Fix content api authentication in swagger

2019-07-02 16:20:36 +08:00 · 2019-07-02 16:20:36 +08:00 · e171344cd1
parent 74349a11e2
commit e171344cd1
1 changed files with 8 additions and 2 deletions
--- a/src/main/java/run/halo/app/config/SwaggerConfiguration.java
+++ b/src/main/java/run/halo/app/config/SwaggerConfiguration.java
@ -147,18 +147,24 @@ public class SwaggerConfiguration {
    private List<SecurityContext> contentSecurityContext() {
        return Collections.singletonList(
                SecurityContext.builder()
-                        .securityReferences(defaultAuth())
+                        .securityReferences(contentApiAuth())
                        .forPaths(PathSelectors.regex("/api/content/.*"))
                        .build()
        );
    }

    private List<SecurityReference> defaultAuth() {
-        AuthorizationScope[] authorizationScopes = {new AuthorizationScope("global", "accessEverything")};
+        AuthorizationScope[] authorizationScopes = {new AuthorizationScope("Admin api", "Access admin api")};
        return Arrays.asList(new SecurityReference("Token from header", authorizationScopes),
                new SecurityReference("Token from query", authorizationScopes));
    }

+    private List<SecurityReference> contentApiAuth() {
+        AuthorizationScope[] authorizationScopes = {new AuthorizationScope("content api", "Access content api")};
+        return Arrays.asList(new SecurityReference("Access key from header", authorizationScopes),
+                new SecurityReference("Access key from query", authorizationScopes));
+    }
+
    private ApiInfo apiInfo() {
        return new ApiInfoBuilder()
                .title("Halo API Documentation")