centos

centos swagger调试技巧

小樊
95
2025-02-14 04:37:20
栏目: 智能运维

在CentOS系统上调试Swagger主要涉及到安装和配置Swagger相关工具,以及使用这些工具进行API文档生成和测试。以下是一些有用的技巧和步骤:

安装Swagger

  1. 安装Node.js和npm
yum install -y nodejs npm
  1. 安装Swagger Editor和Swagger UI
mkdir /opt/swagger
cd /opt/swagger
wget https://github.com/swagger-api/swagger-editor/archive/refs/tags/v3.14.0.tar.gz
tar -xzf v3.14.0.tar.gz
cd swagger-editor-3.14.0
npm install -g http-server
http-server -p 8080

访问 http://localhost:8080 确认可以访问。

  1. 安装Swagger Codegen(可选):
go get -u github.com/swaggo/swag/cmd/swag

配置Swagger

  1. 添加Swagger依赖(以Spring Boot为例):
@Configuration
@EnableSwagger2
public class SwaggerConfig {
    @Bean
    public Docket createRestApi() {
        return new Docket(DocumentationType.SWAGGER_2)
            .select()
            .apis(RequestHandlerSelectors.basePackage("com.example.demo"))
            .paths(PathSelectors.any())
            .build()
            .globalOperationParameters(parameterBuilder());
    }

    private ParameterBuilder parameterBuilder() {
        ParameterBuilder ticketPar = new ParameterBuilder();
        List<Parameter> pars = new ArrayList<>();
        ticketPar.name("token")
            .description("用户票据")
            .modelRef(new ModelRef("string"))
            .parameterType("header")
            .required(false)
            .build();
        pars.add(ticketPar.build());
        return ticketPar;
    }
}
  1. 访问Swagger UI

启动Spring Boot应用后,访问 http://localhost:8080/swagger-ui.html

调试技巧

  1. 使用Swagger Editor快速生成API文档
  1. 自动化授权

编辑 custom.js 文件,自动获取并设置token:

const originalFetch = window.fetch;
window.fetch = function(...args) {
    const [resource, config] = args;
    return originalFetch.apply(this, args).then(response => {
        const requestUrl = new URL(response.url, window.location.origin).pathname;
        if (requestUrl.endsWith("/login")) {
            return response.clone().json().then(data => {
                const token = data.result.token;
                if (token) {
                    console.log("Token received via fetch override:", token);
                    authorizeSwagger(token);
                } else {
                    console.warn("Token not found in login response.");
                }
                return response;
            });
        }
        return response;
    });
};

function authorizeSwagger(token) {
    const bearerToken = 'Bearer ' + token;
    console.log("Setting Swagger UI Authorization with token:", bearerToken);
    if (window.ui && window.ui.authActions) {
        window.ui.authActions.authorize({
            Bearer: {
                name: 'Bearer',
                schema: {
                    type: 'apiKey',
                    in: 'header',
                    name: 'Authorization',
                    description: 'Value: ' + bearerToken,
                },
            },
        });
        console.log("Authorization set successfully");
    } else {
        console.warn("Swagger UI authActions not available yet.");
    }
}

custom.js 文件放入 swagger-ui/wwwroot 目录下,并启用静态文件服务。

  1. 结合Burp Suite进行安全测试

使用Burp Suite作为上游代理,捕获Swagger UI的请求并测试接口安全性。

通过以上步骤和技巧,可以在CentOS系统上高效地调试Swagger,确保API文档的准确性和安全性。

0
看了该问题的人还看了