Home Explore Help
Sign In
alien
/
alien_cloud
26
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

修改跨域和token问题

ssk 1 month ago
parent
15da339432
commit
99da7aa344
16 changed files with 219 additions and 329 deletions
Split View Show Diff Stats
  1. 5 0
      alien-gateway/pom.xml
  2. 26 0
      alien-gateway/src/main/java/shop/alien/gateway/config/CorsConfig.java
  3. 53 21
      alien-gateway/src/main/java/shop/alien/gateway/config/JwtTokenFilter.java
  4. 1 1
      alien-gateway/src/main/resources/bootstrap.yml
  5. 2 6
      alien-store/pom.xml
  6. 0 87
      alien-store/src/main/java/shop/alien/store/config/JWTFilterConfig.java
  7. 0 122
      alien-store/src/main/java/shop/alien/store/config/JWTInterceptor.java
  8. 0 66
      alien-store/src/main/java/shop/alien/store/config/JWTUtils.java
  9. 7 6
      alien-store/src/main/java/shop/alien/store/config/MyBatisFieldHandler.java
  10. 8 5
      alien-store/src/main/java/shop/alien/store/config/TokenInfoArgumentResolver.java
  11. 0 5
      alien-store/src/main/java/shop/alien/store/config/WebConfig.java
  12. 28 2
      alien-store/src/main/java/shop/alien/store/service/LifeUserService.java
  13. 28 2
      alien-store/src/main/java/shop/alien/store/service/impl/StoreUserServiceImpl.java
  14. 28 2
      alien-store/src/main/java/shop/alien/store/service/impl/SystemServiceImpl.java
  15. 1 1
      alien-store/src/main/resources/bootstrap.yml
  16. 32 3
      alien-util/src/main/java/shop/alien/util/common/JwtUtil.java

+ 5 - 0
alien-gateway/pom.xml
View File 

@@ -179,6 +179,11 @@
 
             <artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
 
         </dependency>
 
 
+        <dependency>
 
+            <groupId>javax.xml.bind</groupId>
 
+            <artifactId>jaxb-api</artifactId>
 
+        </dependency>
 
+
 
     </dependencies>
 
 
     <build>

+ 26 - 0
alien-gateway/src/main/java/shop/alien/gateway/config/CorsConfig.java
View File 

@@ -0,0 +1,26 @@
 
+package shop.alien.gateway.config;
 
+
 
+import lombok.extern.slf4j.Slf4j;
 
+import org.springframework.context.annotation.Bean;
 
+import org.springframework.context.annotation.Configuration;
 
+import org.springframework.web.cors.CorsConfiguration;
 
+import org.springframework.web.cors.reactive.CorsWebFilter;
 
+import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
 
+
 
+@Slf4j
 
+@Configuration
 
+public class CorsConfig {
 
+
 
+    @Bean
 
+    public CorsWebFilter corsWebFilter() {
 
+        log.info("CORS限制打开");
 
+        CorsConfiguration config = new CorsConfiguration();
 
+        config.addAllowedOrigin("*");
 
+        config.addAllowedHeader("*");
 
+        config.addAllowedMethod("*");
 
+        config.setAllowCredentials(true);
 
+        UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource();
 
+        configSource.registerCorsConfiguration("/**", config);
 
+        return new CorsWebFilter(configSource);
 
+    }
 
+}

+ 53 - 21
alien-gateway/src/main/java/shop/alien/gateway/config/JwtTokenFilter.java
View File 

@@ -3,7 +3,6 @@ package shop.alien.gateway.config;
 
 import com.alibaba.cloud.commons.lang.StringUtils;
 
 import com.alibaba.fastjson.JSONObject;
 
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
 
 import io.jsonwebtoken.Claims;
 
 import io.jsonwebtoken.ExpiredJwtException;
 
 import lombok.Data;
 
@@ -12,10 +11,12 @@ import org.springframework.beans.factory.annotation.Autowired;
 
 import org.springframework.beans.factory.annotation.Value;
 
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 
 import org.springframework.cloud.gateway.filter.GlobalFilter;
 
+import org.springframework.cloud.gateway.filter.NettyWriteResponseFilter;
 
 import org.springframework.core.Ordered;
 
 import org.springframework.core.io.buffer.DataBuffer;
 
+import org.springframework.http.HttpHeaders;
 
+import org.springframework.http.HttpMethod;
 
 import org.springframework.http.HttpStatus;
 
-import org.springframework.http.MediaType;
 
 import org.springframework.http.server.reactive.ServerHttpResponse;
 
 import org.springframework.stereotype.Component;
 
 import org.springframework.web.server.ServerWebExchange;
 
@@ -25,12 +26,14 @@ import shop.alien.entity.store.StoreUser;
 
 import shop.alien.gateway.mapper.StoreUserMapper;
 
 import shop.alien.util.common.JwtUtil;
 
 
-import javax.servlet.http.HttpServletRequest;
 
-import javax.servlet.http.HttpServletResponse;
 
 import java.nio.charset.StandardCharsets;
 
+import java.util.ArrayList;
 
 import java.util.Arrays;
 
-import java.util.HashMap;
 
-import java.util.Map;
 
+import java.util.List;
 
+import java.util.Objects;
 
+import java.util.stream.Collectors;
 
+
 
+import static org.apache.commons.codec.language.bm.Languages.ANY;
 
 
 /**
 
  * Jwt过滤器
 
@@ -64,15 +67,17 @@ public class JwtTokenFilter implements GlobalFilter, Ordered {
 
     public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
 
         String url = exchange.getRequest().getURI().getPath();
 
         log.info("====================>path: " + url);
 
-//        if (url.startsWith("second/") || url.startsWith("store/")) {
 
-//            url = url.substring(url.indexOf("/"), url.length() + 1);
 
-//        }
 
+
 
+        if (Objects.equals(exchange.getRequest().getMethod(), HttpMethod.OPTIONS)) {
 
+            return allowChain(exchange, chain);
 
+        }
 
+
 
         //跳过不需要验证的路径
 
         if (null != skipAuthUrls && Arrays.asList(skipAuthUrls).contains(url)) {
 
-            return chain.filter(exchange);
 
+            return allowChain(exchange, chain);
 
         }
 
-        if (url.startsWith("/store/webjars") || url.startsWith("/second/webjars")) {
 
-            return chain.filter(exchange);
 
+        if (url.startsWith("/alienStore/webjars") || url.startsWith("/alienSecond/webjars")) {
 
+            return allowChain(exchange, chain);
 
         }
 
 
         //获取token
 
@@ -84,6 +89,7 @@ public class JwtTokenFilter implements GlobalFilter, Ordered {
 
         ServerHttpResponse resp = exchange.getResponse();
 
         if (StringUtils.isBlank(token)) {
 
             //没有token
 
+            log.error("没有token");
 
             return authError(resp, "请登录");
 
         } else {
 
             //有token
 
@@ -97,7 +103,6 @@ public class JwtTokenFilter implements GlobalFilter, Ordered {
 
                 //区分
 
                 if ("web".equals(deviceType)) {
 
                     //管理端单设备登录
 
-//                redisKey = deviceType + "_" + tokenInfo.getClaim("userName").asString();
 
                     //不限制
 
                     return chain.filter(exchange);
 
                 } else {
 
@@ -118,26 +123,52 @@ public class JwtTokenFilter implements GlobalFilter, Ordered {
 
                     }
 
 
                     map.put("success", false);
 
+                    log.error("认证错误: {}", map.toJSONString());
 
 
-                    exchange.getResponse().getHeaders().setContentType(MediaType.APPLICATION_JSON);
 
-                    return exchange.getResponse()
 
-                            .writeWith(Mono.just(exchange.getResponse()
 
-                                    .bufferFactory()
 
-                                    .wrap(map.toJSONString().getBytes())));
 
+                    return authError(resp, map.toJSONString());
 
                 }
 
                 return chain.filter(exchange);
 
             } catch (ExpiredJwtException e) {
 
                 if (e.getMessage().contains("Allowed clock skew")) {
 
+                    log.error("认证过期", e);
 
                     return authError(resp, "认证过期");
 
                 } else {
 
+                    log.error("认证失败", e);
 
                     return authError(resp, "认证失败");
 
                 }
 
             } catch (Exception e) {
 
+                log.error("认证失败", e);
 
                 return authError(resp, "认证失败");
 
             }
 
         }
 
     }
 
 
+    private Mono<Void> allowChain(ServerWebExchange exchange, GatewayFilterChain chain) {
 
+        return chain.filter(exchange).then(Mono.fromRunnable(() -> {
 
+            exchange.getResponse().getHeaders().entrySet().stream()
 
+                    .filter(kv -> (kv.getValue() != null && kv.getValue().size() > 1))
 
+                    .filter(kv -> (kv.getKey().equals(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)
 
+                            || kv.getKey().equals(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)
 
+                            || kv.getKey().equals(HttpHeaders.VARY)))
 
+                    .forEach(kv ->
 
+                    {
 
+                        // Vary只需要去重即可
 
+                        if (kv.getKey().equals(HttpHeaders.VARY))
 
+                            kv.setValue(kv.getValue().stream().distinct().collect(Collectors.toList()));
 
+                        else {
 
+                            List<String> value = new ArrayList<>();
 
+                            if (kv.getValue().contains(ANY)) {  //如果包含*,则取*
 
+                                value.add(ANY);
 
+                                kv.setValue(value);
 
+                            } else {
 
+                                value.add(kv.getValue().get(0)); // 否则默认取第一个
 
+                                kv.setValue(value);
 
+                            }
 
+                        }
 
+                    });
 
+        }));
 
+    }
 
+
 
     /**
 
      * 认证错误输出
 
      *
 
@@ -152,14 +183,15 @@ public class JwtTokenFilter implements GlobalFilter, Ordered {
 
         json.put("code", HttpStatus.UNAUTHORIZED.value());
 
         json.put("msg", message);
 
         json.put("data", "");
 
+
 
+        log.error("认证错误响应: {}", json.toJSONString());
 
+
 
         DataBuffer buffer = resp.bufferFactory().wrap(json.toString().getBytes(StandardCharsets.UTF_8));
 
         return resp.writeWith(Flux.just(buffer));
 
     }
 
 
     @Override
 
     public int getOrder() {
 
-        return -100;
 
+        return NettyWriteResponseFilter.WRITE_RESPONSE_FILTER_ORDER + 1;
 
     }
 
 }
 
-
 
-

+ 1 - 1
alien-gateway/src/main/resources/bootstrap.yml
View File 

@@ -1,6 +1,6 @@
 
 spring:
 
   application:
 
-    name: alien-gateway
 
+    name: alien-gateway-dev
 
 
   cloud:
 
     nacos:

+ 2 - 6
alien-store/pom.xml
View File 

@@ -251,17 +251,13 @@
 
             <artifactId>alien-entity</artifactId>
 
             <version>1.0.0</version>
 
         </dependency>
 
+
 
         <dependency>
 
             <groupId>shop.alien</groupId>
 
             <artifactId>alien-util</artifactId>
 
             <version>1.0.0</version>
 
         </dependency>
 
-<!--        <dependency>-->
 
-<!--            <groupId>shop.alien</groupId>-->
 
-<!--            <artifactId>alien-gateway</artifactId>-->
 
-<!--            <version>1.0.0</version>-->
 
-<!--            <scope>compile</scope>-->
 
-<!--        </dependency>-->
 
+
 
         <dependency>
 
             <groupId>commons-fileupload</groupId>
 
             <artifactId>commons-fileupload</artifactId>

+ 0 - 87
alien-store/src/main/java/shop/alien/store/config/JWTFilterConfig.java
View File 

@@ -1,87 +0,0 @@
 
-package shop.alien.store.config;
 
-
 
-import org.springframework.beans.factory.annotation.Autowired;
 
-import org.springframework.context.annotation.Configuration;
 
-import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
-
 
-/**
 
- * Token 拦截器配置
 
- *
 
- * @author ssk
 
- * @version 1.0
 
- * @date 2024/12/25 16:59
 
- */
 
-@Configuration
 
-public class JWTFilterConfig implements WebMvcConfigurer {
 
-
 
-    @Autowired
 
-    private JWTInterceptor jwtInterceptor;
 
-
 
-    @Override
 
-    public void addInterceptors(InterceptorRegistry registry) {
 
-        registry.addInterceptor(jwtInterceptor)
 
-                .addPathPatterns("/**")
 
-                //login
 
-                .excludePathPatterns("/user/userLogin")
 
-                //门店用户登录
 
-                .excludePathPatterns("/store/user/login")
 
-                // 门店用户登录校验
 
-                .excludePathPatterns("/store/user/checkLogin")
 
-                // 门店用户注册
 
-                .excludePathPatterns("/store/user/register")
 
-                // 门店用户注册校验
 
-                .excludePathPatterns("/store/user/checkRegister")
 
-                //文件上传
 
-                .excludePathPatterns("/file/upload")
 
-                //阿里回调
 
-                .excludePathPatterns("/ali/notify")
 
-                //发送短信
 
-                .excludePathPatterns("/ali/sendSms")
 
-                //修改密码
 
-                .excludePathPatterns("/store/user/updatePassword")
 
-                //根据手机号获取用户
 
-                .excludePathPatterns("/store/user/getUserByPhone")
 
-                //社区列表
 
-                .excludePathPatterns("/userDynamics/getUserDynamics")
 
-                //活动列表
 
-                .excludePathPatterns("/activity/getActivityList")
 
-                //联名卡列表
 
-                .excludePathPatterns("/userbrandedcard/getBrandedCardList")
 
-                //查询字典
 
-                .excludePathPatterns("/dicts/getLifeDictByTypeName")
 
-                //首页轮播图
 
-                .excludePathPatterns("/userCarouselImage/getUserCarouselImage")
 
-                //查询商铺列表
 
-                .excludePathPatterns("/userstore/getStoreList")
 
-                //websocket
 
-                .excludePathPatterns("/socket/**")
 
-                .excludePathPatterns("/websocket/**")
 
-                //druid
 
-                .excludePathPatterns("/druid/**")
 
-                //swagger
 
-                .excludePathPatterns("/webjars/**")
 
-                .excludePathPatterns("/swagger-resources/**")
 
-                .excludePathPatterns("/v2/**")
 
-                .excludePathPatterns("/jrebel/statistics")
 
-                .excludePathPatterns("/error")
 
-                .excludePathPatterns("/doc.html")
 
-                //web数据中台登录接口
 
-                .excludePathPatterns("/sys/login")
 
-                .excludePathPatterns("/img/getCarouselImage")
 
-                //八大类相关接口
 
-                .excludePathPatterns("/essential-module-information/getChildByParentId")
 
-                .excludePathPatterns("/essential-module-information/getEssentialModuleInformationList")
 
-                .excludePathPatterns("/essential-module-information/getList")
 
-                .excludePathPatterns("/essential-module-information/getPrimaryData")
 
-                .excludePathPatterns("/version/getLatestVersion")
 
-                .excludePathPatterns("/elasticSearch/*")
 
-//                .excludePathPatterns("/**");
 
-                .excludePathPatterns("/user-violation/level")
 
-                .excludePathPatterns("/store/user/updatePassword")
 
-                .excludePathPatterns("/testInfo/getTestInfo")
 
-                .excludePathPatterns("/file/uploadApp")
 
-        ;
 
-    }
 
-
 
-}

+ 0 - 122
alien-store/src/main/java/shop/alien/store/config/JWTInterceptor.java
View File 

@@ -1,122 +0,0 @@
 
-package shop.alien.store.config;
 
-
 
-import com.auth0.jwt.exceptions.AlgorithmMismatchException;
 
-import com.auth0.jwt.exceptions.SignatureVerificationException;
 
-import com.auth0.jwt.exceptions.TokenExpiredException;
 
-import com.auth0.jwt.interfaces.DecodedJWT;
 
-import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 
-import com.baomidou.mybatisplus.core.toolkit.StringUtils;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
 
-import lombok.extern.slf4j.Slf4j;
 
-import org.springframework.beans.factory.annotation.Autowired;
 
-import org.springframework.stereotype.Component;
 
-import org.springframework.web.cors.CorsUtils;
 
-import org.springframework.web.servlet.HandlerInterceptor;
 
-import shop.alien.entity.store.StoreUser;
 
-import shop.alien.store.mapper.StoreUserMapper;
 
-
 
-import javax.servlet.http.HttpServletRequest;
 
-import javax.servlet.http.HttpServletResponse;
 
-import java.util.HashMap;
 
-import java.util.Map;
 
-
 
-/**
 
- * Token校验
 
- *
 
- * @author ssk
 
- * @version 1.0
 
- * @date 2024/12/25 16:59
 
- */
 
-@Slf4j
 
-@Component
 
-public class JWTInterceptor implements HandlerInterceptor {
 
-
 
-    @Autowired
 
-    private BaseRedisService baseRedisService;
 
-
 
-    @Autowired
 
-    private StoreUserMapper storeUserMapper;
 
-
 
-    @Override
 
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
 
-            throws Exception {
 
-//        if (CorsUtils.isPreFlightRequest(request)) {
 
-//            // 这是一个OPTIONS请求,我们可以选择放行
 
-//            return true;
 
-//        }
 
-//        //获取请求头中的token
 
-//        String token = request.getHeader("Authorization");
 
-//        log.info("====================>token值: " + token);
 
-//        String path = request.getRequestURI();
 
-//        log.info("====================>path: " + path);
 
-//        Map<String, Object> map = new HashMap<>();
 
-//        int errorType = 0;
 
-//        try {
 
-//            JWTUtils.TokenVerify(token);
 
-//            DecodedJWT tokenInfo = JWTUtils.getTokenInfo(token);
 
-//            log.info("phone:{}", tokenInfo.getClaim("phone").asString());
 
-//            String phone = tokenInfo.getClaim("phone").asString();
 
-//            log.info("userType:{}", tokenInfo.getClaim("userType").asString());
 
-//            String deviceType = tokenInfo.getClaim("userType").asString();
 
-//            String redisKey;
 
-//            //区分
 
-//            if ("web".equals(deviceType)) {
 
-//                //管理端单设备登录
 
-////                redisKey = deviceType + "_" + tokenInfo.getClaim("userName").asString();
 
-//                //不限制
 
-//                return true;
 
-//            } else {
 
-//                redisKey = deviceType + "_" + tokenInfo.getClaim("phone").asString();
 
-//            }
 
-//            String redisVal = baseRedisService.getString(redisKey);
 
-//            if (StringUtils.isEmpty(redisVal) || !token.equals(redisVal)) {
 
-//                //判断程序是否为用户禁用
 
-//                StoreUser storeUser = storeUserMapper.selectOne(new LambdaQueryWrapper<StoreUser>().eq(StoreUser::getPhone, phone));
 
-//                if (storeUser.getStatus() == 1) {
 
-//                    map.put("msg", "你的账号已被禁用");
 
-//                    //别问, 问就是约定俗成
 
-//                    map.put("code", 777);
 
-//                } else {
 
-//                    map.put("msg", "用户在别处登录");
 
-//                    //别问, 问就是约定俗成
 
-//                    map.put("code", 666);
 
-//                }
 
-//
 
-//                map.put("success", false);
 
-//                String json = new ObjectMapper().writeValueAsString(map);
 
-//                response.setContentType("application/json;charset=UTF-8");
 
-//                response.getWriter().print(json);
 
-//                return false;
 
-//            }
 
-//            //放行请求
 
-//            return true;
 
-//        } catch (SignatureVerificationException e) {
 
-//            errorType = 1;
 
-//            log.error("JWTInterceptor SignatureVerificationException Msg={}", e.getMessage());
 
-//            map.put("msg", "无效签名");
 
-//        } catch (TokenExpiredException e) {
 
-//            errorType = 2;
 
-//            log.error("JWTInterceptor TokenExpiredException Msg={}", e.getMessage());
 
-//            map.put("msg", "token已过期");
 
-//        } catch (AlgorithmMismatchException e) {
 
-//            errorType = 3;
 
-//            log.error("JWTInterceptor AlgorithmMismatchException Msg={}", e.getMessage());
 
-//            map.put("msg", "算法不一致");
 
-//        } catch (Exception e) {
 
-//            errorType = 4;
 
-//            log.error("JWTInterceptor Exception Msg={}", e.getMessage());
 
-//            map.put("msg", "token无效");
 
-//        }
 
-//        log.info("====================>token无效类型: " + errorType);
 
-//        map.put("code", 401);
 
-//        map.put("success", false);
 
-//        //使用jackson将map转为json
 
-//        String json = new ObjectMapper().writeValueAsString(map);
 
-//        response.setContentType("application/json;charset=UTF-8");
 
-//        response.getWriter().print(json);
 
-//        return false;
 
-
 
-        return true;
 
-    }
 
-
 
-}

+ 0 - 66
alien-store/src/main/java/shop/alien/store/config/JWTUtils.java
View File 

@@ -1,66 +0,0 @@
 
-package shop.alien.store.config;
 
-
 
-import com.auth0.jwt.JWT;
 
-import com.auth0.jwt.JWTCreator;
 
-import com.auth0.jwt.algorithms.Algorithm;
 
-import com.auth0.jwt.interfaces.DecodedJWT;
 
-import org.springframework.web.context.request.RequestContextHolder;
 
-import org.springframework.web.context.request.ServletRequestAttributes;
 
-
 
-import javax.servlet.http.HttpServletRequest;
 
-import java.util.Date;
 
-import java.util.Map;
 
-
 
-/**
 
- * Token工具类
 
- *
 
- * @author ssk
 
- * @version 1.0
 
- * @date 2024/12/25 16:58
 
- */
 
-public class JWTUtils {
 
-
 
-    private static final String SIGN = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
 
-
 
-    //1000ms x 60秒 x 60分钟 x 24小时 x 30天
 
-    private static final Long EXPIRATION_TIME = 1000 * 60 * 60 * 24 * 30L;
 
-
 
-    /**
 
-     * 生成Token
 
-     */
 
-    public static String createToken(Map<String, String> map) {
 
-        //创建JWTBuilder
 
-        JWTCreator.Builder builder = JWT.create();
 
-        //设置payload
 
-        map.forEach(builder::withClaim);
 
-        //设置过期时间和签名,生成token
 
-        return builder.withExpiresAt(new Date(System.currentTimeMillis() + EXPIRATION_TIME)).sign(Algorithm.HMAC256(SIGN));
 
-    }
 
-
 
-    /**
 
-     * 验证token
 
-     */
 
-    public static void TokenVerify(String token) {
 
-        JWT.require(Algorithm.HMAC256(SIGN)).build().verify(token);
 
-    }
 
-
 
-    /**
 
-     * 获取token信息
 
-     */
 
-    public static DecodedJWT getTokenInfo(String token) {
 
-        return JWT.require(Algorithm.HMAC256(SIGN)).build().verify(token);
 
-    }
 
-
 
-    /**
 
-     * 非控制器获取token
 
-     */
 
-    public static String getToken() {
 
-        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
 
-        if (attributes != null) {
 
-            HttpServletRequest request = attributes.getRequest();
 
-            String token = request.getHeader("Authorization");
 
-            return token;
 
-        }
 
-        return null;
 
-    }
 
-}

+ 7 - 6
alien-store/src/main/java/shop/alien/store/config/MyBatisFieldHandler.java
View File 

@@ -1,10 +1,11 @@
 
 package shop.alien.store.config;
 
 
-import com.auth0.jwt.interfaces.DecodedJWT;
 
+import com.alibaba.fastjson.JSONObject;
 
 import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler;
 
 import com.baomidou.mybatisplus.core.toolkit.StringUtils;
 
 import org.apache.ibatis.reflection.MetaObject;
 
 import org.springframework.stereotype.Component;
 
+import shop.alien.util.common.JwtUtil;
 
 
 import java.util.Date;
 
 
@@ -56,12 +57,12 @@ public class MyBatisFieldHandler implements MetaObjectHandler {
 
         }
 
     }
 
 
-    public Integer getUserId(){
 
-        String token = JWTUtils.getToken();
 
+    public Integer getUserId() {
 
+        String token = JwtUtil.getToken();
 
         String userId = "0";
 
-        if (StringUtils.isNotEmpty(token)){
 
-            DecodedJWT tokenInfo = JWTUtils.getTokenInfo(token);
 
-            userId = tokenInfo.getClaim("userId").asString();
 
+        if (StringUtils.isNotEmpty(token)) {
 
+            JSONObject tokenInfo = JwtUtil.getTokenInfo(token);
 
+            userId = tokenInfo.getString("userId");
 
         }
 
         return Integer.parseInt(userId);
 
     }

+ 8 - 5
alien-store/src/main/java/shop/alien/store/config/TokenInfoArgumentResolver.java
View File 

@@ -1,5 +1,6 @@
 
 package shop.alien.store.config;
 
 
+import com.alibaba.fastjson.JSONObject;
 
 import com.auth0.jwt.interfaces.DecodedJWT;
 
 import org.springframework.core.MethodParameter;
 
 import org.springframework.web.bind.support.WebDataBinderFactory;
 
@@ -10,6 +11,7 @@ import org.springframework.web.method.support.ModelAndViewContainer;
 
 import javax.servlet.http.HttpServletRequest;
 
 
 import shop.alien.entity.store.UserLoginInfo;
 
+import shop.alien.util.common.JwtUtil;
 
 import shop.alien.util.common.TokenInfo;
 
 
 public class TokenInfoArgumentResolver implements HandlerMethodArgumentResolver {
 
@@ -26,12 +28,13 @@ public class TokenInfoArgumentResolver implements HandlerMethodArgumentResolver
 
         String token = request.getHeader("Authorization");
 
         if (token != null) {
 
             try {
 
-                DecodedJWT tokenInfo = JWTUtils.getTokenInfo(token);
 
+                JSONObject tokenInfo = JwtUtil.getTokenInfo(token);
 
+//                DecodedJWT tokenInfo = JWTUtils.getTokenInfo(token);
 
                 UserLoginInfo userLoginInfo = new UserLoginInfo();
 
-                String phone = tokenInfo.getClaim("phone").asString();
 
-                String userName = tokenInfo.getClaim("userName").asString();
 
-                String userId = tokenInfo.getClaim("userId").asString();
 
-                String type = tokenInfo.getClaim("userType").asString();
 
+                String phone = tokenInfo.getString("phone");
 
+                String userName = tokenInfo.getString("userName");
 
+                String userId = tokenInfo.getString("userId");
 
+                String type = tokenInfo.getString("userType");
 
                 userLoginInfo.setUserPhone(phone);
 
                 userLoginInfo.setUserId(Integer.parseInt(userId));
 
                 userLoginInfo.setUserName(userName);

+ 0 - 5
alien-store/src/main/java/shop/alien/store/config/WebConfig.java
View File 

@@ -10,11 +10,6 @@ import java.util.List;
 
 @Configuration
 
 public class WebConfig implements WebMvcConfigurer {
 
 
-    @Bean
 
-    public JWTInterceptor jwtInterceptor() {
 
-        return new JWTInterceptor();
 
-    }
 
-
 
     @Override
 
     public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
 
         resolvers.add(new TokenInfoArgumentResolver());

+ 28 - 2
alien-store/src/main/java/shop/alien/store/service/LifeUserService.java
View File 

@@ -1,5 +1,6 @@
 
 package shop.alien.store.service;
 
 
+import com.alibaba.fastjson.JSONObject;
 
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 
 import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
 
@@ -11,6 +12,7 @@ import lombok.RequiredArgsConstructor;
 
 import org.apache.commons.lang3.StringUtils;
 
 import org.apache.commons.lang3.tuple.Triple;
 
 import org.springframework.beans.BeanUtils;
 
+import org.springframework.beans.factory.annotation.Value;
 
 import org.springframework.stereotype.Service;
 
 import org.springframework.util.CollectionUtils;
 
 import shop.alien.entity.store.LifeFans;
 
@@ -19,12 +21,12 @@ import shop.alien.entity.store.LifeUser;
 
 import shop.alien.entity.store.vo.LifeMessageVo;
 
 import shop.alien.entity.store.vo.LifeUserVo;
 
 import shop.alien.store.config.BaseRedisService;
 
-import shop.alien.store.config.JWTUtils;
 
 import shop.alien.store.mapper.LifeFansMapper;
 
 import shop.alien.store.mapper.LifeMessageMapper;
 
 import shop.alien.store.mapper.LifeNoticeMapper;
 
 import shop.alien.store.mapper.LifeUserMapper;
 
 import shop.alien.store.util.FunctionMagic;
 
+import shop.alien.util.common.JwtUtil;
 
 
 import java.util.*;
 
 import java.util.stream.Collectors;
 
@@ -46,6 +48,9 @@ public class LifeUserService extends ServiceImpl<LifeUserMapper, LifeUser> {
 
 
     private final LifeMessageMapper messageMapper;
 
 
+    @Value("${jwt.expiration-time}")
 
+    private String effectiveTime;
 
+
 
     public IPage<LifeUser> getStoresPage(int page, int size, String realName, String userPhone) {
 
         IPage<LifeUser> storePage = new Page<>(page, size);
 
         QueryWrapper<LifeUser> queryWrapper = new QueryWrapper<>();
 
@@ -158,7 +163,28 @@ public class LifeUserService extends ServiceImpl<LifeUserMapper, LifeUser> {
 
             tokenMap.put("userName", user.getUserName());
 
             tokenMap.put("userId", user.getId().toString());
 
             tokenMap.put("userType", "user");
 
-            String token = JWTUtils.createToken(tokenMap);
 
+            int effectiveTimeInt = Integer.parseInt(effectiveTime.substring(0, effectiveTime.length() - 1));
 
+            String effectiveTimeUnit = effectiveTime.substring(effectiveTime.length() - 1);
 
+            long effectiveTimeIntLong = 0L;
 
+            switch (effectiveTimeUnit) {
 
+                case "s": {
 
+                    effectiveTimeIntLong = effectiveTimeInt * 1000L;
 
+                    break;
 
+                }
 
+                case "m": {
 
+                    effectiveTimeIntLong = effectiveTimeInt * 60L * 1000L;
 
+                    break;
 
+                }
 
+                case "h": {
 
+                    effectiveTimeIntLong = effectiveTimeInt * 60L * 60L * 1000L;
 
+                    break;
 
+                }
 
+                case "d": {
 
+                    effectiveTimeIntLong = effectiveTimeInt * 24L * 60L * 60L * 1000L;
 
+                    break;
 
+                }
 
+            }
 
+            String token = JwtUtil.createJWT("user_" + phoneNum, user.getUserName(), JSONObject.toJSONString(tokenMap), effectiveTimeIntLong);
 
             userVo.setToken(token);
 
             baseRedisService.setString("user_" + phoneNum, token);
 
             return userVo;

+ 28 - 2
alien-store/src/main/java/shop/alien/store/service/impl/StoreUserServiceImpl.java
View File 

@@ -1,5 +1,6 @@
 
 package shop.alien.store.service.impl;
 
 
+import com.alibaba.fastjson.JSONObject;
 
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 
 import com.baomidou.mybatisplus.core.metadata.IPage;
 
 import com.baomidou.mybatisplus.core.toolkit.StringUtils;
 
@@ -19,11 +20,11 @@ import shop.alien.entity.store.excelVo.StoreUserExcelVo;
 
 import shop.alien.entity.store.excelVo.util.ExcelGenerator;
 
 import shop.alien.entity.store.vo.StoreUserVo;
 
 import shop.alien.store.config.BaseRedisService;
 
-import shop.alien.store.config.JWTUtils;
 
 import shop.alien.store.mapper.*;
 
 import shop.alien.store.service.StoreUserService;
 
 import shop.alien.store.util.FunctionMagic;
 
 import shop.alien.util.common.DateUtils;
 
+import shop.alien.util.common.JwtUtil;
 
 
 import java.io.IOException;
 
 import java.time.Instant;
 
@@ -51,6 +52,9 @@ public class StoreUserServiceImpl extends ServiceImpl<StoreUserMapper, StoreUser
 
     @Value("${spring.web.resources.url}")
 
     private String fileUrl;
 
 
+    @Value("${jwt.expiration-time}")
 
+    private String effectiveTime;
 
+
 
     /**
 
      * 设定初始化默认密码
 
      */
 
@@ -97,6 +101,28 @@ public class StoreUserServiceImpl extends ServiceImpl<StoreUserMapper, StoreUser
 
      */
 
     @Override
 
     public R<StoreUserVo> createToKen(StoreUser storeUser) {
 
+        int effectiveTimeInt = Integer.parseInt(effectiveTime.substring(0, effectiveTime.length() - 1));
 
+        String effectiveTimeUnit = effectiveTime.substring(effectiveTime.length() - 1);
 
+        long effectiveTimeIntLong = 0L;
 
+        switch (effectiveTimeUnit) {
 
+            case "s": {
 
+                effectiveTimeIntLong = effectiveTimeInt * 1000L;
 
+                break;
 
+            }
 
+            case "m": {
 
+                effectiveTimeIntLong = effectiveTimeInt * 60L * 1000L;
 
+                break;
 
+            }
 
+            case "h": {
 
+                effectiveTimeIntLong = effectiveTimeInt * 60L * 60L * 1000L;
 
+                break;
 
+            }
 
+            case "d": {
 
+                effectiveTimeIntLong = effectiveTimeInt * 24L * 60L * 60L * 1000L;
 
+                break;
 
+            }
 
+        }
 
+
 
         StoreUserVo storeUserVo = new StoreUserVo();
 
         BeanUtils.copyProperties(storeUser, storeUserVo);
 
         Map<String, String> tokenMap = new HashMap<>();
 
@@ -104,7 +130,7 @@ public class StoreUserServiceImpl extends ServiceImpl<StoreUserMapper, StoreUser
 
         tokenMap.put("userName", storeUser.getName());
 
         tokenMap.put("userId", storeUser.getId().toString());
 
         tokenMap.put("userType", "store");
 
-        storeUserVo.setToken(JWTUtils.createToken(tokenMap));
 
+        storeUserVo.setToken(JwtUtil.createJWT("store_" + storeUser.getPhone(), storeUser.getName(), JSONObject.toJSONString(tokenMap), effectiveTimeIntLong));
 
         baseRedisService.setString("store_" + storeUser.getPhone(), storeUserVo.getToken());
 
         StoreInfo storeInfo = storeInfoMapper.selectById(storeUser.getStoreId());
 
         if (storeInfo != null) {

+ 28 - 2
alien-store/src/main/java/shop/alien/store/service/impl/SystemServiceImpl.java
View File 

@@ -1,15 +1,17 @@
 
 package shop.alien.store.service.impl;
 
 
+import com.alibaba.fastjson.JSONObject;
 
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 
 import lombok.RequiredArgsConstructor;
 
+import org.springframework.beans.factory.annotation.Value;
 
 import org.springframework.stereotype.Service;
 
 import shop.alien.entity.store.LifeSys;
 
 import shop.alien.entity.store.UserLoginInfo;
 
 import shop.alien.entity.store.vo.SystemLoginVo;
 
 import shop.alien.store.config.BaseRedisService;
 
-import shop.alien.store.config.JWTUtils;
 
 import shop.alien.store.mapper.LifeSysMapper;
 
 import shop.alien.store.service.SystemService;
 
+import shop.alien.util.common.JwtUtil;
 
 
 import java.security.MessageDigest;
 
 import java.security.NoSuchAlgorithmException;
 
@@ -32,8 +34,32 @@ public class SystemServiceImpl implements SystemService {
 
 
     private final BaseRedisService baseRedisService;
 
 
+    @Value("${jwt.expiration-time}")
 
+    private String effectiveTime;
 
+
 
     @Override
 
     public SystemLoginVo login(String username, String password) {
 
+        int effectiveTimeInt = Integer.parseInt(effectiveTime.substring(0, effectiveTime.length() - 1));
 
+        String effectiveTimeUnit = effectiveTime.substring(effectiveTime.length() - 1);
 
+        long effectiveTimeIntLong = 0L;
 
+        switch (effectiveTimeUnit) {
 
+            case "s": {
 
+                effectiveTimeIntLong = effectiveTimeInt * 1000L;
 
+                break;
 
+            }
 
+            case "m": {
 
+                effectiveTimeIntLong = effectiveTimeInt * 60L * 1000L;
 
+                break;
 
+            }
 
+            case "h": {
 
+                effectiveTimeIntLong = effectiveTimeInt * 60L * 60L * 1000L;
 
+                break;
 
+            }
 
+            case "d": {
 
+                effectiveTimeIntLong = effectiveTimeInt * 24L * 60L * 60L * 1000L;
 
+                break;
 
+            }
 
+        }
 
         SystemLoginVo result = new SystemLoginVo();
 
         //给密码加密MD5,查询用户是否存在
 
         LifeSys lifeSys = lifeSysMapper.selectOne(
 
@@ -47,7 +73,7 @@ public class SystemServiceImpl implements SystemService {
 
             tokenMap.put("userId", lifeSys.getId());
 
             tokenMap.put("userType", "web");
 
             //存入token
 
-            result.setToken(JWTUtils.createToken(tokenMap));
 
+            result.setToken(JwtUtil.createJWT("web_" + lifeSys.getId(), lifeSys.getUserName(), JSONObject.toJSONString(tokenMap), effectiveTimeIntLong));
 
             baseRedisService.setString("web_" + lifeSys.getUserName(), result.getToken());
 
             //登录结果
 
             result.setResult(true);

+ 1 - 1
alien-store/src/main/resources/bootstrap.yml
View File 

@@ -1,6 +1,6 @@
 
 spring:
 
   application:
 
-    name: alien-store
 
+    name: alien-store-dev
 
 
   cloud:
 
     nacos:

+ 32 - 3
alien-util/src/main/java/shop/alien/util/common/JwtUtil.java
View File 

@@ -6,11 +6,15 @@ import io.jsonwebtoken.JwtBuilder;
 
 import io.jsonwebtoken.Jwts;
 
 import io.jsonwebtoken.SignatureAlgorithm;
 
 import lombok.extern.slf4j.Slf4j;
 
-import org.apache.commons.codec.binary.Base64;
 
+import org.springframework.web.context.request.RequestContextHolder;
 
+import org.springframework.web.context.request.ServletRequestAttributes;
 
 
 import javax.crypto.SecretKey;
 
 import javax.crypto.spec.SecretKeySpec;
 
+import javax.servlet.http.HttpServletRequest;
 
+import java.security.SecureRandom;
 
 import java.text.SimpleDateFormat;
 
+import java.util.Base64;
 
 import java.util.Date;
 
 import java.util.HashMap;
 
 import java.util.Map;
 
@@ -25,10 +29,20 @@ import java.util.Map;
 
 @Slf4j
 
 public class JwtUtil {
 
 
-    private static final String KEY = "022bdc63c3c5a45879ee6581508b9d03adfec4a4658c0ab3d722e50c91a351c42c231cf43bb8f86998202bd301ec52239a74fc0c9a9aeccce604743367c9646b";
 
+    // 使用更安全的密钥生成方式
 
+//    private static final String KEY = Base64.getEncoder().encodeToString(SecureRandom.getSeed(256));
 
+
 
+    private static final String KEY = "hicYCHhHvcwg2lfrhRi9gqFM9TSzOk04JIhrHzGLaa9tL0TD+CYEE8VUy5qHmKX2mVtGM+/YXfut7+je4AVgJSDlJq1p4PYZhKU5gOoxMQD27Wmlpy3uR4kTdQEjMn9jG5a5slKrUD5lSGIrDfKNIYn0N50VbBh2Je0k7BOv1XUcy0wjapPSWmTi7lEFVDV56Ve0RSgkb0UTTyMq+uYknOgEPFGlBOXeSpVmh3VZrndmN8jZ1u40L2LzQyjb2JNaevOMT5v19ZqiYdo2x5AoAj5d4Z7chogct13QqOLvBeplGESLD8gzbS3+X7HMI4cDKsxbwGxFZT8md3efQQyfXw==";
 
+
 
+//    // 确保生成的密钥符合HMAC-SHA算法要求
 
+//    static {
 
+//        if (KEY.length() < 256) {
 
+//            throw new IllegalStateException("Key length is too short!");
 
+//        }
 
+//    }
 
 
     public static SecretKey generateKey() {
 
-        byte[] encodedKey = Base64.decodeBase64(KEY);
 
+        byte[] encodedKey = Base64.getDecoder().decode(KEY);
 
         return new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES");
 
     }
 
 
@@ -115,4 +129,19 @@ public class JwtUtil {
 
         Claims claims = JwtUtil.parseJWT(token);
 
         return JSONObject.parseObject(claims.get("sub").toString());
 
     }
 
+
 
+
 
+    /**
 
+     * 非控制器获取token
 
+     */
 
+    public static String getToken() {
 
+        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
 
+        if (attributes != null) {
 
+            HttpServletRequest request = attributes.getRequest();
 
+            String token = request.getHeader("Authorization");
 
+            return token;
 
+        }
 
+        return null;
 
+    }
 
+
 
 }