带签名请求的Swift Alamofire文件上传:如何发送授权标头？

Question

场景:

• iPhone iOS 8+应用程序
• 登录用户将上传个人资料照片

该应用已经使用Alamofire向后端API发出签名请求.非常简单:应用程序为要签名的请求发送三个特定的HTTP标头(Authorization,X-Api-Key和timestamp).调用Alamofire.request它很容易headers作为参数发送,因此它工作得很漂亮.

现在,用户需要能够上传他们的个人资料图片.由于用户已经登录到应用程序,后端API将通过签名请求知道哪个用户正在发送图片- 这是我过去几个小时一直在努力解决的棘手问题.Alamofire.upload接受完全不同的参数.request,所以我无法弄清楚如何在上传文件时发送标题.

试过旧的Alamofire.Manager.session.configuration.HTTPAdditionalHeaders,但不再支持了.找到文件上传的吨代码示例,没有考虑发送自定义标头.

使用Alamofire.upload方法时如何发送自定义标头？

typealias requestDataType = [String:AnyObject]
private func signRequest(data: requestDataType) -> [String:String] {
    var headers = [String:String]()

    var authString = ""
    var signatureHeaders = ""

    // Iterates over SORTED data dictionary to build headers
    for (k,v) in (data.sort{$0.0 < $1.0}) {
        if !authString.isEmpty {
            authString += "\n"
            signatureHeaders += " "
        }
        authString += "\(k): \(v)"
        signatureHeaders += "\(k)"
        headers[k] = "\(v)"
    }

    let userApiKey = _loggedInUser!["api_key"].string!
    let signature = authString.sha256(_loggedInUser!["api_secret"].string!)

    headers["X-Api-Key"] = userApiKey
    headers["Authorization"] = "Signature headers=\"\(signatureHeaders)\",keyId=\"\(userApiKey)\",algorithm=\"hmac-sha256\",signature=\"\(signature)\""

    return headers
}

func uploadProfilePicture(photo: UIImage, callback: apiCallback){
    guard let userId = _loggedInUser?["pk"].int else {
        callback(Response(success: false, responseMessage: "User not logged in"))
        return
    }

    let requestData: requestDataType = ["timestamp": "\(Int(NSDate().timeIntervalSince1970))"]

    let aManager = Manager.sharedInstance
    print(self.signRequest(requestData)) // Prints correct headers (Authorization, X-Api-Key, timestamp)
    aManager.session.configuration.HTTPAdditionalHeaders = self.signRequest(requestData)
    print(aManager.session.configuration.HTTPAdditionalHeaders) // Prints default headers, completely ignoring my custom headers

    aManager.upload(.POST, "\(_apiBaseUrl)profiles/\(userId)/photo/", multipartFormData: { multipartFormData in
        if let imageData = UIImageJPEGRepresentation(photo, 0.8) {
            multipartFormData.appendBodyPart(data: imageData, name: "upload", fileName: "userphoto.jpg", mimeType: "image/jpeg")
        }

        for (key, value) in requestData {
            multipartFormData.appendBodyPart(data: value.dataUsingEncoding(NSUTF8StringEncoding)!, name: key)
        }

        }, encodingCompletion: {
            encodingResult in

            debugPrint(encodingResult)
    })
}

请求通过.在后端日志中,我可以看到返回的请求HTTP 403- 未授权,因为无法签署请求.打印请求标头,服务器未收到任何自定义身份验证标头.

Answer 1

在初始化之前，我想分享一个在此类工作中非常有用的免费工具（chrome 应用程序）：DHC Rest Client：使用此工具，您可以验证您的参数、标头和上传文件是否符合您想要的请求类型到服务器。

所以，这与Swift 2.x和Alamofire 3.x一起工作：

首先准备你的标题：

let headers = [
                "Content-Type": "application/zip",
                "X-Api-Key": userApiKey,
                ...whatever you need on headers..
            ]

因此，假设您必须发送一个 zip 文件，并且响应将是 TEXT/HTML 响应类型（带有 SUCCESS 或 ERROR 的简单字符串）：

let filePath: String! = "/Users/admin.../Documents/myZipFile.zip"
var zipData: NSData! = NSData()
do {
    zipData = try NSData(contentsOfFile: filePath, options: NSDataReadingOptions.DataReadingMappedIfSafe)
} catch {
    print("- error during get nsdata from zip file\(error)")
}
let url :String! = String(format:"...myUrl?key1=%@&key2=%@",value1,value2)
Alamofire.upload(.POST, url, headers: headers, data: zipData)
                .responseString { response in
            if response.result.isSuccess {
                  let responseValue = response.result.value
                  print("Response value is: \(responseValue)")
            } else {
               var statusCode = 0
               if (response.response != nil) {
                  statusCode = (response.response?.statusCode)!
               }
               print("Error: \(response.result.error!) with statusCode: \(statusCode)")
            }

这就是全部，但如果您想使用 multipartformdata，您可以通过 headers 字典传递 headers：

.upload(<#T##method: Method##Method#>, <#T##URLString: URLStringConvertible##URLStringConvertible#>, headers: <#T##[String : String]?#>, multipartFormData: < #T##MultipartFormData -> 空# >