梳理登录token鉴权功能

backend/src/main/java/com/stdproject/controller/AuthController.java

@@ -241,17 +241,25 @@ public class AuthController {
     @PostMapping("/refreshToken")
     public Result<String> refreshToken(@RequestBody Map<String, String> params) {
         String refreshToken = params.get("refreshToken");
+
         if (refreshToken == null || refreshToken.trim().isEmpty()) {
             return Result.error("刷新令牌不能为空");
         }
-        // 验证refreshToken的有效性并获取用户信息
+
-        String username = jwtUtils.getUsernameFromToken(refreshToken);
+        try {
-        if (username != null) {
+            String username = jwtUtils.getUsernameFromToken(refreshToken);
-            AppUser user = appUserService.findByUsername(username);
+
-            // 生成新的token
+            if (username != null && jwtUtils.validateToken(refreshToken, username)) {
-            return Result.success(jwtUtils.generateToken(user.getUsername(), user.getId()));
+                AppUser user = appUserService.findByUsername(username);
+                String newAccessToken = jwtUtils.generateRefreshToken(user.getUsername(), user.getId());
+                return Result.success(newAccessToken);
+            } else {
+                return Result.error("刷新令牌已失效");
+            }
+        } catch (Exception e) {
+            log.error("刷新 Token 失败: {}", e.getMessage());
+            return Result.error("刷新 Token 失败");
         }
-        return Result.error("无效的刷新令牌");
     }
 
 

backend/src/main/java/com/stdproject/utils/JwtUtils.java

@@ -28,6 +28,9 @@ public class JwtUtils {
     @Value("${spring.security.jwt.expiration-ms}")
     private Long expirationMs;
 
+    @Value("${spring.security.jwt.refresh-expiration-ms}")
+    private Long refreshExpirationMs;
+
     /**
      * 生成JWT令牌
      *
@@ -62,6 +65,33 @@ public class JwtUtils {
                 .compact();
     }
 
+    /**
+     * 创建带刷新时间的 Token
+     */
+    private String createRefreshToken(Map<String, Object> claims, String subject) {
+        Date now = new Date();
+        Date expiryDate = new Date(now.getTime() + refreshExpirationMs);
+
+        return Jwts.builder()
+                .setClaims(claims)
+                .setSubject(subject)
+                .setIssuedAt(now)
+                .setExpiration(expiryDate)
+                .signWith(getSigningKey(), SignatureAlgorithm.HS512)
+                .compact();
+    }
+
+    /**
+     * 生成 Refresh Token
+     */
+    public String generateRefreshToken(String username, String userId) {
+        Map<String, Object> claims = new HashMap<>();
+        claims.put("userId", userId);
+        claims.put("username", username);
+        return createRefreshToken(claims, username);
+    }
+
+
     /**
      * 从JWT令牌中获取用户名
      *

backend/src/main/resources/application.yml

@@ -55,7 +55,7 @@ spring:
     jwt:
       enabled: ${JWT_ENABLED:true} # 控制是否启用JWT认证
       secret: ${JWT_SECRET:YourJWTSecretKeyForStdProjectBackendApplicationWhichIsVeryLongAndSecure2024!@#$%^&*()}
-      expiration-ms: ${JWT_EXPIRATION:86400000} # Token 过期时间 (例如: 24小时)
+      expiration-ms: ${JWT_EXPIRATION:1800000} # Token 过期时间 (例如: 24小时)
       refresh-expiration-ms: ${JWT_REFRESH_EXPIRATION:604800000} # 刷新Token过期时间 (例如: 7天)
 
 mybatis-plus:
@@ -155,7 +155,7 @@ logging:
     org.hibernate.type.descriptor.sql.BasicBinder: TRACE
 mybatis-plus:
   configuration:
-    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
+    log-impl: org.apache.ibatis.logging.nologging.NoLoggingImpl #org.apache.ibatis.logging.stdout.StdOutImpl
 springdoc:
   swagger-ui:
     enabled: true