github
/
halo
mirror of https://github.com/halo-dev/halo
1
0
Fork 0
Code Issues Releases Wiki Activity

Check installation before requesting api

pull/146/head
johnniang 2019-04-29 14:18:24 +08:00
parent 1a7f621502
commit df30cde1ee
5 changed files with 50 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/run/halo/app/config/HaloConfiguration.java
View File

@ -21,6 +21,7 @@ import run.halo.app.security.filter.AdminAuthenticationFilter;
import run.halo.app.security.filter.ApiAuthenticationFilter;
import run.halo.app.security.handler.AdminAuthenticationFailureHandler;
import run.halo.app.security.handler.DefaultAuthenticationFailureHandler;
import run.halo.app.service.OptionService;
import run.halo.app.service.UserService;
import run.halo.app.utils.HttpClientUtils;
@ -113,8 +114,9 @@ public class HaloConfiguration {
public FilterRegistrationBean<AdminAuthenticationFilter> adminAuthenticationFilter(StringCacheStore cacheStore,
UserService userService,
HaloProperties haloProperties,
ObjectMapper objectMapper) {
AdminAuthenticationFilter adminAuthenticationFilter = new AdminAuthenticationFilter(cacheStore, userService, haloProperties);
ObjectMapper objectMapper,
OptionService optionService) {
AdminAuthenticationFilter adminAuthenticationFilter = new AdminAuthenticationFilter(cacheStore, userService, haloProperties, optionService);
AdminAuthenticationFailureHandler failureHandler = new AdminAuthenticationFailureHandler();
failureHandler.setProductionEnv(haloProperties.isProductionEnv());

3
src/main/java/run/halo/app/controller/admin/api/AdminController.java
View File

@ -39,8 +39,9 @@ public class AdminController {
return adminService.getCount();
}
@PostMapping("auth/login")
@PostMapping("login")
@ApiOperation("Login")
@CacheLock
public AuthToken auth(@RequestBody @Valid LoginParam loginParam) {
return adminService.authenticate(loginParam);
}

18
src/main/java/run/halo/app/exception/NotInstallException.java Normal file
View File

@ -0,0 +1,18 @@
package run.halo.app.exception;
/**
* Not install exception.
*
* @author johnniang
* @date 19-4-29
*/
public class NotInstallException extends BadRequestException {
public NotInstallException(String message) {
super(message);
}
public NotInstallException(String message, Throwable cause) {
super(message, cause);
}
}

34
src/main/java/run/halo/app/security/filter/AdminAuthenticationFilter.java
View File

@ -9,12 +9,15 @@ import org.springframework.util.Assert;
import run.halo.app.cache.StringCacheStore;
import run.halo.app.config.properties.HaloProperties;
import run.halo.app.exception.AuthenticationException;
import run.halo.app.exception.NotInstallException;
import run.halo.app.model.entity.User;
import run.halo.app.model.properties.PrimaryProperties;
import run.halo.app.security.authentication.AuthenticationImpl;
import run.halo.app.security.context.SecurityContextHolder;
import run.halo.app.security.context.SecurityContextImpl;
import run.halo.app.security.support.UserDetail;
import run.halo.app.security.util.SecurityUtils;
import run.halo.app.service.OptionService;
import run.halo.app.service.UserService;
import javax.servlet.FilterChain;
@ -22,7 +25,6 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;
import java.util.Optional;
/**
@ -64,25 +66,35 @@ public class AdminAuthenticationFilter extends AbstractAuthenticationFilter {
private final UserService userService;
private final OptionService optionService;
public AdminAuthenticationFilter(StringCacheStore cacheStore,
UserService userService,
HaloProperties haloProperties) {
HaloProperties haloProperties,
OptionService optionService) {
super(haloProperties);
this.cacheStore = cacheStore;
this.userService = userService;
this.haloProperties = haloProperties;
this.optionService = optionService;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if (!haloProperties.isProductionEnv()) {
List<User> users = userService.listAll();
if (!users.isEmpty()) {
// Set security context
User user = users.get(0);
SecurityContextHolder.setContext(new SecurityContextImpl(new AuthenticationImpl(new UserDetail(user))));
}
// Check whether the blog is installed or not
Boolean isInstalled = optionService.getByPropertyOrDefault(PrimaryProperties.IS_INSTALLED, Boolean.class, false);
if (!isInstalled) {
// If not installed
getFailureHandler().onFailure(request, response, new NotInstallException("The blog has not been initialized yet!"));
return;
}
if (!haloProperties.isAuthEnabled()) {
userService.getCurrentUser().ifPresent(user ->
SecurityContextHolder.setContext(new SecurityContextImpl(new AuthenticationImpl(new UserDetail(user)))));
// If authentication disabled
filterChain.doFilter(request, response);
return;
@ -141,6 +153,10 @@ public class AdminAuthenticationFilter extends AbstractAuthenticationFilter {
// Get from param
if (StringUtils.isBlank(token)) {
token = request.getParameter(ADMIN_TOKEN_PARAM_NAME);
log.debug("Got token from parameter: [{}: {}]", ADMIN_TOKEN_PARAM_NAME, token);
} else {
log.debug("Got token from header: [{}: {}]", ADMIN_TOKEN_HEADER_NAME, token);
}
return token;

2
src/main/java/run/halo/app/service/impl/AdminServiceImpl.java
View File

@ -78,7 +78,7 @@ public class AdminServiceImpl implements AdminService {
if (SecurityContextHolder.getContext().isAuthenticated()) {
// If the user has been logged in
throw new BadRequestException("您已经登录,无需重复登录");
throw new BadRequestException("You have been logged in, do not log in repeatedly please");
}
String username = loginParam.getUsername();