Change api_token to api_access_key

src/main/java/run/halo/app/config/SwaggerConfiguration.java

@@ -69,8 +69,8 @@ public class SwaggerConfiguration {
         return buildApiDocket("run.halo.app.content.api",
                 "run.halo.app.controller.content.api",
                 "/api/content/**")
-                .securitySchemes(portalApiKeys())
-                .securityContexts(portalSecurityContext())
+                .securitySchemes(contentApiKeys())
+                .securityContexts(contentSecurityContext())
                 .enable(!haloProperties.isDocDisabled());
     }
 
@@ -137,14 +137,14 @@ public class SwaggerConfiguration {
         );
     }
 
-    private List<ApiKey> portalApiKeys() {
+    private List<ApiKey> contentApiKeys() {
         return Arrays.asList(
-                new ApiKey("Token from header", ApiAuthenticationFilter.API_TOKEN_HEADER_NAME, In.HEADER.name()),
-                new ApiKey("Token from query", ApiAuthenticationFilter.API_TOKEN_QUERY_NAME, In.QUERY.name())
+                new ApiKey("Access key from header", ApiAuthenticationFilter.API_ACCESS_KEY_HEADER_NAME, In.HEADER.name()),
+                new ApiKey("Access key from query", ApiAuthenticationFilter.API_ACCESS_KEY_QUERY_NAME, In.QUERY.name())
         );
     }
 
-    private List<SecurityContext> portalSecurityContext() {
+    private List<SecurityContext> contentSecurityContext() {
         return Collections.singletonList(
                 SecurityContext.builder()
                         .securityReferences(defaultAuth())

src/main/java/run/halo/app/model/properties/OtherProperties.java

@@ -10,7 +10,7 @@ public enum OtherProperties implements PropertyEnum {
 
     API_ENABLED("api_enabled", Boolean.class, "false"),
 
-    API_TOKEN("api_token", String.class, ""),
+    API_ACCESS_KEY("api_access_key", String.class, ""),
 
     STATISTICS_CODE("statistics_code", String.class, ""),
 

src/main/java/run/halo/app/security/filter/ApiAuthenticationFilter.java

@@ -27,9 +27,9 @@ import java.util.Optional;
 @Slf4j
 public class ApiAuthenticationFilter extends AbstractAuthenticationFilter {
 
-    public final static String API_TOKEN_HEADER_NAME = "API-" + HttpHeaders.AUTHORIZATION;
+    public final static String API_ACCESS_KEY_HEADER_NAME = "API-" + HttpHeaders.AUTHORIZATION;
 
-    public final static String API_TOKEN_QUERY_NAME = "api_token";
+    public final static String API_ACCESS_KEY_QUERY_NAME = "api_access_key";
 
     private final OptionService optionService;
 
@@ -55,27 +55,27 @@ public class ApiAuthenticationFilter extends AbstractAuthenticationFilter {
             return;
         }
 
-        // Get token
-        String token = getTokenFromRequest(request);
+        // Get access key
+        String accessKey = getTokenFromRequest(request);
 
-        if (StringUtils.isBlank(token)) {
-            // If the token is missing
-            getFailureHandler().onFailure(request, response, new AuthenticationException("Missing API token"));
+        if (StringUtils.isBlank(accessKey)) {
+            // If the access key is missing
+            getFailureHandler().onFailure(request, response, new AuthenticationException("Missing API access key"));
             return;
         }
 
-        // Get token from option
-        Optional<String> optionalToken = optionService.getByProperty(OtherProperties.API_TOKEN, String.class);
+        // Get access key from option
+        Optional<String> optionalAccessKey = optionService.getByProperty(OtherProperties.API_ACCESS_KEY, String.class);
 
-        if (!optionalToken.isPresent()) {
-            // If the token is not set
-            getFailureHandler().onFailure(request, response, new AuthenticationException("API Token hasn't been set by blogger"));
+        if (!optionalAccessKey.isPresent()) {
+            // If the access key is not set
+            getFailureHandler().onFailure(request, response, new AuthenticationException("API access key hasn't been set by blogger"));
             return;
         }
 
-        if (!StringUtils.equals(token, optionalToken.get())) {
-            // If the token is mismatch
-            getFailureHandler().onFailure(request, response, new AuthenticationException("Token is mismatch"));
+        if (!StringUtils.equals(accessKey, optionalAccessKey.get())) {
+            // If the access key is mismatch
+            getFailureHandler().onFailure(request, response, new AuthenticationException("API access key is mismatch"));
             return;
         }
 
@@ -103,17 +103,17 @@ public class ApiAuthenticationFilter extends AbstractAuthenticationFilter {
         Assert.notNull(request, "Http servlet request must not be null");
 
         // Get from header
-        String token = request.getHeader(API_TOKEN_HEADER_NAME);
+        String accessKey = request.getHeader(API_ACCESS_KEY_HEADER_NAME);
 
         // Get from param
-        if (StringUtils.isBlank(token)) {
-            token = request.getParameter(API_TOKEN_QUERY_NAME);
+        if (StringUtils.isBlank(accessKey)) {
+            accessKey = request.getParameter(API_ACCESS_KEY_QUERY_NAME);
 
-            log.debug("Got token from parameter: [{}: {}]", API_TOKEN_QUERY_NAME, token);
+            log.debug("Got access key from parameter: [{}: {}]", API_ACCESS_KEY_QUERY_NAME, accessKey);
         } else {
-            log.debug("Got token from header: [{}: {}]", API_TOKEN_HEADER_NAME, token);
+            log.debug("Got access key from header: [{}: {}]", API_ACCESS_KEY_HEADER_NAME, accessKey);
         }
 
-        return token;
+        return accessKey;
     }
 }