Change api_token to api_access_key

2019-06-04 14:07:59 +08:00 · 2019-06-04 14:07:59 +08:00 · 263bf215da
parent 9b92867ea3
commit 263bf215da
3 changed files with 28 additions and 28 deletions
--- a/src/main/java/run/halo/app/config/SwaggerConfiguration.java
+++ b/src/main/java/run/halo/app/config/SwaggerConfiguration.java
@ -69,8 +69,8 @@ public class SwaggerConfiguration {
        return buildApiDocket("run.halo.app.content.api",
                "run.halo.app.controller.content.api",
                "/api/content/**")
-                .securitySchemes(portalApiKeys())
+                .securitySchemes(contentApiKeys())
-                .securityContexts(portalSecurityContext())
+                .securityContexts(contentSecurityContext())
                .enable(!haloProperties.isDocDisabled());
    }
@ -137,14 +137,14 @@ public class SwaggerConfiguration {
        );
    }
-    private List<ApiKey> portalApiKeys() {
+    private List<ApiKey> contentApiKeys() {
        return Arrays.asList(
-                new ApiKey("Token from header", ApiAuthenticationFilter.API_TOKEN_HEADER_NAME, In.HEADER.name()),
+                new ApiKey("Access key from header", ApiAuthenticationFilter.API_ACCESS_KEY_HEADER_NAME, In.HEADER.name()),
-                new ApiKey("Token from query", ApiAuthenticationFilter.API_TOKEN_QUERY_NAME, In.QUERY.name())
+                new ApiKey("Access key from query", ApiAuthenticationFilter.API_ACCESS_KEY_QUERY_NAME, In.QUERY.name())
        );
    }
-    private List<SecurityContext> portalSecurityContext() {
+    private List<SecurityContext> contentSecurityContext() {
        return Collections.singletonList(
                SecurityContext.builder()
                        .securityReferences(defaultAuth())
--- a/src/main/java/run/halo/app/model/properties/OtherProperties.java
+++ b/src/main/java/run/halo/app/model/properties/OtherProperties.java
@ -10,7 +10,7 @@ public enum OtherProperties implements PropertyEnum {
    API_ENABLED("api_enabled", Boolean.class, "false"),
-    API_TOKEN("api_token", String.class, ""),
+    API_ACCESS_KEY("api_access_key", String.class, ""),
    STATISTICS_CODE("statistics_code", String.class, ""),
--- a/src/main/java/run/halo/app/security/filter/ApiAuthenticationFilter.java
+++ b/src/main/java/run/halo/app/security/filter/ApiAuthenticationFilter.java
@ -27,9 +27,9 @@ import java.util.Optional;
@Slf4j
 public class ApiAuthenticationFilter extends AbstractAuthenticationFilter {
-    public final static String API_TOKEN_HEADER_NAME = "API-" + HttpHeaders.AUTHORIZATION;
+    public final static String API_ACCESS_KEY_HEADER_NAME = "API-" + HttpHeaders.AUTHORIZATION;
-    public final static String API_TOKEN_QUERY_NAME = "api_token";
+    public final static String API_ACCESS_KEY_QUERY_NAME = "api_access_key";
    private final OptionService optionService;
@ -55,27 +55,27 @@ public class ApiAuthenticationFilter extends AbstractAuthenticationFilter {
            return;
        }
-        // Get token
+        // Get access key
-        String token = getTokenFromRequest(request);
+        String accessKey = getTokenFromRequest(request);
-        if (StringUtils.isBlank(token)) {
+        if (StringUtils.isBlank(accessKey)) {
-            // If the token is missing
+            // If the access key is missing
-            getFailureHandler().onFailure(request, response, new AuthenticationException("Missing API token"));
+            getFailureHandler().onFailure(request, response, new AuthenticationException("Missing API access key"));
            return;
        }
-        // Get token from option
+        // Get access key from option
-        Optional<String> optionalToken = optionService.getByProperty(OtherProperties.API_TOKEN, String.class);
+        Optional<String> optionalAccessKey = optionService.getByProperty(OtherProperties.API_ACCESS_KEY, String.class);
-        if (!optionalToken.isPresent()) {
+        if (!optionalAccessKey.isPresent()) {
-            // If the token is not set
+            // If the access key is not set
-            getFailureHandler().onFailure(request, response, new AuthenticationException("API Token hasn't been set by blogger"));
+            getFailureHandler().onFailure(request, response, new AuthenticationException("API access key hasn't been set by blogger"));
            return;
        }
-        if (!StringUtils.equals(token, optionalToken.get())) {
+        if (!StringUtils.equals(accessKey, optionalAccessKey.get())) {
-            // If the token is mismatch
+            // If the access key is mismatch
-            getFailureHandler().onFailure(request, response, new AuthenticationException("Token is mismatch"));
+            getFailureHandler().onFailure(request, response, new AuthenticationException("API access key is mismatch"));
            return;
        }
@ -103,17 +103,17 @@ public class ApiAuthenticationFilter extends AbstractAuthenticationFilter {
        Assert.notNull(request, "Http servlet request must not be null");
        // Get from header
-        String token = request.getHeader(API_TOKEN_HEADER_NAME);
+        String accessKey = request.getHeader(API_ACCESS_KEY_HEADER_NAME);
        // Get from param
-        if (StringUtils.isBlank(token)) {
+        if (StringUtils.isBlank(accessKey)) {
-            token = request.getParameter(API_TOKEN_QUERY_NAME);
+            accessKey = request.getParameter(API_ACCESS_KEY_QUERY_NAME);
-            log.debug("Got token from parameter: [{}: {}]", API_TOKEN_QUERY_NAME, token);
+            log.debug("Got access key from parameter: [{}: {}]", API_ACCESS_KEY_QUERY_NAME, accessKey);
        } else {
-            log.debug("Got token from header: [{}: {}]", API_TOKEN_HEADER_NAME, token);
+            log.debug("Got access key from header: [{}: {}]", API_ACCESS_KEY_HEADER_NAME, accessKey);
        }
-        return token;
+        return accessKey;
    }
 }