梳理登录token鉴权功能

2025-05-30 17:23:07 +08:00 · 2025-05-30 17:23:07 +08:00 · 91db1899e0
commit 91db1899e0
parent 1dbfcfd0f2
4 changed files with 73 additions and 35 deletions
--- a/backend/src/main/java/com/stdproject/controller/AuthController.java
+++ b/backend/src/main/java/com/stdproject/controller/AuthController.java
@ -241,17 +241,25 @@ public class AuthController {
    @PostMapping("/refreshToken")
    public Result<String> refreshToken(@RequestBody Map<String, String> params) {
        String refreshToken = params.get("refreshToken");
+
        if (refreshToken == null || refreshToken.trim().isEmpty()) {
            return Result.error("刷新令牌不能为空");
        }
-        // 验证refreshToken的有效性并获取用户信息
+
+        try {
            String username = jwtUtils.getUsernameFromToken(refreshToken);
-        if (username != null) {
+
+            if (username != null && jwtUtils.validateToken(refreshToken, username)) {
                AppUser user = appUserService.findByUsername(username);
-            // 生成新的token
-            return Result.success(jwtUtils.generateToken(user.getUsername(), user.getId()));
+                String newAccessToken = jwtUtils.generateRefreshToken(user.getUsername(), user.getId());
+                return Result.success(newAccessToken);
+            } else {
+                return Result.error("刷新令牌已失效");
+            }
+        } catch (Exception e) {
+            log.error("刷新 Token 失败: {}", e.getMessage());
+            return Result.error("刷新 Token 失败");
        }
-        return Result.error("无效的刷新令牌");
    }


--- a/backend/src/main/java/com/stdproject/utils/JwtUtils.java
+++ b/backend/src/main/java/com/stdproject/utils/JwtUtils.java
@ -28,6 +28,9 @@ public class JwtUtils {
    @Value("${spring.security.jwt.expiration-ms}")
    private Long expirationMs;

+    @Value("${spring.security.jwt.refresh-expiration-ms}")
+    private Long refreshExpirationMs;
+
    /**
     * 生成JWT令牌
     *
@ -62,6 +65,33 @@ public class JwtUtils {
                .compact();
    }

+    /**
+     * 创建带刷新时间的 Token
+     */
+    private String createRefreshToken(Map<String, Object> claims, String subject) {
+        Date now = new Date();
+        Date expiryDate = new Date(now.getTime() + refreshExpirationMs);
+
+        return Jwts.builder()
+                .setClaims(claims)
+                .setSubject(subject)
+                .setIssuedAt(now)
+                .setExpiration(expiryDate)
+                .signWith(getSigningKey(), SignatureAlgorithm.HS512)
+                .compact();
+    }
+
+    /**
+     * 生成 Refresh Token
+     */
+    public String generateRefreshToken(String username, String userId) {
+        Map<String, Object> claims = new HashMap<>();
+        claims.put("userId", userId);
+        claims.put("username", username);
+        return createRefreshToken(claims, username);
+    }
+
+
    /**
     * 从JWT令牌中获取用户名
     *
--- a/backend/src/main/resources/application.yml
+++ b/backend/src/main/resources/application.yml
@ -55,7 +55,7 @@ spring:
    jwt:
      enabled: ${JWT_ENABLED:true} # 控制是否启用JWT认证
      secret: ${JWT_SECRET:YourJWTSecretKeyForStdProjectBackendApplicationWhichIsVeryLongAndSecure2024!@#$%^&*()}
-      expiration-ms: ${JWT_EXPIRATION:86400000} # Token 过期时间 (例如: 24小时)
+      expiration-ms: ${JWT_EXPIRATION:1800000} # Token 过期时间 (例如: 24小时)
      refresh-expiration-ms: ${JWT_REFRESH_EXPIRATION:604800000} # 刷新Token过期时间 (例如: 7天)

 mybatis-plus:
@ -155,7 +155,7 @@ logging:
    org.hibernate.type.descriptor.sql.BasicBinder: TRACE
 mybatis-plus:
  configuration:
-    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
+    log-impl: org.apache.ibatis.logging.nologging.NoLoggingImpl #org.apache.ibatis.logging.stdout.StdOutImpl
 springdoc:
  swagger-ui:
    enabled: true