mirror of https://github.com/halo-dev/halo
🎨 APi新增Token验证
ruibaby
parent
b821737718
commit
e17e9f15c4
|
|
@ -143,7 +143,12 @@ public enum BlogPropertiesEnum {
|
|||
/**
|
||||
* 自动备份
|
||||
*/
|
||||
AUTO_BACKUP("auto_backup");
|
||||
AUTO_BACKUP("auto_backup"),
|
||||
|
||||
/**
|
||||
* API Token
|
||||
*/
|
||||
API_TOKEN("api_token");
|
||||
|
||||
private String prop;
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import cc.ryanc.halo.model.dto.HaloConst;
|
|||
import cc.ryanc.halo.model.dto.JsonResult;
|
||||
import cc.ryanc.halo.model.dto.LogsRecord;
|
||||
import cc.ryanc.halo.model.enums.CommonParamsEnum;
|
||||
import cc.ryanc.halo.model.enums.ResponseStatusEnum;
|
||||
import cc.ryanc.halo.model.enums.ResultCodeEnum;
|
||||
import cc.ryanc.halo.model.enums.TrueFalseEnum;
|
||||
import cc.ryanc.halo.service.*;
|
||||
|
|
@ -35,6 +36,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import javax.servlet.http.HttpSession;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.Random;
|
||||
|
||||
/**
|
||||
* <pre>
|
||||
|
|
@ -239,4 +241,16 @@ public class AdminController extends BaseController {
|
|||
public String halo() {
|
||||
return "admin/admin_halo";
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取一个Token
|
||||
*
|
||||
* @return JsonResult
|
||||
*/
|
||||
@GetMapping(value = "/getToken")
|
||||
@ResponseBody
|
||||
public JsonResult getToken() {
|
||||
String token = (System.currentTimeMillis() + new Random().nextInt(999999999)) + "";
|
||||
return new JsonResult(ResponseStatusEnum.SUCCESS.getCode(), ResponseStatusEnum.SUCCESS.getMsg(), SecureUtil.md5(token));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,12 +4,15 @@ import cc.ryanc.halo.model.dto.HaloConst;
|
|||
import cc.ryanc.halo.model.enums.BlogPropertiesEnum;
|
||||
import cc.ryanc.halo.model.enums.TrueFalseEnum;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.servlet.HandlerInterceptor;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* <pre>
|
||||
|
|
@ -25,7 +28,18 @@ public class ApiInterceptor implements HandlerInterceptor {
|
|||
@Override
|
||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
||||
if (StrUtil.equals(TrueFalseEnum.TRUE.getDesc(), HaloConst.OPTIONS.get(BlogPropertiesEnum.API_STATUS.getProp()))) {
|
||||
return true;
|
||||
if (StrUtil.equals(request.getHeader("token"), HaloConst.OPTIONS.get(BlogPropertiesEnum.API_TOKEN.getProp()))) {
|
||||
return true;
|
||||
} else {
|
||||
response.setCharacterEncoding("UTF-8");
|
||||
response.setContentType("application/json;charset=utf-8");
|
||||
Map<String, Object> map = new HashMap<>(2);
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
map.put("code", 400);
|
||||
map.put("msg", "Invalid Token");
|
||||
response.getWriter().write(mapper.writeValueAsString(map));
|
||||
return false;
|
||||
}
|
||||
}
|
||||
response.sendRedirect("/404");
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -246,6 +246,7 @@ admin.setting.form.email-from-name = 发件姓名:
|
|||
admin.setting.form.api-status = API 服务:
|
||||
admin.setting.form.statistics-code = 统计代码:
|
||||
admin.setting.form.statistics-code-tips = 可以使用cnzz,百度,google等
|
||||
admin.setting.form.btn-update-token = 刷新
|
||||
|
||||
# 页面管理页面
|
||||
admin.pages.title = 页面管理
|
||||
|
|
|
|||
|
|
@ -246,6 +246,7 @@ admin.setting.form.email-from-name = Shipping name:
|
|||
admin.setting.form.api-status = API server:
|
||||
admin.setting.form.statistics-code = Statistics code:
|
||||
admin.setting.form.statistics-code-tips = Can use cnzz, Baidu, google, etc.
|
||||
admin.setting.form.btn-update-token = Update
|
||||
|
||||
# pages page
|
||||
admin.pages.title = Pages manage
|
||||
|
|
|
|||
|
|
@ -246,6 +246,7 @@ admin.setting.form.email-from-name = 发件姓名:
|
|||
admin.setting.form.api-status = API 服务:
|
||||
admin.setting.form.statistics-code = 统计代码:
|
||||
admin.setting.form.statistics-code-tips = 可以使用cnzz,百度,google等
|
||||
admin.setting.form.btn-update-token = 刷新
|
||||
|
||||
# 页面管理页面
|
||||
admin.pages.title = 页面管理
|
||||
|
|
|
|||
|
|
@ -630,6 +630,17 @@
|
|||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="apiToken" class="col-lg-2 col-sm-4 control-label">Api Token</label>
|
||||
<div class="col-lg-4 col-sm-8">
|
||||
<div class="input-group">
|
||||
<input type="text" class="form-control" id="apiToken" name="api_token" value="${options.api_token?if_exists}">
|
||||
<span class="input-group-btn">
|
||||
<button class="btn btn-default " id="btnUpdateToken" onclick="updateToken()" type="button"><@spring.message code='admin.setting.form.btn-update-token' /></button>
|
||||
</span>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="statisticsCode" class="col-lg-2 col-sm-4 control-label"><@spring.message code='admin.setting.form.statistics-code' />
|
||||
<span data-toggle="tooltip" data-placement="top" title="<@spring.message code='admin.setting.form.statistics-code-tips' />" style="cursor: pointer">
|
||||
|
|
@ -698,6 +709,19 @@
|
|||
});
|
||||
}
|
||||
|
||||
function updateToken() {
|
||||
$.ajax({
|
||||
type: 'GET',
|
||||
url: '/admin/getToken',
|
||||
data: {},
|
||||
success: function (data) {
|
||||
if(data.code==1){
|
||||
$("#apiToken").val(data.result);
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* 附件选项切换
|
||||
*/
|
||||
|
|
|
|||
Loading…
Reference in New Issue