github
/
halo
mirror of https://github.com/halo-dev/halo
1
0
Fork 0
Code Issues Releases Wiki Activity

🎨 APi新增Token验证

pull/41/head
ruibaby 2018-10-21 19:54:27 +08:00
parent b821737718
commit e17e9f15c4
7 changed files with 62 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/cc/ryanc/halo/model/enums/BlogPropertiesEnum.java
View File

@ -143,7 +143,12 @@ public enum BlogPropertiesEnum {
/** /**
* *
*/ */
AUTO_BACKUP("auto_backup"); AUTO_BACKUP("auto_backup"),
/**
* API Token
*/
API_TOKEN("api_token");
private String prop; private String prop;

14
src/main/java/cc/ryanc/halo/web/controller/admin/AdminController.java
View File

@ -8,6 +8,7 @@ import cc.ryanc.halo.model.dto.HaloConst;
import cc.ryanc.halo.model.dto.JsonResult; import cc.ryanc.halo.model.dto.JsonResult;
import cc.ryanc.halo.model.dto.LogsRecord; import cc.ryanc.halo.model.dto.LogsRecord;
import cc.ryanc.halo.model.enums.CommonParamsEnum; import cc.ryanc.halo.model.enums.CommonParamsEnum;
import cc.ryanc.halo.model.enums.ResponseStatusEnum;
import cc.ryanc.halo.model.enums.ResultCodeEnum; import cc.ryanc.halo.model.enums.ResultCodeEnum;
import cc.ryanc.halo.model.enums.TrueFalseEnum; import cc.ryanc.halo.model.enums.TrueFalseEnum;
import cc.ryanc.halo.service.*; import cc.ryanc.halo.service.*;
@ -35,6 +36,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import java.util.Date; import java.util.Date;
import java.util.List; import java.util.List;
import java.util.Random;
/** /**
* <pre> * <pre>
@ -239,4 +241,16 @@ public class AdminController extends BaseController {
public String halo() { public String halo() {
return "admin/admin_halo"; return "admin/admin_halo";
} }
/**
* Token
*
* @return JsonResult
*/
@GetMapping(value = "/getToken")
@ResponseBody
public JsonResult getToken() {
String token = (System.currentTimeMillis() + new Random().nextInt(999999999)) + "";
return new JsonResult(ResponseStatusEnum.SUCCESS.getCode(), ResponseStatusEnum.SUCCESS.getMsg(), SecureUtil.md5(token));
}
} }

16
src/main/java/cc/ryanc/halo/web/interceptor/ApiInterceptor.java
View File

@ -4,12 +4,15 @@ import cc.ryanc.halo.model.dto.HaloConst;
import cc.ryanc.halo.model.enums.BlogPropertiesEnum; import cc.ryanc.halo.model.enums.BlogPropertiesEnum;
import cc.ryanc.halo.model.enums.TrueFalseEnum; import cc.ryanc.halo.model.enums.TrueFalseEnum;
import cn.hutool.core.util.StrUtil; import cn.hutool.core.util.StrUtil;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.Map;
/** /**
* <pre> * <pre>
@ -25,7 +28,18 @@ public class ApiInterceptor implements HandlerInterceptor {
@Override @Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (StrUtil.equals(TrueFalseEnum.TRUE.getDesc(), HaloConst.OPTIONS.get(BlogPropertiesEnum.API_STATUS.getProp()))) { if (StrUtil.equals(TrueFalseEnum.TRUE.getDesc(), HaloConst.OPTIONS.get(BlogPropertiesEnum.API_STATUS.getProp()))) {
return true; if (StrUtil.equals(request.getHeader("token"), HaloConst.OPTIONS.get(BlogPropertiesEnum.API_TOKEN.getProp()))) {
return true;
} else {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json;charset=utf-8");
Map<String, Object> map = new HashMap<>(2);
ObjectMapper mapper = new ObjectMapper();
map.put("code", 400);
map.put("msg", "Invalid Token");
response.getWriter().write(mapper.writeValueAsString(map));
return false;
}
} }
response.sendRedirect("/404"); response.sendRedirect("/404");
return false; return false;

1
src/main/resources/i18n/messages.properties
View File

@ -246,6 +246,7 @@ admin.setting.form.email-from-name = 发件姓名:
admin.setting.form.api-status = API 服务: admin.setting.form.api-status = API 服务:
admin.setting.form.statistics-code = 统计代码: admin.setting.form.statistics-code = 统计代码:
admin.setting.form.statistics-code-tips = 可以使用cnzz百度google等 admin.setting.form.statistics-code-tips = 可以使用cnzz百度google等
admin.setting.form.btn-update-token = 刷新
# 页面管理页面 # 页面管理页面
admin.pages.title = 页面管理 admin.pages.title = 页面管理

1
src/main/resources/i18n/messages_en_US.properties
View File

@ -246,6 +246,7 @@ admin.setting.form.email-from-name = Shipping name:
admin.setting.form.api-status = API server admin.setting.form.api-status = API server
admin.setting.form.statistics-code = Statistics code admin.setting.form.statistics-code = Statistics code
admin.setting.form.statistics-code-tips = Can use cnzz, Baidu, google, etc. admin.setting.form.statistics-code-tips = Can use cnzz, Baidu, google, etc.
admin.setting.form.btn-update-token = Update
# pages page # pages page
admin.pages.title = Pages manage admin.pages.title = Pages manage

1
src/main/resources/i18n/messages_zh_CN.properties
View File

@ -246,6 +246,7 @@ admin.setting.form.email-from-name = 发件姓名:
admin.setting.form.api-status = API 服务: admin.setting.form.api-status = API 服务:
admin.setting.form.statistics-code = 统计代码: admin.setting.form.statistics-code = 统计代码:
admin.setting.form.statistics-code-tips = 可以使用cnzz百度google等 admin.setting.form.statistics-code-tips = 可以使用cnzz百度google等
admin.setting.form.btn-update-token = 刷新
# 页面管理页面 # 页面管理页面
admin.pages.title = 页面管理 admin.pages.title = 页面管理

24
src/main/resources/templates/admin/admin_option.ftl
View File

@ -630,6 +630,17 @@
</div> </div>
</div> </div>
</div> </div>
<div class="form-group">
<label for="apiToken" class="col-lg-2 col-sm-4 control-label">Api Token</label>
<div class="col-lg-4 col-sm-8">
<div class="input-group">
<input type="text" class="form-control" id="apiToken" name="api_token" value="${options.api_token?if_exists}">
<span class="input-group-btn">
<button class="btn btn-default " id="btnUpdateToken" onclick="updateToken()" type="button"><@spring.message code='admin.setting.form.btn-update-token' /></button>
</span>
</div>
</div>
</div>
<div class="form-group"> <div class="form-group">
<label for="statisticsCode" class="col-lg-2 col-sm-4 control-label"><@spring.message code='admin.setting.form.statistics-code' /> <label for="statisticsCode" class="col-lg-2 col-sm-4 control-label"><@spring.message code='admin.setting.form.statistics-code' />
<span data-toggle="tooltip" data-placement="top" title="<@spring.message code='admin.setting.form.statistics-code-tips' />" style="cursor: pointer"> <span data-toggle="tooltip" data-placement="top" title="<@spring.message code='admin.setting.form.statistics-code-tips' />" style="cursor: pointer">
@ -698,6 +709,19 @@
}); });
} }
function updateToken() {
$.ajax({
type: 'GET',
url: '/admin/getToken',
data: {},
success: function (data) {
if(data.code==1){
$("#apiToken").val(data.result);
}
}
});
}
/** /**
* 附件选项切换 * 附件选项切换
*/ */