@nestjs/swagger不设置授权标头

vd2z7a6w  于 2023-03-02  发布在  其他
关注(0)|答案(2)|浏览(190)

无法使用@nestjs/swagger@5.0.9在路由中授权,因为我没有正确地使用t know how to configure the文档,并且在授权官方文档/ stackoverflow / github中找不到可行的答案。
我在swagger中偶然发现了一个JWT授权的问题,我使用"@nestjs/swagger": "^5.0.9",在我从一个公共路由获得我的访问令牌之后,我将它插入到swagger用户界面字段“Authorize”中,该字段是用.addBearerAuth()方法配置的,在这个版本(5.0.9)中,该方法具有以下签名

addBearerAuth(options?: SecuritySchemeObject, name?: string)

而不是它的较低版本。
我已经在Postman中测试了我的API,我很容易获得授权,我还创建了一个intersector,它在路由调用之前打印头,但不幸的是,它只在我调用公共路由时打印头:/
我只知道 Postman 设置了一个持有者令牌,它会抛出路线,而没有类似的事情发生在 Swagger 。
我已经尝试了很多这种配置的组合,但我还没有得到一个解决方案,结果我得到授权,在我的路由方法,从swagger我不能达到它,因为 *swagger授权是不设置授权头的情况下,一个坏的配置或我做了一些完全错误的。
addBearerAuth的配置位置较低:

// swagger config
...
const config = new DocumentBuilder()
    .setTitle('SWAGGER API')
    .setVersion('1.0.0')
    .addBearerAuth(
      { 
        // I was also testing it without prefix 'Bearer ' before the JWT
        description: `[just text field] Please enter token in following format: Bearer <JWT>`,
        name: 'Authorization',
        bearerFormat: 'Bearer', // I`ve tested not to use this field, but the result was the same
        scheme: 'Bearer',
        type: 'http', // I`ve attempted type: 'apiKey' too
        in: 'Header'
      },
      'access-token',
    )
    .build();
...

我的控制器中的一个路由示例。与一个@ApiBearerAuth()装饰器匹配,该装饰器正在与一个趾高气扬的人交谈,该方法是在没有授权的情况下无法访问的。

@Get('/some-route')
@ApiBearerAuth()
@UseGuards(JwtAuthenticationGuard)
getData(
  @ReqUser() user: User,
): void {
  this.logger.warn({user});
}
b4lqfgs4

b4lqfgs41#

如果我理解了您的问题,您需要在控制器中指定您使用的是哪一个承载令牌。

// swagger config
...
const config = new DocumentBuilder()
    .setTitle('SWAGGER API')
    .setVersion('1.0.0')
    .addBearerAuth(
      { 
        // I was also testing it without prefix 'Bearer ' before the JWT
        description: `[just text field] Please enter token in following format: Bearer <JWT>`,
        name: 'Authorization',
        bearerFormat: 'Bearer', // I`ve tested not to use this field, but the result was the same
        scheme: 'Bearer',
        type: 'http', // I`ve attempted type: 'apiKey' too
        in: 'Header'
      },
      'access-token', // This name here is important for matching up with @ApiBearerAuth() in your controller!
    )
    .build();
...

在您的控制器中:

@Get('/some-route')
@ApiBearerAuth('access-token') //edit here
@UseGuards(JwtAuthenticationGuard)
getData(
  @ReqUser() user: User,
): void {
  this.logger.warn({user});
}
ix0qys7i

ix0qys7i2#

您可以忽略@ApiBearerAuth()的名称和参数

const config = new DocumentBuilder()
.setTitle('SWAGGER API')
.setVersion('1.0.0')
.addBearerAuth(
  { 
    // I was also testing it without prefix 'Bearer ' before the JWT
    description: `[just text field] Please enter token in following format: Bearer <JWT>`,
    name: 'Authorization',
    bearerFormat: 'Bearer', // I`ve tested not to use this field, but the result was the same
    scheme: 'Bearer',
    type: 'http', // I`ve attempted type: 'apiKey' too
    in: 'Header'
  }
)
.build();

在您的控制器中:

@Get('/some-route')
@ApiBearerAuth() //edit here
@UseGuards(JwtAuthenticationGuard)
getData(
   @ReqUser() user: User,
): void {
  this.logger.warn({user});
}

相关问题