swagger filters

2025-07-23 09:15:14 +02:00
parent af72dda917
commit ddcdc599d1
2 changed files with 101 additions and 2 deletions
--- a/Webshop.Api/Program.cs
+++ b/Webshop.Api/Program.cs
@@ -11,6 +11,8 @@ using Webshop.Infrastructure.Data;
 using Webshop.Infrastructure.Repositories;
 using Microsoft.AspNetCore.HttpOverrides; 
 using Microsoft.Extensions.Logging;
+using Microsoft.OpenApi.Models;
+using Webshop.Api.SwaggerFilters;

 var builder = WebApplication.CreateBuilder(args);

@@ -70,7 +72,39 @@ builder.Services.AddScoped<AdminProductService>();
 // 5. Controller und Swagger/OpenAPI hinzuf<75>gen
 builder.Services.AddControllers();
 builder.Services.AddEndpointsApiExplorer();
-builder.Services.AddSwaggerGen();
+
+builder.Services.AddSwaggerGen(c =>
+{
+    // 1. JWT Security Definition hinzuf<75>gen
+    c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
+    {
+        Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
+        Name = "Authorization",
+        In = ParameterLocation.Header, // Der Token wird im Header gesendet
+        Type = SecuritySchemeType.Http, // Dies ist ein HTTP-Schema
+        Scheme = "Bearer" // Das Schema ist "Bearer"
+    });
+
+    // 2. Security Requirement f<>r alle Operationen hinzuf<75>gen
+    c.AddSecurityRequirement(new OpenApiSecurityRequirement
+    {
+        {
+            new OpenApiSecurityScheme
+            {
+                Reference = new OpenApiReference
+                {
+                    Type = ReferenceType.SecurityScheme,
+                    Id = "Bearer" // Verweist auf die oben definierte "Bearer" Sicherheit
+                }
+            },
+            new string[] {} // Keine spezifischen "Scopes" f<>r JWT (leer lassen)
+        }
+    });
+
+    // 3. Optional: Filtern und Anzeigen von Autorisierungsinformationen (Rollen)
+    // Damit Swagger die "Authorize"-Informationen von Ihren Controllern anzeigt.
+    c.OperationFilter<AuthorizeOperationFilter>();
+});

 // --- ENDE: DIENSTE ZUM CONTAINER HINZUF<55>GEN ---

--- a/Webshop.Api/SwaggerFilters/AuthorizeOperationFilter.cs
+++ b/Webshop.Api/SwaggerFilters/AuthorizeOperationFilter.cs
@@ -0,0 +1,65 @@
+// src/Webshop.Api/SwaggerFilters/AuthorizeOperationFilter.cs
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.OpenApi.Models;
+using Swashbuckle.AspNetCore.SwaggerGen;
+using System.Linq; // Für .Any(), .Union(), .Select()
+using System.Collections.Generic; // Für List<string>
+
+namespace Webshop.Api.SwaggerFilters
+{
+    public class AuthorizeOperationFilter : IOperationFilter
+    {
+        public void Apply(OpenApiOperation operation, OperationFilterContext context)
+        {
+            // Überprüfe, ob die Methode oder der Controller ein [Authorize]-Attribut hat
+            // und kein [AllowAnonymous]-Attribut.
+            var authorizeAttributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true)
+                .Union(context.MethodInfo.GetCustomAttributes(true))
+                .OfType<AuthorizeAttribute>();
+
+            var allowAnonymousAttributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true)
+                .Union(context.MethodInfo.GetCustomAttributes(true))
+                .OfType<AllowAnonymousAttribute>();
+
+            // Wenn Authorize-Attribute vorhanden sind UND kein AllowAnonymous-Attribut (für die Operation)
+            if (authorizeAttributes.Any() && !allowAnonymousAttributes.Any())
+            {
+                // Füge ein "lock" Symbol in Swagger UI hinzu
+                operation.Security = new List<OpenApiSecurityRequirement>
+                {
+                    new OpenApiSecurityRequirement
+                    {
+                        {
+                            new OpenApiSecurityScheme
+                            {
+                                Reference = new OpenApiReference
+                                {
+                                    Type = ReferenceType.SecurityScheme,
+                                    Id = "Bearer" // Verweis auf die JWT-Definition in Program.cs
+                                }
+                            },
+                            new List<string>() // Scopes, hier leer für JWT
+                        }
+                    }
+                };
+
+                // Füge Rolleninformationen zur Beschreibung des Endpunkts hinzu (optional, aber hilfreich)
+                var requiredRoles = authorizeAttributes
+                    .Select(attr => attr.Roles)
+                    .Where(roles => !string.IsNullOrWhiteSpace(roles))
+                    .SelectMany(roles => roles.Split(','))
+                    .Distinct()
+                    .ToList();
+
+                if (requiredRoles.Any())
+                {
+                    operation.Summary += $" (Auth Required: {string.Join(", ", requiredRoles)})";
+                }
+                else
+                {
+                    operation.Summary += " (Auth Required)";
+                }
+            }
+        }
+    }
+}