perf(token): token退出失效采用token黑名单

2023-02-20 09:15:14 +08:00 · 2023-02-20 09:15:14 +08:00 · 13adc3de0b
commit 13adc3de0b
parent a34e99d7c1
5 changed files with 61 additions and 25 deletions
--- a/backend/src/main/java/io/dataease/auth/config/F2CRealm.java
+++ b/backend/src/main/java/io/dataease/auth/config/F2CRealm.java
@ -84,7 +84,7 @@ public class F2CRealm extends AuthorizingRealm {
            token = (String) auth.getCredentials();
            // 解密获得username，用于和数据库进行对比
            tokenInfo = JWTUtils.tokenInfoByToken(token);
-            if (!TokenCacheUtils.validate(token)) {
+            if (TokenCacheUtils.invalid(token)) {
                throw new AuthenticationException("token invalid");
            }
        } catch (Exception e) {
--- a/backend/src/main/java/io/dataease/auth/filter/JWTFilter.java
+++ b/backend/src/main/java/io/dataease/auth/filter/JWTFilter.java
@ -66,7 +66,7 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
        if (StringUtils.startsWith(authorization, "Basic")) {
            return false;
        }
-        if (!TokenCacheUtils.validate(authorization) && !TokenCacheUtils.validateDelay(authorization)) {
+        if (TokenCacheUtils.invalid(authorization)) {
            throw new AuthenticationException(expireMessage);
        }
        // 当没有出现登录超时 且需要刷新token 则执行刷新token
@ -75,8 +75,6 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
            throw new AuthenticationException(expireMessage);
        }
        if (JWTUtils.needRefresh(authorization)) {
-            TokenCacheUtils.addWithTtl(authorization, 1L);
-            TokenCacheUtils.remove(authorization);
            authorization = refreshToken(request, response);
        }
        JWTToken token = new JWTToken(authorization);
--- a/backend/src/main/java/io/dataease/auth/server/AuthServer.java
+++ b/backend/src/main/java/io/dataease/auth/server/AuthServer.java
@ -148,7 +148,7 @@ public class AuthServer implements AuthApi {
                AccountLockStatus lockStatus = authUserService.recordLoginFail(username, 0);
                DataEaseException.throwException(appendLoginErrorMsg(Translator.get("i18n_id_or_pwd_error"), lockStatus));
            }
-            if(user.getIsAdmin() && user.getPassword().equals("40b8893ea9ebc2d631c4bb42bb1e8996")){
+            if (user.getIsAdmin() && user.getPassword().equals("40b8893ea9ebc2d631c4bb42bb1e8996")) {
                result.put("passwordModified", false);
            }
        }
@ -237,7 +237,7 @@ public class AuthServer implements AuthApi {
            if (StringUtils.isBlank(result)) {
                result = "success";
            }
-            TokenCacheUtils.remove(token);
+            TokenCacheUtils.add(token, userId);
        } catch (Exception e) {
            LogUtil.error(e);
            if (StringUtils.isBlank(result)) {
@ -291,7 +291,7 @@ public class AuthServer implements AuthApi {
            if (StringUtils.isBlank(result)) {
                result = "success";
            }
-            TokenCacheUtils.remove(token);
+            TokenCacheUtils.add(token, userId);
        } catch (Exception e) {
            LogUtil.error(e);
            if (StringUtils.isBlank(result)) {
--- a/backend/src/main/java/io/dataease/auth/util/JWTUtils.java
+++ b/backend/src/main/java/io/dataease/auth/util/JWTUtils.java
@ -10,7 +10,6 @@ import com.auth0.jwt.interfaces.Verification;
 import io.dataease.auth.entity.TokenInfo;
 import io.dataease.auth.entity.TokenInfo.TokenInfoBuilder;
 import io.dataease.commons.utils.CommonBeanFactory;
-import io.dataease.commons.utils.TokenCacheUtils;
 import io.dataease.exception.DataEaseException;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
@ -120,7 +119,6 @@ public class JWTUtils {
                    .withClaim("username", tokenInfo.getUsername())
                    .withClaim("userId", tokenInfo.getUserId());
            String sign = builder.withExpiresAt(date).sign(algorithm);
-            TokenCacheUtils.add(sign, tokenInfo.getUserId());
            return sign;

        } catch (Exception e) {
--- a/backend/src/main/java/io/dataease/commons/utils/TokenCacheUtils.java
+++ b/backend/src/main/java/io/dataease/commons/utils/TokenCacheUtils.java
@ -3,36 +3,76 @@ package io.dataease.commons.utils;
 import io.dataease.listener.util.CacheUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.ValueOperations;
+import org.springframework.stereotype.Component;

+import java.util.concurrent.TimeUnit;
+
+
+@Component
 public class TokenCacheUtils {

+
    private static final String KEY = "sys_token_store";
-    private static final String DELAY_KEY = "sys_token_store_delay";
+
+    private static String cacheType;
+
+    private static Long expTime;
+
+    @Value("${spring.cache.type:ehcache}")
+    public void setCacheType(String cacheType) {
+        TokenCacheUtils.cacheType = cacheType;
+    }
+
+    @Value("${dataease.login_timeout:480}")
+    public void setExpTime(Long expTime) {
+        TokenCacheUtils.expTime = expTime;
+    }
+
+    private static boolean useRedis() {
+        return StringUtils.equals(cacheType, "redis");
+    }
+
+
+    private static ValueOperations cacheHandler() {
+        RedisTemplate redisTemplate = (RedisTemplate) CommonBeanFactory.getBean("redisTemplate");
+        ValueOperations valueOperations = redisTemplate.opsForValue();
+        return valueOperations;
+    }

    public static void add(String token, Long userId) {
-        CacheUtils.put(KEY, token, userId, null, null);
+        if (useRedis()) {
+            ValueOperations valueOperations = cacheHandler();
+            valueOperations.set(KEY + token, userId, expTime, TimeUnit.MINUTES);
+            return;
+        }
+
+        Long time = expTime * 60;
+        CacheUtils.put(KEY, token, userId, time.intValue(), null);
+
    }

    public static void remove(String token) {
+        if (useRedis()) {
+            RedisTemplate redisTemplate = (RedisTemplate) CommonBeanFactory.getBean("redisTemplate");
+            String key = KEY + token;
+            if (redisTemplate.hasKey(key)) {
+                redisTemplate.delete(key);
+            }
+            return;
+        }
        CacheUtils.remove(KEY, token);
    }

-    public static boolean validate(String token) {
+    public static boolean invalid(String token) {
+        if (useRedis()) {
+            RedisTemplate redisTemplate = (RedisTemplate) CommonBeanFactory.getBean("redisTemplate");
+            return redisTemplate.hasKey(KEY + token);
+        }
        Object sys_token_store = CacheUtils.get(KEY, token);
        return ObjectUtils.isNotEmpty(sys_token_store) && StringUtils.isNotBlank(sys_token_store.toString());
    }

-    public static boolean validate(String token, Long userId) {
-        Object sys_token_store = CacheUtils.get(KEY, token);
-        return ObjectUtils.isNotEmpty(sys_token_store) && StringUtils.isNotBlank(sys_token_store.toString()) && userId == Long.parseLong(sys_token_store.toString());
-    }
-
-    public static void addWithTtl(String token, Long userId) {
-        CacheUtils.put(DELAY_KEY, token, userId, 3, 5);
-    }
-
-    public static boolean validateDelay(String token) {
-        Object tokenObj = CacheUtils.get(DELAY_KEY, token);
-        return ObjectUtils.isNotEmpty(tokenObj) && StringUtils.isNotBlank(tokenObj.toString());
-    }
 }