From 263bf215da72f7c89891da857ef8c44e930a3c52 Mon Sep 17 00:00:00 2001 From: ruibaby Date: Tue, 4 Jun 2019 14:07:59 +0800 Subject: [PATCH] Change api_token to api_access_key --- .../halo/app/config/SwaggerConfiguration.java | 12 +++--- .../app/model/properties/OtherProperties.java | 2 +- .../filter/ApiAuthenticationFilter.java | 42 +++++++++---------- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/src/main/java/run/halo/app/config/SwaggerConfiguration.java b/src/main/java/run/halo/app/config/SwaggerConfiguration.java index 0cd172f20..03cdb9521 100644 --- a/src/main/java/run/halo/app/config/SwaggerConfiguration.java +++ b/src/main/java/run/halo/app/config/SwaggerConfiguration.java @@ -69,8 +69,8 @@ public class SwaggerConfiguration { return buildApiDocket("run.halo.app.content.api", "run.halo.app.controller.content.api", "/api/content/**") - .securitySchemes(portalApiKeys()) - .securityContexts(portalSecurityContext()) + .securitySchemes(contentApiKeys()) + .securityContexts(contentSecurityContext()) .enable(!haloProperties.isDocDisabled()); } @@ -137,14 +137,14 @@ public class SwaggerConfiguration { ); } - private List portalApiKeys() { + private List contentApiKeys() { return Arrays.asList( - new ApiKey("Token from header", ApiAuthenticationFilter.API_TOKEN_HEADER_NAME, In.HEADER.name()), - new ApiKey("Token from query", ApiAuthenticationFilter.API_TOKEN_QUERY_NAME, In.QUERY.name()) + new ApiKey("Access key from header", ApiAuthenticationFilter.API_ACCESS_KEY_HEADER_NAME, In.HEADER.name()), + new ApiKey("Access key from query", ApiAuthenticationFilter.API_ACCESS_KEY_QUERY_NAME, In.QUERY.name()) ); } - private List portalSecurityContext() { + private List contentSecurityContext() { return Collections.singletonList( SecurityContext.builder() .securityReferences(defaultAuth()) diff --git a/src/main/java/run/halo/app/model/properties/OtherProperties.java b/src/main/java/run/halo/app/model/properties/OtherProperties.java index 175c62e19..e2be5d420 100644 --- a/src/main/java/run/halo/app/model/properties/OtherProperties.java +++ b/src/main/java/run/halo/app/model/properties/OtherProperties.java @@ -10,7 +10,7 @@ public enum OtherProperties implements PropertyEnum { API_ENABLED("api_enabled", Boolean.class, "false"), - API_TOKEN("api_token", String.class, ""), + API_ACCESS_KEY("api_access_key", String.class, ""), STATISTICS_CODE("statistics_code", String.class, ""), diff --git a/src/main/java/run/halo/app/security/filter/ApiAuthenticationFilter.java b/src/main/java/run/halo/app/security/filter/ApiAuthenticationFilter.java index bdea4ce6b..8c83654c9 100644 --- a/src/main/java/run/halo/app/security/filter/ApiAuthenticationFilter.java +++ b/src/main/java/run/halo/app/security/filter/ApiAuthenticationFilter.java @@ -27,9 +27,9 @@ import java.util.Optional; @Slf4j public class ApiAuthenticationFilter extends AbstractAuthenticationFilter { - public final static String API_TOKEN_HEADER_NAME = "API-" + HttpHeaders.AUTHORIZATION; + public final static String API_ACCESS_KEY_HEADER_NAME = "API-" + HttpHeaders.AUTHORIZATION; - public final static String API_TOKEN_QUERY_NAME = "api_token"; + public final static String API_ACCESS_KEY_QUERY_NAME = "api_access_key"; private final OptionService optionService; @@ -55,27 +55,27 @@ public class ApiAuthenticationFilter extends AbstractAuthenticationFilter { return; } - // Get token - String token = getTokenFromRequest(request); + // Get access key + String accessKey = getTokenFromRequest(request); - if (StringUtils.isBlank(token)) { - // If the token is missing - getFailureHandler().onFailure(request, response, new AuthenticationException("Missing API token")); + if (StringUtils.isBlank(accessKey)) { + // If the access key is missing + getFailureHandler().onFailure(request, response, new AuthenticationException("Missing API access key")); return; } - // Get token from option - Optional optionalToken = optionService.getByProperty(OtherProperties.API_TOKEN, String.class); + // Get access key from option + Optional optionalAccessKey = optionService.getByProperty(OtherProperties.API_ACCESS_KEY, String.class); - if (!optionalToken.isPresent()) { - // If the token is not set - getFailureHandler().onFailure(request, response, new AuthenticationException("API Token hasn't been set by blogger")); + if (!optionalAccessKey.isPresent()) { + // If the access key is not set + getFailureHandler().onFailure(request, response, new AuthenticationException("API access key hasn't been set by blogger")); return; } - if (!StringUtils.equals(token, optionalToken.get())) { - // If the token is mismatch - getFailureHandler().onFailure(request, response, new AuthenticationException("Token is mismatch")); + if (!StringUtils.equals(accessKey, optionalAccessKey.get())) { + // If the access key is mismatch + getFailureHandler().onFailure(request, response, new AuthenticationException("API access key is mismatch")); return; } @@ -103,17 +103,17 @@ public class ApiAuthenticationFilter extends AbstractAuthenticationFilter { Assert.notNull(request, "Http servlet request must not be null"); // Get from header - String token = request.getHeader(API_TOKEN_HEADER_NAME); + String accessKey = request.getHeader(API_ACCESS_KEY_HEADER_NAME); // Get from param - if (StringUtils.isBlank(token)) { - token = request.getParameter(API_TOKEN_QUERY_NAME); + if (StringUtils.isBlank(accessKey)) { + accessKey = request.getParameter(API_ACCESS_KEY_QUERY_NAME); - log.debug("Got token from parameter: [{}: {}]", API_TOKEN_QUERY_NAME, token); + log.debug("Got access key from parameter: [{}: {}]", API_ACCESS_KEY_QUERY_NAME, accessKey); } else { - log.debug("Got token from header: [{}: {}]", API_TOKEN_HEADER_NAME, token); + log.debug("Got access key from header: [{}: {}]", API_ACCESS_KEY_HEADER_NAME, accessKey); } - return token; + return accessKey; } }