From e171344cd1d7715f1628ee82e7aa53e03ba4f920 Mon Sep 17 00:00:00 2001
From: johnniang <johnniang@riseup.net>
Date: Tue, 2 Jul 2019 16:20:36 +0800
Subject: [PATCH] Fix content api authentication in swagger

---
 .../java/run/halo/app/config/SwaggerConfiguration.java | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/main/java/run/halo/app/config/SwaggerConfiguration.java b/src/main/java/run/halo/app/config/SwaggerConfiguration.java
index 03cdb9521..0e3091257 100644
--- a/src/main/java/run/halo/app/config/SwaggerConfiguration.java
+++ b/src/main/java/run/halo/app/config/SwaggerConfiguration.java
@@ -147,18 +147,24 @@ public class SwaggerConfiguration {
     private List<SecurityContext> contentSecurityContext() {
         return Collections.singletonList(
                 SecurityContext.builder()
-                        .securityReferences(defaultAuth())
+                        .securityReferences(contentApiAuth())
                         .forPaths(PathSelectors.regex("/api/content/.*"))
                         .build()
         );
     }
 
     private List<SecurityReference> defaultAuth() {
-        AuthorizationScope[] authorizationScopes = {new AuthorizationScope("global", "accessEverything")};
+        AuthorizationScope[] authorizationScopes = {new AuthorizationScope("Admin api", "Access admin api")};
         return Arrays.asList(new SecurityReference("Token from header", authorizationScopes),
                 new SecurityReference("Token from query", authorizationScopes));
     }
 
+    private List<SecurityReference> contentApiAuth() {
+        AuthorizationScope[] authorizationScopes = {new AuthorizationScope("content api", "Access content api")};
+        return Arrays.asList(new SecurityReference("Access key from header", authorizationScopes),
+                new SecurityReference("Access key from query", authorizationScopes));
+    }
+
     private ApiInfo apiInfo() {
         return new ApiInfoBuilder()
                 .title("Halo API Documentation")