在CentOS系统上调试Swagger主要涉及到安装和配置Swagger相关工具,以及使用这些工具进行API文档生成和测试。以下是一些有用的技巧和步骤:
yum install -y nodejs npm
mkdir /opt/swagger
cd /opt/swagger
wget https://github.com/swagger-api/swagger-editor/archive/refs/tags/v3.14.0.tar.gz
tar -xzf v3.14.0.tar.gz
cd swagger-editor-3.14.0
npm install -g http-server
http-server -p 8080
访问 http://localhost:8080
确认可以访问。
go get -u github.com/swaggo/swag/cmd/swag
@Configuration
@EnableSwagger2
public class SwaggerConfig {
@Bean
public Docket createRestApi() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.basePackage("com.example.demo"))
.paths(PathSelectors.any())
.build()
.globalOperationParameters(parameterBuilder());
}
private ParameterBuilder parameterBuilder() {
ParameterBuilder ticketPar = new ParameterBuilder();
List<Parameter> pars = new ArrayList<>();
ticketPar.name("token")
.description("用户票据")
.modelRef(new ModelRef("string"))
.parameterType("header")
.required(false)
.build();
pars.add(ticketPar.build());
return ticketPar;
}
}
启动Spring Boot应用后,访问 http://localhost:8080/swagger-ui.html
。
swagger.yaml
或 swagger.json
)。编辑 custom.js
文件,自动获取并设置token:
const originalFetch = window.fetch;
window.fetch = function(...args) {
const [resource, config] = args;
return originalFetch.apply(this, args).then(response => {
const requestUrl = new URL(response.url, window.location.origin).pathname;
if (requestUrl.endsWith("/login")) {
return response.clone().json().then(data => {
const token = data.result.token;
if (token) {
console.log("Token received via fetch override:", token);
authorizeSwagger(token);
} else {
console.warn("Token not found in login response.");
}
return response;
});
}
return response;
});
};
function authorizeSwagger(token) {
const bearerToken = 'Bearer ' + token;
console.log("Setting Swagger UI Authorization with token:", bearerToken);
if (window.ui && window.ui.authActions) {
window.ui.authActions.authorize({
Bearer: {
name: 'Bearer',
schema: {
type: 'apiKey',
in: 'header',
name: 'Authorization',
description: 'Value: ' + bearerToken,
},
},
});
console.log("Authorization set successfully");
} else {
console.warn("Swagger UI authActions not available yet.");
}
}
将 custom.js
文件放入 swagger-ui/wwwroot
目录下,并启用静态文件服务。
使用Burp Suite作为上游代理,捕获Swagger UI的请求并测试接口安全性。
通过以上步骤和技巧,可以在CentOS系统上高效地调试Swagger,确保API文档的准确性和安全性。