ERP.Core/Controller/AuthController.cs

@@ -11,7 +11,7 @@ using Swashbuckle.AspNetCore.Annotations;
 
 namespace ERP.Core.Controller
 {
-    [Route("/auth")]
+    [Route("auth")]
     public class AuthController : BaseController
     {
         private readonly IConfiguration _configuration;
@@ -23,7 +23,7 @@ namespace ERP.Core.Controller
             _authService = authService;
         }
 
-        [HttpPost("/login")]
+        [HttpPost("login")]
         [SwaggerOperation(Description = "登录接口", Summary = "Login")]
         public IActionResult LoginAsync([FromBody] LoginBody form)
         {

ERP.Core/Controller/SysUserController.cs

@@ -5,7 +5,7 @@ using Microsoft.Extensions.Configuration;
 
 namespace ERP.Core.Controller
 {
-    [Route("/sys-user")]
+    [Route("sys-user")]
     public class SysUserController : BaseController
     {
         private readonly IConfiguration _configuration;

ERP.Framework/Constants/AuthConstant.cs

@@ -8,6 +8,11 @@ namespace ERP.Framework.Constants
 {
     public class AuthConstant
     {
+        /// <summary>
+        /// 权鉴 Hearder 
+        /// </summary>
+        public const string HEADER = "Authorization";
+
         /// <summary>
         /// 登录用户密码错误
         /// </summary>

ERP.Framework/Extensions/SwaggerExtension.cs

@@ -2,6 +2,7 @@
 // <date></date>
 // <description></description>
 
+using ERP.Framework.Constants;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.OpenApi.Models;
 using Swashbuckle.AspNetCore.Annotations;
@@ -20,10 +21,27 @@ namespace ERP.Framework.Extensions
         {
             services.AddSwaggerGen(options =>
             {
+                var openApiSecurityScheme = new OpenApiSecurityScheme
+                {
+                    Reference = new OpenApiReference
+                    {
+                        Type = ReferenceType.SecurityScheme,
+                        Id = AuthConstant.HEADER
+                    },
+                    Scheme = "oauth2",
+                    Name = AuthConstant.HEADER,
+                    In = ParameterLocation.Header,
+                    Type = SecuritySchemeType.ApiKey
+                };
+
+                var securityRequirement = new OpenApiSecurityRequirement { [openApiSecurityScheme] = new List<string>() };
+
                 // 设置 Swagger UI 的标题和版本 (描述,联系人,许可证)
                 options.SwaggerDoc("v1", new OpenApiInfo { Title = "ERP", Version = "v1" });
                 // 安全方案
-                //options.AddSecurityDefinition()
+                options.AddSecurityDefinition(AuthConstant.HEADER, openApiSecurityScheme);
+                // 请求头
+                options.AddSecurityRequirement(securityRequirement);
                 // 自定义逻辑
                 options.OperationFilter<SwaggerDescriptionFilter>();
                 options.OperationFilter<SwaggerSummaryFilter>();
@@ -57,8 +75,8 @@ namespace ERP.Framework.Extensions
             public void Apply(OpenApiOperation operation, OperationFilterContext context)
             {
                 var attribute = context.MethodInfo
-             .GetCustomAttributes(typeof(SwaggerOperationAttribute), false)
-             .FirstOrDefault() as SwaggerOperationAttribute;
+                    .GetCustomAttributes(typeof(SwaggerOperationAttribute), false)
+                    .FirstOrDefault() as SwaggerOperationAttribute;
 
                 if (attribute != null && !string.IsNullOrEmpty(attribute.Description))
                 {

ERP.Framework/Middleware/AuthenticationMiddleware.cs

@@ -37,7 +37,7 @@ namespace ERP.Framework.Middleware
                 return;
             }
 
-            var token = context.Request.Headers["Authorization"].ToString().Replace(FrameworkConstant.TOKEN_PREFIX, "").TrimStart();
+            var token = context.Request.Headers[AuthConstant.HEADER].ToString().Replace(FrameworkConstant.TOKEN_PREFIX, "").TrimStart();
 
             var isValid = TokenHelper.ValidateToken(token, securityConfig.JwtSecurityKey);
 
@@ -61,7 +61,7 @@ namespace ERP.Framework.Middleware
             var claims = TokenHelper.GetClaims(token);
             var tokenId = claims.FirstOrDefault(t => t.Type == JwtRegisteredClaimNames.UniqueName)!.Value;
             var userId = claims.FirstOrDefault(t => t.Type == JwtRegisteredClaimNames.NameId)!.Value;
-            var userName = claims.FirstOrDefault(t => t.Type == ClaimTypes.Name)!.Value;
+            //var userName = claims.FirstOrDefault(t => t.Type == ClaimTypes.Name)!.Value;
 
             var checkLastActivityResult = CheckLastActivity(tokenId, securityConfig.ActivityTimeOut);
 

ERP.Framework/Security/TokenHelper.cs

@@ -26,14 +26,14 @@ namespace ERP.Framework.Security
 
             var claims = new Claim[]
             {
+                new Claim(JwtRegisteredClaimNames.UniqueName,tokenId),
                 new Claim(JwtRegisteredClaimNames.NameId,userId.ToString()),
-                new Claim(ClaimTypes.Name,userName)
             };
 
             var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(securityKey));
 
             var token = new JwtSecurityToken(
-                issuer: "Erp",
+                issuer: "ERP",
                 audience: "ERP",
                 claims: claims,
                 notBefore: DateTime.Now,