Merge pull request #108 from acjh/patch-6

Add swagger security definitions and requirements

Author: ismcagdas

aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Host/Startup/SecurityRequirementsOperationFilter.cs

@@ -0,0 +1,48 @@
+using Abp.Authorization;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.Options;
+using Swashbuckle.AspNetCore.Swagger;
+using Swashbuckle.AspNetCore.SwaggerGen;
+using System.Collections.Generic;
+using System.Linq;
+
+namespace AbpCompanyName.AbpProjectName.Web.Host.Startup
+{
+    public class SecurityRequirementsOperationFilter : IOperationFilter
+    {
+        private readonly IOptions<AuthorizationOptions> authorizationOptions;
+
+        public SecurityRequirementsOperationFilter(IOptions<AuthorizationOptions> authorizationOptions)
+        {
+            this.authorizationOptions = authorizationOptions;
+        }
+
+        public void Apply(Operation operation, OperationFilterContext context)
+        {
+            var controllerPermissions = context.ApiDescription.ControllerAttributes()
+                .OfType<AbpAuthorizeAttribute>()
+                .Select(attr => attr.Permissions);
+
+            var actionPermissions = context.ApiDescription.ActionAttributes()
+                .OfType<AbpAuthorizeAttribute>()
+                .Select(attr => attr.Permissions);
+
+            var permissions = controllerPermissions.Union(actionPermissions).Distinct()
+                .SelectMany(p => p);
+
+            if (permissions.Any())
+            {
+                operation.Responses.Add("401", new Response { Description = "Unauthorized" });
+                operation.Responses.Add("403", new Response { Description = "Forbidden" });
+
+                operation.Security = new List<IDictionary<string, IEnumerable<string>>>
+                {
+                    new Dictionary<string, IEnumerable<string>>
+                    {
+                        { "bearerAuth", permissions }
+                    }
+                };
+            }
+        }
+    }
+}

aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Host/Startup/Startup.cs

@@ -64,6 +64,17 @@ public IServiceProvider ConfigureServices(IServiceCollection services)
             {
                 options.SwaggerDoc("v1", new Info { Title = "AbpProjectName API", Version = "v1" });
                 options.DocInclusionPredicate((docName, description) => true);
+
+                // Define the BearerAuth scheme that's in use
+                options.AddSecurityDefinition("bearerAuth", new ApiKeyScheme()
+                {
+                    Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
+                    Name = "Authorization",
+                    In = "header",
+                    Type = "apiKey"
+                });
+                // Assign scope requirements to operations based on AuthorizeAttribute
+                options.OperationFilter<SecurityRequirementsOperationFilter>();
             });
 
             //Configure Abp and Dependency Injection