:
    x-swagger-router-controller: movies
    get:
      description: get movie
      operationId: show
      parameters:
        - name: id
          required: true
          in: path
          description: get particular movie details
          type: string
      responses:
        "200":
          description: Sucess
          schema:
            $ref: "#/definitions/MovieBody"
        default:
          description: Error
          schema:
            $ref: "#/definitions/ErrorResponse"

    put:
      description: Update Movie
      operationId: update
      parameters:
        - name: id
          required: true
          in: path
          type: string
        - name: movie
          required: true
          in: body
          description: an updated movie details
          schema:
            $ref: "#/definitions/MovieBody"
      responses:
        "200":
          description: Sucess
          schema:
            $ref: "#/definitions/MovieBody"
        default:
          description: Error
          schema:
            $ref: "#/definitions/ErrorResponse"


    delete:
      description: Delete Single Record
      operationId: deleted
      parameters:
        - name: id
          required: true
          in: path
          description: remove single record in db
          type: string
      responses:
        "200":
          description: Sucess
          schema:
            $ref: "#/definitions/MovieBody"
        default:
          description: Error
          schema:
            $ref: "#/definitions/ErrorResponse"

  /login:
    x-swagger-router-controller: movies
    post:
      description: Get Jwt Authentication Token
      operationId: login
      parameters:
        - name: Userdetails
          required: true
          in: body
          description: Jwt Auth token
          schema:
            $ref: "#/definitions/LoginBody"
      responses:
        "200":
          description: Sucess
          schema:
            $ref: "#/definitions/LoginBody"
        default:
          description: Error
          schema:
            $ref: "#/definitions/ErrorResponse"





definitions:
  MovieListBody:
    required:
      - movies
    properties:
      movies:
        type: array
        items:
          $ref: "#/definitions/Movie"

  Movie:
    required:
      - title
      - gener
      - year
    properties:
      title:
        type: string
      gener:
        type: string
      year:
        type: integer


  Login:
    required:
      - id
      - name
      - company
    properties:
      id:
        type: integer
      name:
        type: string
      company:
        type: string


  MovieBody:
    required:
      - movies
    properties:
      movies:
          $ref: "#/definitions/Movie"

  LoginBody:
    required:
      - details
    properties:
      details:
          $ref: "#/definitions/Login"


  ErrorResponse:
    required:
      - message
    properties:
      message:
        type: string

Controller.js

'use strict';

var Movie = require('../models/movies')
var MongoClient = require('mongodb').MongoClient;
var jwt = require('jsonwebtoken')
const redis = require('redis');



const client = redis.createClient()
client.on('connect', function () {
    console.log('Redis client connected');
});

client.on('error', function (err) {
    console.log('Something went wrong ' + err);
});

var db;


module.exports = {index, create, show, update, deleted};


//Get Method:
function index(req,res,next)
{
    console.log("hai")
    var token = VerifyToken(req,res,next)
    jwt.verify(req.token, 'secretkey', (err, authdata) => {
        if (err) {
            console.log(err)
        }
        else {
            client.hgetall('products', (err, results) => {
                if (results) {
                    res.send(results)
                }
                else {
                    db.collection('Ecommerce').find(30).toArray((err, results) => {
                        const ttl = 0
                        client.hmset('products', results, ttl)

                        res.send(results)
                    });
                }
            })
            // db.collection('Ecommerce').find().toArray( (err, results) => {
            //     res.send(results)
            //   });
        }
    })
}

//Post Method:
function create(req,res,next)
{
    var movie = res.json(req.body)
        //res.json(movie)
        db.collection('Ecommerce').save(movie, (err, result) => {
            if (err) return console.log(err)

            res.send("Inserted Scessfully")
        })
}


//Get Particulardata
function show(req,res,next)
{
    var number = parseInt(req.swagger.params.id.value)
       db.collection('Ecommerce').find({ "id":number}).toArray((err, result) => {
           console.log(result)
        res.send(result)
    })   
}

//Update Method
function update(req,res,next)
{
    var number = parseInt(req.swagger.params.id.value)
        db.collection("Ecommerce").update({ "id": number }, { $set: { 'title': req.body.movies.title } }, (err, result) => {
            res.send('user updated sucessfully');
        });
}


//Delete Method
function deleted(req,res,next)
{
    var number = parseInt(req.swagger.params.id.value)
        db.collection('Ecommerce').deleteOne({ "id": number }, (err, result) => {


        });
}


//Login Method
function login(req,res,next)
{
    const user = req.body.details
    jwt.sign({ user }, 'secretkey', { expiresIn: '30m' }, (err, token) => {
        res.json({ token })
        console.log({ token })
    })

}

面对的问题

{
  "message": "unknown security handler: Bearer",
  "code": "server_error",
  "statusCode": 403
}

1 个答案:

答案 0 :(得分:1)

有些陈旧,但如果它可以帮助其他人,我认为您的安全定义配置错误。

根据有关Bearer authentication的Swagger文档,您应该使用以下配置:

securityDefinitions:
  bearerAuth:
    type: http
    scheme: bearer
    bearerFormat: JWT