github
/
halo
mirror of https://github.com/halo-dev/halo
1
0
Fork 0
Code Issues Releases Wiki Activity

Check installation before requesting api

pull/146/head
johnniang 2019-04-29 14:18:24 +08:00
parent 1a7f621502
commit df30cde1ee
5 changed files with 50 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/run/halo/app/config/HaloConfiguration.java
View File

@ -21,6 +21,7 @@ import run.halo.app.security.filter.AdminAuthenticationFilter;
import run.halo.app.security.filter.ApiAuthenticationFilter; import run.halo.app.security.filter.ApiAuthenticationFilter;
import run.halo.app.security.handler.AdminAuthenticationFailureHandler; import run.halo.app.security.handler.AdminAuthenticationFailureHandler;
import run.halo.app.security.handler.DefaultAuthenticationFailureHandler; import run.halo.app.security.handler.DefaultAuthenticationFailureHandler;
import run.halo.app.service.OptionService;
import run.halo.app.service.UserService; import run.halo.app.service.UserService;
import run.halo.app.utils.HttpClientUtils; import run.halo.app.utils.HttpClientUtils;
@ -113,8 +114,9 @@ public class HaloConfiguration {
public FilterRegistrationBean<AdminAuthenticationFilter> adminAuthenticationFilter(StringCacheStore cacheStore, public FilterRegistrationBean<AdminAuthenticationFilter> adminAuthenticationFilter(StringCacheStore cacheStore,
UserService userService, UserService userService,
HaloProperties haloProperties, HaloProperties haloProperties,
ObjectMapper objectMapper) { ObjectMapper objectMapper,
AdminAuthenticationFilter adminAuthenticationFilter = new AdminAuthenticationFilter(cacheStore, userService, haloProperties); OptionService optionService) {
AdminAuthenticationFilter adminAuthenticationFilter = new AdminAuthenticationFilter(cacheStore, userService, haloProperties, optionService);
AdminAuthenticationFailureHandler failureHandler = new AdminAuthenticationFailureHandler(); AdminAuthenticationFailureHandler failureHandler = new AdminAuthenticationFailureHandler();
failureHandler.setProductionEnv(haloProperties.isProductionEnv()); failureHandler.setProductionEnv(haloProperties.isProductionEnv());

3
src/main/java/run/halo/app/controller/admin/api/AdminController.java
View File

@ -39,8 +39,9 @@ public class AdminController {
return adminService.getCount(); return adminService.getCount();
} }
@PostMapping("auth/login") @PostMapping("login")
@ApiOperation("Login") @ApiOperation("Login")
@CacheLock
public AuthToken auth(@RequestBody @Valid LoginParam loginParam) { public AuthToken auth(@RequestBody @Valid LoginParam loginParam) {
return adminService.authenticate(loginParam); return adminService.authenticate(loginParam);
} }

18
src/main/java/run/halo/app/exception/NotInstallException.java Normal file
View File

@ -0,0 +1,18 @@
package run.halo.app.exception;
/**
* Not install exception.
*
* @author johnniang
* @date 19-4-29
*/
public class NotInstallException extends BadRequestException {
public NotInstallException(String message) {
super(message);
}
public NotInstallException(String message, Throwable cause) {
super(message, cause);
}
}

32
src/main/java/run/halo/app/security/filter/AdminAuthenticationFilter.java
View File

@ -9,12 +9,15 @@ import org.springframework.util.Assert;
import run.halo.app.cache.StringCacheStore; import run.halo.app.cache.StringCacheStore;
import run.halo.app.config.properties.HaloProperties; import run.halo.app.config.properties.HaloProperties;
import run.halo.app.exception.AuthenticationException; import run.halo.app.exception.AuthenticationException;
import run.halo.app.exception.NotInstallException;
import run.halo.app.model.entity.User; import run.halo.app.model.entity.User;
import run.halo.app.model.properties.PrimaryProperties;
import run.halo.app.security.authentication.AuthenticationImpl; import run.halo.app.security.authentication.AuthenticationImpl;
import run.halo.app.security.context.SecurityContextHolder; import run.halo.app.security.context.SecurityContextHolder;
import run.halo.app.security.context.SecurityContextImpl; import run.halo.app.security.context.SecurityContextImpl;
import run.halo.app.security.support.UserDetail; import run.halo.app.security.support.UserDetail;
import run.halo.app.security.util.SecurityUtils; import run.halo.app.security.util.SecurityUtils;
import run.halo.app.service.OptionService;
import run.halo.app.service.UserService; import run.halo.app.service.UserService;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
@ -22,7 +25,6 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.util.List;
import java.util.Optional; import java.util.Optional;
/** /**
@ -64,25 +66,35 @@ public class AdminAuthenticationFilter extends AbstractAuthenticationFilter {
private final UserService userService; private final UserService userService;
private final OptionService optionService;
public AdminAuthenticationFilter(StringCacheStore cacheStore, public AdminAuthenticationFilter(StringCacheStore cacheStore,
UserService userService, UserService userService,
HaloProperties haloProperties) { HaloProperties haloProperties,
OptionService optionService) {
super(haloProperties); super(haloProperties);
this.cacheStore = cacheStore; this.cacheStore = cacheStore;
this.userService = userService; this.userService = userService;
this.haloProperties = haloProperties; this.haloProperties = haloProperties;
this.optionService = optionService;
} }
@Override @Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if (!haloProperties.isProductionEnv()) { // Check whether the blog is installed or not
List<User> users = userService.listAll(); Boolean isInstalled = optionService.getByPropertyOrDefault(PrimaryProperties.IS_INSTALLED, Boolean.class, false);
if (!users.isEmpty()) {
// Set security context if (!isInstalled) {
User user = users.get(0); // If not installed
SecurityContextHolder.setContext(new SecurityContextImpl(new AuthenticationImpl(new UserDetail(user)))); getFailureHandler().onFailure(request, response, new NotInstallException("The blog has not been initialized yet!"));
return;
} }
if (!haloProperties.isAuthEnabled()) {
userService.getCurrentUser().ifPresent(user ->
SecurityContextHolder.setContext(new SecurityContextImpl(new AuthenticationImpl(new UserDetail(user)))));
// If authentication disabled // If authentication disabled
filterChain.doFilter(request, response); filterChain.doFilter(request, response);
return; return;
@ -141,6 +153,10 @@ public class AdminAuthenticationFilter extends AbstractAuthenticationFilter {
// Get from param // Get from param
if (StringUtils.isBlank(token)) { if (StringUtils.isBlank(token)) {
token = request.getParameter(ADMIN_TOKEN_PARAM_NAME); token = request.getParameter(ADMIN_TOKEN_PARAM_NAME);
log.debug("Got token from parameter: [{}: {}]", ADMIN_TOKEN_PARAM_NAME, token);
} else {
log.debug("Got token from header: [{}: {}]", ADMIN_TOKEN_HEADER_NAME, token);
} }
return token; return token;

2
src/main/java/run/halo/app/service/impl/AdminServiceImpl.java
View File

@ -78,7 +78,7 @@ public class AdminServiceImpl implements AdminService {
if (SecurityContextHolder.getContext().isAuthenticated()) { if (SecurityContextHolder.getContext().isAuthenticated()) {
// If the user has been logged in // If the user has been logged in
throw new BadRequestException("您已经登录,无需重复登录"); throw new BadRequestException("You have been logged in, do not log in repeatedly please");
} }
String username = loginParam.getUsername(); String username = loginParam.getUsername();