我有一个通过 go-swagger 生成的 api。我正在尝试进行 session 检查,检查它是否没有按我预期的那样触发。我关注了一个example我在 github 上找到的,但似乎对我不起作用。
我的代码:
// Applies when the "X-Session-Key" header is set
api.SessionKeyHeaderAuth = func(token string) (interface{}, error) {
// test the token
success := routeHandler.HandleSessionHeaderKey(token)
if success{
return nil, nil
}
//We are pessimistic, if they aren't successful then we return a 401
api.Logger("Access attempt with incorrect api key auth: %s", token)
return nil, errors.New(401, "incorrect api key auth")
}
我的 Yaml(用于我正在 curl 的端点):
/auth/logout:
post:
summary: Logs in the user
consumes:
- application/x-www-form-urlencoded
operationId: authLogoutUser
tags:
- auth
description:
Allow users to log out and their session will be terminated
produces:
- application/json
parameters:
- in: header
name: X-Session-Key
type: string
required: true
- in: header
name: X-Profile-Key
type: string
required: true
responses:
200:
description: Login Success
headers:
ProfileKeyHeader:
type: string
description: The key for the profile data
SessionKeyHeader:
type: string
description: The key for the session data
400:
description: Whether the user is not found or error while login, decided on a generic login failure error
schema:
$ref: 'definitions.yaml#/definitions/Error'
429:
description: Too many requests and being throttled
schema:
$ref: 'definitions.yaml#/definitions/Error'
500:
description: Too many requests and being throttled
schema:
$ref: 'definitions.yaml#/definitions/Error'
如果您能帮我看看我做错了什么,我们将不胜感激。
最佳答案
所以,我是个白痴......
问题是我忘记将安全性添加到我的 swagger yaml 中。一旦我这样做了,我的函数就会被调用。
operationId: authLogoutUser
tags:
- auth
description:
Allow users to log out and their session will be terminated
produces:
- application/json
security:
- SessionKeyHeader: []
关于session - go-swagger 不调用我的标题检查,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52048275/