双token处理

2025-02-07 14:30:16 +08:00
parent 1cc1a9ecf2
commit ccb11142d1
4 changed files with 70 additions and 24 deletions
--- a/system/src/main/java/com/njcn/gather/system/auth/controller/AuthController.java
+++ b/system/src/main/java/com/njcn/gather/system/auth/controller/AuthController.java
@@ -25,10 +25,7 @@ import io.swagger.annotations.ApiOperation;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.logging.log4j.util.Strings;
-import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.*;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import javax.servlet.http.HttpServletRequest;
 import java.util.HashMap;
@@ -74,14 +71,21 @@ public class AuthController extends BaseController {
        if (user == null) {
            return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.FAIL, null, UserValidMessage.LOGIN_FAILED);
        } else {
-            String tokenStr = JwtUtil.getAccessToken(user.getId());
+            String accessToken = JwtUtil.getAccessToken(user.getId());
            String refreshToken = JwtUtil.getRefreshToken(accessToken);
            Token token = new Token();
-            token.setAccessToken(tokenStr);
+            token.setAccessToken(accessToken);
            token.setRefreshToken(refreshToken);
            Map<String, Object> map = new HashMap<>();
            map.put("name", user.getName());
            token.setUserInfo(map);
            CustomCacheUtil customCacheUtil = SpringUtil.getBean(CustomCacheUtil.CACHE_NAME);
-            customCacheUtil.putWithExpireTime(tokenStr, JSON.toJSONString(user), DateUnit.DAY.getMillis());
+            customCacheUtil.putWithExpireTime(accessToken, JSON.toJSONString(user), DateUnit.DAY.getMillis() * 2);
            customCacheUtil.putWithExpireTime(refreshToken, JSON.toJSONString(user), (DateUnit.DAY.getMillis() * 4));
            return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, token, methodDescribe);
        }
    }
@@ -92,14 +96,48 @@ public class AuthController extends BaseController {
    public HttpResult<Object> logout(HttpServletRequest request) {
        String methodDescribe = getMethodDescribe("logout");
        LogUtil.njcnDebug(log, "{}，注销登录", methodDescribe);
-        String authorization = request.getHeader(SecurityConstants.AUTHORIZATION_KEY);
+        String accessTokenStr = request.getHeader(SecurityConstants.AUTHORIZATION_KEY);
-        if (StrUtil.isNotBlank(authorization)) {
+        String refreshToken = request.getHeader(SecurityConstants.REFRESH_TOKEN_KEY);
-            String tokenStr = authorization.replace(SecurityConstants.AUTHORIZATION_PREFIX, Strings.EMPTY);
+        if (StrUtil.isNotBlank(accessTokenStr) && StrUtil.isNotBlank(refreshToken)) {
            String accessToken = accessTokenStr.replace(SecurityConstants.AUTHORIZATION_PREFIX, Strings.EMPTY);
            CustomCacheUtil customCacheUtil = SpringUtil.getBean(CustomCacheUtil.CACHE_NAME);
-            customCacheUtil.remove(tokenStr);
+            customCacheUtil.remove(accessToken);
-            JwtUtil.invalidateToken(tokenStr);
+            customCacheUtil.remove(refreshToken);
            return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, null, methodDescribe);
        }
        return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.FAIL, null, methodDescribe);
    }
    @OperateInfo(info = LogEnum.SYSTEM_COMMON)
    @ApiOperation("刷新token")
    @GetMapping("/refreshToken")
    public HttpResult<Object> refreshToken(HttpServletRequest request) {
        String methodDescribe = getMethodDescribe("refreshToken");
        LogUtil.njcnDebug(log, "{}，刷新token", methodDescribe);
        String refreshToken = request.getHeader(SecurityConstants.REFRESH_TOKEN_KEY);
        Token token = new Token();
        if (StrUtil.isNotBlank(refreshToken)) {
            Map<String, Object> map = JwtUtil.parseToken(refreshToken);
            String userId = (String) map.get(SecurityConstants.USER_ID);
            SysUser user = sysUserService.getById(userId);
            String accessToken = JwtUtil.getAccessToken(userId);
            String refreshTokenNew = JwtUtil.getRefreshToken(accessToken);
            token.setAccessToken(accessToken);
            token.setRefreshToken(refreshTokenNew);
            CustomCacheUtil customCacheUtil = SpringUtil.getBean(CustomCacheUtil.CACHE_NAME);
            customCacheUtil.remove(refreshToken);
            customCacheUtil.putWithExpireTime(accessToken, JSON.toJSONString(user), DateUnit.DAY.getMillis() * 2);
            customCacheUtil.putWithExpireTime(refreshTokenNew, JSON.toJSONString(user), (DateUnit.DAY.getMillis() * 4));
            return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, token, methodDescribe);
        } else {
            return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.FAIL, null, methodDescribe);
        }
    }
 }
--- a/system/src/main/java/com/njcn/gather/system/auth/filter/AuthGlobalFilter.java
+++ b/system/src/main/java/com/njcn/gather/system/auth/filter/AuthGlobalFilter.java
@@ -22,7 +22,7 @@ import java.util.List;
@Slf4j
@Component
 public class AuthGlobalFilter implements Filter, Ordered {
-    private final static List<String> IGNORE_URI = Arrays.asList("/admin/login","/report/generateReport");
+    private final static List<String> IGNORE_URI = Arrays.asList("/admin/login", "/report/generateReport", "/admin/refreshToken");
    @Override
    public int getOrder() {
@@ -52,23 +52,27 @@ public class AuthGlobalFilter implements Filter, Ordered {
        if (IGNORE_URI.contains(requestURI)) {
            filterChain.doFilter(req, res);
        } else {
-            String tokenStr = req.getHeader(SecurityConstants.AUTHORIZATION_KEY);
+            String accessTokenStr = req.getHeader(SecurityConstants.AUTHORIZATION_KEY);
-            if (StrUtil.isBlank(tokenStr) || !tokenStr.startsWith(SecurityConstants.AUTHORIZATION_PREFIX)) {
+            String refreshToken = req.getHeader(SecurityConstants.REFRESH_TOKEN_KEY);
-                res.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            if (StrUtil.isBlank(accessTokenStr) || !accessTokenStr.startsWith(SecurityConstants.AUTHORIZATION_PREFIX) || StrUtil.isBlank(refreshToken)) {
-                res.getWriter().write(SystemValidMessage.TOKEN_VALID_ERROR);
+                res.getWriter().write("{\"code\": 4001, \"message\":\"" + SystemValidMessage.TOKEN_VALID_ERROR + "\"}"); //前端重定向到登录页面
                return;
            }
-            tokenStr = tokenStr.substring(SecurityConstants.AUTHORIZATION_PREFIX.length());
+            String accessToken = accessTokenStr.substring(SecurityConstants.AUTHORIZATION_PREFIX.length());
            try {
-                if (StrUtil.isBlank(tokenStr) || !JwtUtil.verifyToken(tokenStr) || JwtUtil.isExpired(tokenStr)) {
+                if (StrUtil.isBlank(accessToken) || !JwtUtil.verifyToken(accessToken) || !JwtUtil.verifyToken(refreshToken)) {
-                    res.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                    res.getWriter().write("{\"code\": 4001, \"message\":\"" + SystemValidMessage.TOKEN_VALID_ERROR + "\"}"); //前端重定向到登录页面
-                    res.getWriter().write(SystemValidMessage.TOKEN_VALID_ERROR);
+                } else if (JwtUtil.isExpired(accessToken)) {
                    if (JwtUtil.isExpired(refreshToken)) {
                        res.getWriter().write("{\"code\": 4001, \"message\":\"" + SystemValidMessage.TOKEN_EXPIRED + "\"}"); //前端重定向到登录页面
                    }else{
                        res.getWriter().write("{\"code\": 401, \"message\":\"" + SystemValidMessage.TOKEN_EXPIRED + "\"}"); //前端发起refreshToken请求
                    }
                } else {
                    filterChain.doFilter(req, res);
                }
            } catch (Exception e) {
-                res.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                res.getWriter().write("{\"code\": 4001, \"message\":\"" + SystemValidMessage.TOKEN_VALID_ERROR + "\"}");
                res.getWriter().write(SystemValidMessage.TOKEN_VALID_ERROR);
            }
        }
    }
--- a/system/src/main/java/com/njcn/gather/system/auth/pojo/Token.java
+++ b/system/src/main/java/com/njcn/gather/system/auth/pojo/Token.java
@@ -9,6 +9,8 @@ public class Token {
    private String accessToken;
    private String refreshToken;
    private Map<String, Object> userInfo;
 }
--- a/system/src/main/java/com/njcn/gather/system/pojo/constant/SystemValidMessage.java
+++ b/system/src/main/java/com/njcn/gather/system/pojo/constant/SystemValidMessage.java
@@ -87,7 +87,9 @@ public interface SystemValidMessage {
    String AUTO_GENERATE_FORMAT_ERROR = "是否自动生成格式错误，请检查autoGenerate参数";
-    String TOKEN_VALID_ERROR = "token校验失败";
+    String TOKEN_VALID_ERROR = "非法的token";
    String TOKEN_EXPIRED = "token已过期，请重新登录";
    String USER_ID_FORMAT_ERROR = "用户id格式错误，请检查userId参数";
 }