Swagger基础认真限定范围测试

2024-04-19 14:00:38 +08:00 · 2024-04-19 14:00:38 +08:00 · 3d338ea7cc
commit 3d338ea7cc
parent d27d4bec62
1 changed files with 6 additions and 3 deletions
--- a/Falcon.SugarApi/Swagger/SwaggerBasicAuthMiddleware.cs
+++ b/Falcon.SugarApi/Swagger/SwaggerBasicAuthMiddleware.cs
@ -1,7 +1,6 @@
 using Microsoft.AspNetCore.Http;
 using System;
 using System.Collections.Generic;
-using System.Linq;
 using System.Net;
 using System.Net.Http.Headers;
 using System.Text;
@ -11,6 +10,7 @@ namespace Falcon.SugarApi.Swagger
 {
    /// <summary>
    /// Swagger接口基础认证
+    /// <para>安全认证只对swagger接口页面进行保护</para>
    /// </summary>
    public class SwaggerBasicAuthMiddleware
    {
@ -47,12 +47,15 @@ namespace Falcon.SugarApi.Swagger
                await ToNext(context);
                return;
            }
+            var protectPaths = new List<string> { };
            var pf = this.Options.Prefix.StartsWith("/") ? this.Options.Prefix : "/" + this.Options.Prefix;
-            if(!context.Request.Path.StartsWithSegments(pf)) {
+            protectPaths.Add(pf);
+            protectPaths.Add(pf + "/index.html");
+            if(!protectPaths.Contains(context.Request.Path)) {
                await ToNext(context);
                return;
            }
-            string authHeader = context.Request.Headers["Authorization"];
+            string? authHeader = context.Request.Headers["Authorization"];
            if(authHeader == null || !authHeader.StartsWith("Basic ")) {
                needAuth(context);
                return;