From 46c869ca8ad299df737a0ead05db74eedfe8612b Mon Sep 17 00:00:00 2001 From: Chopper711 Date: Thu, 16 Feb 2023 12:01:06 +0800 Subject: [PATCH 1/2] =?UTF-8?q?fix=EF=BC=9Ajwt=E4=B8=AD=E9=95=BF=E6=9C=9F?= =?UTF-8?q?=E6=9C=89=E6=95=88=E6=A0=87=E8=AF=86=E5=AD=97=E6=AE=B5=E8=B5=8B?= =?UTF-8?q?=E5=80=BC=E9=94=99=E8=AF=AFbug=E4=BF=AE=E5=A4=8D=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../main/java/cn/lili/common/security/token/TokenUtil.java | 6 ++++-- .../java/cn/lili/controller/security/AnnotationExample.java | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 im-api/src/main/java/cn/lili/controller/security/AnnotationExample.java diff --git a/framework/src/main/java/cn/lili/common/security/token/TokenUtil.java b/framework/src/main/java/cn/lili/common/security/token/TokenUtil.java index 0f92dc6e..e1397a24 100644 --- a/framework/src/main/java/cn/lili/common/security/token/TokenUtil.java +++ b/framework/src/main/java/cn/lili/common/security/token/TokenUtil.java @@ -4,10 +4,10 @@ import cn.lili.cache.Cache; import cn.lili.cache.CachePrefix; import cn.lili.common.enums.ResultCode; import cn.lili.common.exception.ServiceException; +import cn.lili.common.properties.JWTTokenProperties; import cn.lili.common.security.AuthUser; import cn.lili.common.security.enums.SecurityEnum; import cn.lili.common.security.enums.UserEnums; -import cn.lili.common.properties.JWTTokenProperties; import com.google.gson.Gson; import io.jsonwebtoken.*; import io.jsonwebtoken.security.SignatureException; @@ -72,7 +72,8 @@ public class TokenUtil { claims = Jwts.parser() .setSigningKey(SecretKeyUtil.generalKeyByDecoders()) .parseClaimsJws(oldRefreshToken).getBody(); - } catch (ExpiredJwtException | UnsupportedJwtException | MalformedJwtException | SignatureException | IllegalArgumentException e) { + } catch (ExpiredJwtException | UnsupportedJwtException | MalformedJwtException | SignatureException | + IllegalArgumentException e) { //token 过期 认证失败等 throw new ServiceException(ResultCode.USER_AUTH_EXPIRED); } @@ -98,6 +99,7 @@ public class TokenUtil { Long expirationTime = tokenProperties.getTokenExpireTime() * 2; if (longTerm) { expirationTime = 60 * 24 * 15L; + authUser.setLongTerm(true); } //刷新token生成策略:如果是长时间有效的token(用于app),则默认15天有效期刷新token。如果是普通用户登录,则刷新token为普通token2倍数 diff --git a/im-api/src/main/java/cn/lili/controller/security/AnnotationExample.java b/im-api/src/main/java/cn/lili/controller/security/AnnotationExample.java new file mode 100644 index 00000000..a9a01f7d --- /dev/null +++ b/im-api/src/main/java/cn/lili/controller/security/AnnotationExample.java @@ -0,0 +1,2 @@ +package cn.lili.controller.security;public class Cop { +} From 49003f4d9a621ec2ad392ea2c10c532e80411109 Mon Sep 17 00:00:00 2001 From: Chopper711 Date: Thu, 16 Feb 2023 16:25:39 +0800 Subject: [PATCH 2/2] =?UTF-8?q?refactor=EF=BC=9A=E5=BD=93token=E8=BF=87?= =?UTF-8?q?=E6=9C=9F=EF=BC=8C=E9=87=8D=E6=96=B0=E7=94=9F=E6=88=90token?= =?UTF-8?q?=E6=97=B6=EF=BC=8Cauthuser=E5=AF=B9=E8=B1=A1=E4=B8=AD=E7=9A=84?= =?UTF-8?q?=E5=AD=97=E6=AE=B5=E4=B8=8E=E6=96=B9=E6=B3=95=E5=8F=82=E6=95=B0?= =?UTF-8?q?=E9=87=8D=E5=A4=8D=EF=BC=8C=E8=BF=9B=E8=A1=8C=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cn/lili/common/security/AuthUser.java | 19 ++-------- .../lili/common/security/token/TokenUtil.java | 35 ++++++++----------- .../modules/im/token/SeatTokenGenerate.java | 21 ++++++----- .../member/token/MemberTokenGenerate.java | 13 +++++-- .../member/token/StoreTokenGenerate.java | 33 ++++++++++------- .../system/token/ManagerTokenGenerate.java | 14 ++++++-- 6 files changed, 70 insertions(+), 65 deletions(-) diff --git a/framework/src/main/java/cn/lili/common/security/AuthUser.java b/framework/src/main/java/cn/lili/common/security/AuthUser.java index 819ae6e6..cc384d19 100644 --- a/framework/src/main/java/cn/lili/common/security/AuthUser.java +++ b/framework/src/main/java/cn/lili/common/security/AuthUser.java @@ -2,6 +2,7 @@ package cn.lili.common.security; import cn.lili.common.security.enums.UserEnums; import lombok.AllArgsConstructor; +import lombok.Builder; import lombok.Data; import lombok.NoArgsConstructor; @@ -13,6 +14,7 @@ import java.io.Serializable; @Data @NoArgsConstructor @AllArgsConstructor +@Builder public class AuthUser implements Serializable { private static final long serialVersionUID = 582441893336003319L; @@ -84,22 +86,5 @@ public class AuthUser implements Serializable { this.nickName = nickName; } - public AuthUser(String username, String id, String face, UserEnums manager, String nickName, Boolean isSuper) { - this.username = username; - this.id = id; - this.face = face; - this.role = manager; - this.isSuper = isSuper; - this.nickName = nickName; - } - public AuthUser(String username, String id, UserEnums manager, String nickName, Boolean isSuper, String clerkId, String face) { - this.username = username; - this.id = id; - this.role = manager; - this.isSuper = isSuper; - this.nickName = nickName; - this.clerkId = clerkId; - this.face = face; - } } diff --git a/framework/src/main/java/cn/lili/common/security/token/TokenUtil.java b/framework/src/main/java/cn/lili/common/security/token/TokenUtil.java index e1397a24..dc62def6 100644 --- a/framework/src/main/java/cn/lili/common/security/token/TokenUtil.java +++ b/framework/src/main/java/cn/lili/common/security/token/TokenUtil.java @@ -34,24 +34,21 @@ public class TokenUtil { /** * 构建token * - * @param username 主体 - * @param claim 私有声明 - * @param longTerm 长时间特殊token 如:移动端,微信小程序等 - * @param userEnums 用户枚举 + * @param authUser 私有声明 * @return TOKEN */ - public Token createToken(String username, Object claim, boolean longTerm, UserEnums userEnums) { + public Token createToken(AuthUser authUser) { Token token = new Token(); //访问token - String accessToken = createToken(username, claim, tokenProperties.getTokenExpireTime()); + String accessToken = createToken(authUser, tokenProperties.getTokenExpireTime()); - cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + accessToken, 1, + cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(authUser.getRole()) + accessToken, 1, tokenProperties.getTokenExpireTime(), TimeUnit.MINUTES); //刷新token生成策略:如果是长时间有效的token(用于app),则默认15天有效期刷新token。如果是普通用户登录,则刷新token为普通token2倍数 - Long expireTime = longTerm ? 15 * 24 * 60L : tokenProperties.getTokenExpireTime() * 2; - String refreshToken = createToken(username, claim, expireTime); + Long expireTime = authUser.getLongTerm() ? 15 * 24 * 60L : tokenProperties.getTokenExpireTime() * 2; + String refreshToken = createToken(authUser, expireTime); - cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + refreshToken, 1, expireTime, TimeUnit.MINUTES); + cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(authUser.getRole()) + refreshToken, 1, expireTime, TimeUnit.MINUTES); token.setAccessToken(accessToken); token.setRefreshToken(refreshToken); @@ -62,10 +59,9 @@ public class TokenUtil { * 刷新token * * @param oldRefreshToken 刷新token - * @param userEnums 用户枚举 * @return token */ - public Token refreshToken(String oldRefreshToken, UserEnums userEnums) { + public Token refreshToken(String oldRefreshToken) { Claims claims; try { @@ -81,7 +77,7 @@ public class TokenUtil { //获取存储在claims中的用户信息 String json = claims.get(SecurityEnum.USER_CONTEXT.getValue()).toString(); AuthUser authUser = new Gson().fromJson(json, AuthUser.class); - + UserEnums userEnums = authUser.getRole(); String username = authUser.getUsername(); //获取是否长期有效的token @@ -92,7 +88,7 @@ public class TokenUtil { if (cache.hasKey(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + oldRefreshToken)) { Token token = new Token(); //访问token - String accessToken = createToken(username, authUser, tokenProperties.getTokenExpireTime()); + String accessToken = createToken(authUser, tokenProperties.getTokenExpireTime()); cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + accessToken, 1, tokenProperties.getTokenExpireTime(), TimeUnit.MINUTES); //如果是信任登录设备,则刷新token长度继续延长 @@ -103,7 +99,7 @@ public class TokenUtil { } //刷新token生成策略:如果是长时间有效的token(用于app),则默认15天有效期刷新token。如果是普通用户登录,则刷新token为普通token2倍数 - String refreshToken = createToken(username, authUser, expirationTime); + String refreshToken = createToken(authUser, expirationTime); cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + refreshToken, 1, expirationTime, TimeUnit.MINUTES); token.setAccessToken(accessToken); @@ -119,18 +115,17 @@ public class TokenUtil { /** * 生成token * - * @param username 主体 - * @param claim 私有神明内容 + * @param authUser jwt主体对象 * @param expirationTime 过期时间(分钟) * @return token字符串 */ - private String createToken(String username, Object claim, Long expirationTime) { + private String createToken(AuthUser authUser, Long expirationTime) { //JWT 生成 return Jwts.builder() //jwt 私有声明 - .claim(SecurityEnum.USER_CONTEXT.getValue(), new Gson().toJson(claim)) + .claim(SecurityEnum.USER_CONTEXT.getValue(), new Gson().toJson(authUser)) //JWT的主体 - .setSubject(username) + .setSubject(authUser.getUsername()) //失效时间 当前时间+过期分钟 .setExpiration(new Date(System.currentTimeMillis() + expirationTime * 60 * 1000)) //签名算法和密钥 diff --git a/framework/src/main/java/cn/lili/modules/im/token/SeatTokenGenerate.java b/framework/src/main/java/cn/lili/modules/im/token/SeatTokenGenerate.java index 482bcded..caa0a153 100644 --- a/framework/src/main/java/cn/lili/modules/im/token/SeatTokenGenerate.java +++ b/framework/src/main/java/cn/lili/modules/im/token/SeatTokenGenerate.java @@ -23,20 +23,23 @@ public class SeatTokenGenerate extends AbstractTokenGenerate { @Override public Token createToken(Seat seat, Boolean longTerm) { - AuthUser authUser = new AuthUser( - seat.getUsername(), - seat.getId(), - seat.getNickName(), - seat.getFace(), - UserEnums.SEAT); - authUser.setTenantId(seat.getTenantId()); + AuthUser authUser = AuthUser.builder() + .username(seat.getUsername()) + .id(seat.getId()) + .nickName(seat.getNickName()) + .face(seat.getFace()) + .role(UserEnums.SEAT) + .longTerm(longTerm) + .tenantId(seat.getTenantId()) + .build(); + //登陆成功生成token - return tokenUtil.createToken(seat.getUsername(), authUser, longTerm, UserEnums.SEAT); + return tokenUtil.createToken(authUser); } @Override public Token refreshToken(String refreshToken) { - return tokenUtil.refreshToken(refreshToken, UserEnums.SEAT); + return tokenUtil.refreshToken(refreshToken); } } diff --git a/framework/src/main/java/cn/lili/modules/member/token/MemberTokenGenerate.java b/framework/src/main/java/cn/lili/modules/member/token/MemberTokenGenerate.java index 7b70b5fb..ad5e0089 100644 --- a/framework/src/main/java/cn/lili/modules/member/token/MemberTokenGenerate.java +++ b/framework/src/main/java/cn/lili/modules/member/token/MemberTokenGenerate.java @@ -57,14 +57,21 @@ public class MemberTokenGenerate extends AbstractTokenGenerate { String destination = rocketmqCustomProperties.getMemberTopic() + ":" + MemberTagsEnum.MEMBER_LOGIN.name(); rocketMQTemplate.asyncSend(destination, member, RocketmqSendCallbackBuilder.commonCallback()); - AuthUser authUser = new AuthUser(member.getUsername(), member.getId(), member.getNickName(), member.getFace(), UserEnums.MEMBER); + AuthUser authUser = AuthUser.builder() + .username(member.getUsername()) + .face(member.getFace()) + .id(member.getId()) + .role(UserEnums.MEMBER) + .nickName(member.getNickName()) + .longTerm(longTerm) + .build(); //登陆成功生成token - return tokenUtil.createToken(member.getUsername(), authUser, longTerm, UserEnums.MEMBER); + return tokenUtil.createToken(authUser); } @Override public Token refreshToken(String refreshToken) { - return tokenUtil.refreshToken(refreshToken, UserEnums.MEMBER); + return tokenUtil.refreshToken(refreshToken); } } diff --git a/framework/src/main/java/cn/lili/modules/member/token/StoreTokenGenerate.java b/framework/src/main/java/cn/lili/modules/member/token/StoreTokenGenerate.java index 091537e2..9d4b08fc 100644 --- a/framework/src/main/java/cn/lili/modules/member/token/StoreTokenGenerate.java +++ b/framework/src/main/java/cn/lili/modules/member/token/StoreTokenGenerate.java @@ -11,16 +11,16 @@ import cn.lili.common.security.enums.UserEnums; import cn.lili.common.security.token.Token; import cn.lili.common.security.token.TokenUtil; import cn.lili.common.security.token.base.AbstractTokenGenerate; +import cn.lili.modules.member.entity.dos.Clerk; import cn.lili.modules.member.entity.dos.Member; +import cn.lili.modules.member.entity.vo.StoreUserMenuVO; +import cn.lili.modules.member.service.ClerkService; +import cn.lili.modules.member.service.StoreMenuRoleService; import cn.lili.modules.store.entity.dos.Store; import cn.lili.modules.store.service.StoreService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import cn.lili.modules.member.entity.dos.Clerk; -import cn.lili.modules.member.entity.vo.StoreUserMenuVO; -import cn.lili.modules.member.service.ClerkService; -import cn.lili.modules.member.service.StoreMenuRoleService; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -61,7 +61,7 @@ public class StoreTokenGenerate extends AbstractTokenGenerate { throw new ServiceException(ResultCode.CLERK_DISABLED_ERROR); } //获取当前用户权限 - List storeUserMenuVOS = storeMenuRoleService.findAllMenu(clerk.getId(),member.getId()); + List storeUserMenuVOS = storeMenuRoleService.findAllMenu(clerk.getId(), member.getId()); //缓存权限列表 cache.put(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + member.getId(), this.permissionList(storeUserMenuVOS)); //查询店铺信息 @@ -69,16 +69,25 @@ public class StoreTokenGenerate extends AbstractTokenGenerate { if (store == null) { throw new ServiceException(ResultCode.STORE_NOT_OPEN); } - AuthUser authUser = new AuthUser(member.getUsername(), member.getId(), UserEnums.STORE, member.getNickName(), clerk.getIsSuper(), clerk.getId(),store.getStoreLogo()); - - authUser.setStoreId(store.getId()); - authUser.setStoreName(store.getStoreName()); - return tokenUtil.createToken(member.getUsername(), authUser, longTerm, UserEnums.STORE); + //构建对象 + AuthUser authUser = AuthUser.builder() + .username(member.getUsername()) + .id(member.getId()) + .role(UserEnums.STORE) + .nickName(member.getNickName()) + .isSuper(clerk.getIsSuper()) + .clerkId(clerk.getId()) + .face(store.getStoreLogo()) + .storeId(store.getId()) + .storeName(store.getStoreName()) + .longTerm(longTerm) + .build(); + return tokenUtil.createToken(authUser); } @Override public Token refreshToken(String refreshToken) { - return tokenUtil.refreshToken(refreshToken, UserEnums.STORE); + return tokenUtil.refreshToken(refreshToken); } /** @@ -145,7 +154,6 @@ public class StoreTokenGenerate extends AbstractTokenGenerate { superPermissions.add("/store/passport/login*"); - //店铺设置 queryPermissions.add("/store/settings/storeSettings*"); //文章接口 @@ -154,6 +162,5 @@ public class StoreTokenGenerate extends AbstractTokenGenerate { queryPermissions.add("/store/statistics/index*"); - } } diff --git a/framework/src/main/java/cn/lili/modules/system/token/ManagerTokenGenerate.java b/framework/src/main/java/cn/lili/modules/system/token/ManagerTokenGenerate.java index 484b38a5..310740e2 100644 --- a/framework/src/main/java/cn/lili/modules/system/token/ManagerTokenGenerate.java +++ b/framework/src/main/java/cn/lili/modules/system/token/ManagerTokenGenerate.java @@ -40,18 +40,26 @@ public class ManagerTokenGenerate extends AbstractTokenGenerate { @Override public Token createToken(AdminUser adminUser, Boolean longTerm) { - AuthUser authUser = new AuthUser(adminUser.getUsername(), adminUser.getId(), adminUser.getAvatar(), UserEnums.MANAGER, adminUser.getNickName(), adminUser.getIsSuper()); + AuthUser authUser = AuthUser.builder() + .username(adminUser.getUsername()) + .id(adminUser.getId()) + .face(adminUser.getAvatar()) + .role(UserEnums.MANAGER) + .nickName(adminUser.getNickName()) + .isSuper(adminUser.getIsSuper()) + .longTerm(longTerm) + .build(); List userMenuVOList = roleMenuService.findAllMenu(authUser.getId()); //缓存权限列表 cache.put(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId(), this.permissionList(userMenuVOList)); - return tokenUtil.createToken(adminUser.getUsername(), authUser, longTerm, UserEnums.MANAGER); + return tokenUtil.createToken(authUser); } @Override public Token refreshToken(String refreshToken) { - return tokenUtil.refreshToken(refreshToken, UserEnums.MANAGER); + return tokenUtil.refreshToken(refreshToken); } /**