From 009689449d2b9e9dd3cd5314ce3bdf6ebdb743eb Mon Sep 17 00:00:00 2001
From: YuukanOO <julien+github@leicher.me>
Date: Mon, 21 Dec 2020 16:47:43 +0100
Subject: [PATCH] add authentication in swagger ui

---
 Apps/Api/Controllers/AccountsController.cs |  8 +----
 Apps/Api/Controllers/LinksController.cs    |  4 +++
 Apps/Api/Startup.cs                        | 34 +++++++++++++++++++-
 Apps/Api/swagger.json                      | 36 +++++++++-------------
 4 files changed, 52 insertions(+), 30 deletions(-)

diff --git a/Apps/Api/Controllers/AccountsController.cs b/Apps/Api/Controllers/AccountsController.cs
index ef3b315..4a29fb9 100644
--- a/Apps/Api/Controllers/AccountsController.cs
+++ b/Apps/Api/Controllers/AccountsController.cs
@@ -1,6 +1,5 @@
 using System;
 using System.IdentityModel.Tokens.Jwt;
-using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Api.Models;
@@ -27,13 +26,8 @@ namespace Api.Controllers
       _tokenParameters = tokenParameters;
     }
 
-    [Authorize]
-    public IActionResult GetUsers()
-    {
-      return Ok(_usersManager.Users.ToArray());
-    }
-
     [HttpPost("login")]
+    [AllowAnonymous]
     public async Task<IActionResult> Login(LoginViewModel command)
     {
       var user = await _usersManager.FindByNameAsync(command.Username);
diff --git a/Apps/Api/Controllers/LinksController.cs b/Apps/Api/Controllers/LinksController.cs
index d53038f..f67cce6 100644
--- a/Apps/Api/Controllers/LinksController.cs
+++ b/Apps/Api/Controllers/LinksController.cs
@@ -4,6 +4,7 @@ using Api.Models;
 using HN.Application;
 using HN.Domain;
 using MediatR;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
@@ -26,6 +27,7 @@ namespace Api.Controllers
     /// <returns></returns>
     [ProducesResponseType(typeof(LinkDto[]), StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status400BadRequest)]
+    [AllowAnonymous]
     public async Task<IActionResult> GetLinks()
     {
       return Ok(await _bus.Send(new ListLinksQuery()));
@@ -36,6 +38,7 @@ namespace Api.Controllers
     /// </summary>
     /// <param name="id"></param>
     [HttpGet("{id}")]
+    [AllowAnonymous]
     public async Task<ActionResult<LinkDto>> GetLinkById(Guid id)
     {
       return Ok(await _bus.Send(new GetLinkQuery(id)));
@@ -73,6 +76,7 @@ namespace Api.Controllers
     /// <param name="id"></param>
     /// <returns></returns>
     [HttpGet("{id}/comments")]
+    [AllowAnonymous]
     public async Task<ActionResult<CommentDto[]>> Comments(Guid id)
     {
       return Ok(await _bus.Send(new GetLinkCommentsQuery(id)));
diff --git a/Apps/Api/Startup.cs b/Apps/Api/Startup.cs
index fb524d5..545a609 100644
--- a/Apps/Api/Startup.cs
+++ b/Apps/Api/Startup.cs
@@ -1,3 +1,4 @@
+using System.Linq;
 using System.Text;
 using HN.Infrastructure;
 using HN.Infrastructure.Identity;
@@ -6,11 +7,14 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Microsoft.IdentityModel.Tokens;
+using NSwag;
+using NSwag.Generation.Processors.Security;
 
 namespace Api
 {
@@ -62,13 +66,41 @@ namespace Api
           o.TokenValidationParameters = tokenParams;
         });
 
-      services.AddControllers();
+      services.AddControllers(o =>
+      {
+        o.Filters.Add(new AuthorizeFilter());
+      });
+
       services.AddSwaggerDocument(d =>
       {
+        // cf. https://github.com/RicoSuter/NSwag/wiki/AspNetCore-Middleware#enable-authentication-in-generator-and-swagger-ui
+
+        // Ajoute un type de sécurité à tout le document
+        d.AddSecurity("JWT", Enumerable.Empty<string>(), new OpenApiSecurityScheme()
+        {
+          Type = OpenApiSecuritySchemeType.ApiKey,
+          Name = "Authorization",
+          In = OpenApiSecurityApiKeyLocation.Header,
+          Description = "Type into the textbox: Bearer {your JWT token}."
+        });
+
+        // d.DocumentProcessors.Add(new SecurityDefinitionAppender("JWT", new OpenApiSecurityScheme
+        // {
+        //   Type = OpenApiSecuritySchemeType.ApiKey,
+        //   Name = "Authorization",
+        //   In = OpenApiSecurityApiKeyLocation.Header,
+        //   Description = "Type into the textbox: Bearer {your JWT token}."
+        // }));
+
+        // Permet la génération des info de sécurité par réflexion (attribut Authorize)
+        // Fonctionne mal avec les filtres par défaut ...
+        d.OperationProcessors.Add(new AspNetCoreOperationSecurityScopeProcessor("JWT"));
+
         d.PostProcess = od =>
         {
           od.Info.Title = "Hacker news like API in .Net";
         };
+
         d.SchemaType = NJsonSchema.SchemaType.OpenApi3;
       });
     }
diff --git a/Apps/Api/swagger.json b/Apps/Api/swagger.json
index e8d9d6e..d16fda3 100644
--- a/Apps/Api/swagger.json
+++ b/Apps/Api/swagger.json
@@ -6,27 +6,6 @@
     "version": "1.0.0"
   },
   "paths": {
-    "/api/accounts": {
-      "get": {
-        "tags": [
-          "Accounts"
-        ],
-        "operationId": "Accounts_GetUsers",
-        "responses": {
-          "200": {
-            "description": "",
-            "content": {
-              "application/octet-stream": {
-                "schema": {
-                  "type": "string",
-                  "format": "binary"
-                }
-              }
-            }
-          }
-        }
-      }
-    },
     "/api/accounts/login": {
       "post": {
         "tags": [
@@ -421,6 +400,19 @@
           }
         }
       }
+    },
+    "securitySchemes": {
+      "JWT": {
+        "type": "apiKey",
+        "description": "Type into the textbox: Bearer {your JWT token}.",
+        "name": "Authorization",
+        "in": "header"
+      }
     }
-  }
+  },
+  "security": [
+    {
+      "JWT": []
+    }
+  ]
 }
\ No newline at end of file