github
/
halo
mirror of https://github.com/halo-dev/halo
1
0
Fork 0
Code Issues Releases Wiki Activity

Enhance swagger configuration

pull/146/head
johnniang 2019-04-29 17:26:55 +08:00
parent 6ed9a927ac
commit 259a47e238
4 changed files with 49 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/main/java/run/halo/app/config/SwaggerConfiguration.java
View File

@ -8,11 +8,13 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered; import org.springframework.core.Ordered;
import org.springframework.data.domain.Pageable; import org.springframework.data.domain.Pageable;
import org.springframework.data.domain.Sort; import org.springframework.data.domain.Sort;
import org.springframework.http.HttpHeaders;
import org.springframework.lang.NonNull; import org.springframework.lang.NonNull;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestMethod;
import run.halo.app.config.properties.HaloProperties; import run.halo.app.config.properties.HaloProperties;
import run.halo.app.model.entity.User; import run.halo.app.model.entity.User;
import run.halo.app.security.filter.AdminAuthenticationFilter;
import run.halo.app.security.support.UserDetail; import run.halo.app.security.support.UserDetail;
import springfox.documentation.builders.*; import springfox.documentation.builders.*;
import springfox.documentation.schema.AlternateTypeRule; import springfox.documentation.schema.AlternateTypeRule;
@ -66,6 +68,8 @@ public class SwaggerConfiguration {
return buildApiDocket("run.halo.app.content.api", return buildApiDocket("run.halo.app.content.api",
"run.halo.app.controller.content.api", "run.halo.app.controller.content.api",
"/api/**") "/api/**")
.securitySchemes(portalApiKeys())
.securityContexts(portalSecurityContext())
.enable(!haloProperties.isDocDisabled()); .enable(!haloProperties.isDocDisabled());
} }
@ -76,6 +80,8 @@ public class SwaggerConfiguration {
return buildApiDocket("run.halo.app.admin", return buildApiDocket("run.halo.app.admin",
"run.halo.app.controller.admin", "run.halo.app.controller.admin",
"/api/admin/**") "/api/admin/**")
.securitySchemes(adminApiKeys())
.securityContexts(adminSecurityContext())
.enable(!haloProperties.isDocDisabled()); .enable(!haloProperties.isDocDisabled());
} }
@ -104,8 +110,6 @@ public class SwaggerConfiguration {
.paths(PathSelectors.ant(antPattern)) .paths(PathSelectors.ant(antPattern))
.build() .build()
.apiInfo(apiInfo()) .apiInfo(apiInfo())
.securitySchemes(Collections.singletonList(apiKeys()))
.securityContexts(Collections.singletonList(securityContext()))
.useDefaultResponseMessages(false) .useDefaultResponseMessages(false)
.globalResponseMessage(RequestMethod.GET, globalResponses) .globalResponseMessage(RequestMethod.GET, globalResponses)
.globalResponseMessage(RequestMethod.POST, globalResponses) .globalResponseMessage(RequestMethod.POST, globalResponses)
@ -114,15 +118,36 @@ public class SwaggerConfiguration {
.directModelSubstitute(Temporal.class, String.class); .directModelSubstitute(Temporal.class, String.class);
} }
private ApiKey apiKeys() { private List<ApiKey> adminApiKeys() {
return new ApiKey("TOKEN ACCESS", TOKEN_HEADER, In.HEADER.name()); return Arrays.asList(
new ApiKey("Token from header", AdminAuthenticationFilter.ADMIN_TOKEN_HEADER_NAME, In.HEADER.name()),
new ApiKey("Token from query", AdminAuthenticationFilter.ADMIN_TOKEN_QUERY_NAME, In.QUERY.name())
);
} }
private SecurityContext securityContext() { private List<SecurityContext> adminSecurityContext() {
return SecurityContext.builder() return Collections.singletonList(
.securityReferences(defaultAuth()) SecurityContext.builder()
.forPaths(PathSelectors.regex("/api/admin/.*")) .securityReferences(defaultAuth())
.build(); .forPaths(PathSelectors.ant("/api/admin/**"))
.build()
);
}
private List<ApiKey> portalApiKeys() {
return Arrays.asList(
new ApiKey("Token from header", HttpHeaders.AUTHORIZATION, In.HEADER.name()),
new ApiKey("Token from query", "token", In.QUERY.name())
);
}
private List<SecurityContext> portalSecurityContext() {
return Collections.singletonList(
SecurityContext.builder()
.securityReferences(defaultAuth())
.forPaths(PathSelectors.ant("/api/**"))
.build()
);
} }
private List<SecurityReference> defaultAuth() { private List<SecurityReference> defaultAuth() {

6
src/main/java/run/halo/app/security/filter/AdminAuthenticationFilter.java
View File

@ -58,7 +58,7 @@ public class AdminAuthenticationFilter extends AbstractAuthenticationFilter {
/** /**
* Admin token param name. * Admin token param name.
*/ */
public final static String ADMIN_TOKEN_PARAM_NAME = "adminToken"; public final static String ADMIN_TOKEN_QUERY_NAME = "adminToken";
private final HaloProperties haloProperties; private final HaloProperties haloProperties;
@ -152,9 +152,9 @@ public class AdminAuthenticationFilter extends AbstractAuthenticationFilter {
// Get from param // Get from param
if (StringUtils.isBlank(token)) { if (StringUtils.isBlank(token)) {
token = request.getParameter(ADMIN_TOKEN_PARAM_NAME); token = request.getParameter(ADMIN_TOKEN_QUERY_NAME);
log.debug("Got token from parameter: [{}: {}]", ADMIN_TOKEN_PARAM_NAME, token); log.debug("Got token from parameter: [{}: {}]", ADMIN_TOKEN_QUERY_NAME, token);
} else { } else {
log.debug("Got token from header: [{}: {}]", ADMIN_TOKEN_HEADER_NAME, token); log.debug("Got token from header: [{}: {}]", ADMIN_TOKEN_HEADER_NAME, token);
} }

7
src/main/java/run/halo/app/service/AdminService.java
View File

@ -13,6 +13,13 @@ import run.halo.app.security.token.AuthToken;
*/ */
public interface AdminService { public interface AdminService {
/**
* Expired seconds.
*/
int ACCESS_TOKEN_EXPIRED_SECONDS = 24 * 3600;
int REFRESH_TOKEN_EXPIRED_DAYS = 30;
String ACCESS_TOKEN_CACHE_PREFIX = "halo.admin.access_token."; String ACCESS_TOKEN_CACHE_PREFIX = "halo.admin.access_token.";
String REFRESH_TOKEN_CACHE_PREFIX = "halo.admin.refresh_token."; String REFRESH_TOKEN_CACHE_PREFIX = "halo.admin.refresh_token.";

12
src/main/java/run/halo/app/service/impl/AdminServiceImpl.java
View File

@ -95,19 +95,17 @@ public class AdminServiceImpl implements AdminService {
// Generate new token // Generate new token
AuthToken token = new AuthToken(); AuthToken token = new AuthToken();
int expiredIn = 24 * 3600;
token.setAccessToken(HaloUtils.randomUUIDWithoutDash()); token.setAccessToken(HaloUtils.randomUUIDWithoutDash());
token.setExpiredIn(expiredIn); token.setExpiredIn(ACCESS_TOKEN_EXPIRED_SECONDS);
token.setRefreshToken(HaloUtils.randomUUIDWithoutDash()); token.setRefreshToken(HaloUtils.randomUUIDWithoutDash());
// Cache those tokens, just for clearing // Cache those tokens, just for clearing
cacheStore.putAny(SecurityUtils.buildAccessTokenKey(user), token.getAccessToken(), 30, TimeUnit.DAYS); cacheStore.putAny(SecurityUtils.buildAccessTokenKey(user), token.getAccessToken(), REFRESH_TOKEN_EXPIRED_DAYS, TimeUnit.DAYS);
cacheStore.putAny(SecurityUtils.buildRefreshTokenKey(user), token.getRefreshToken(), 30, TimeUnit.DAYS); cacheStore.putAny(SecurityUtils.buildRefreshTokenKey(user), token.getRefreshToken(), REFRESH_TOKEN_EXPIRED_DAYS, TimeUnit.DAYS);
// Cache those tokens with user id // Cache those tokens with user id
cacheStore.putAny(SecurityUtils.buildTokenAccessKey(token.getAccessToken()), user.getId(), expiredIn, TimeUnit.SECONDS); cacheStore.putAny(SecurityUtils.buildTokenAccessKey(token.getAccessToken()), user.getId(), ACCESS_TOKEN_EXPIRED_SECONDS, TimeUnit.SECONDS);
cacheStore.putAny(SecurityUtils.buildTokenRefreshKey(token.getRefreshToken()), user.getId(), 30, TimeUnit.DAYS); cacheStore.putAny(SecurityUtils.buildTokenRefreshKey(token.getRefreshToken()), user.getId(), REFRESH_TOKEN_EXPIRED_DAYS, TimeUnit.DAYS);
return token; return token;
} }