Merge branch 'master' of github.com:haoxianrui/youlai-boot

src/main/java/com/youlai/boot/core/security/token/JwtTokenManager.java

@@ -126,6 +126,11 @@ public class JwtTokenManager implements TokenManager {
         return isValid;
     }
 
+    @Override
+    public boolean validateRefreshToken(String refreshToken) {
+        return this.validateToken(refreshToken);
+    }
+
     /**
      * 将令牌加入黑名单
      *
@@ -176,7 +181,7 @@ public class JwtTokenManager implements TokenManager {
         }
 
         Authentication authentication = parseToken(refreshToken);
-        int accessTokenExpiration = securityProperties.getSession().getRefreshTokenTimeToLive();
+        int accessTokenExpiration = securityProperties.getSession().getAccessTokenTimeToLive();
         String newAccessToken = generateToken(authentication, accessTokenExpiration);
 
         return AuthenticationToken.builder()

src/main/java/com/youlai/boot/core/security/token/RedisTokenManager.java

@@ -115,6 +115,17 @@ public class RedisTokenManager implements TokenManager {
         return redisTemplate.hasKey(formatTokenKey(token));
     }
 
+    /**
+     * 校验 RefreshToken 是否有效
+     *
+     * @param refreshToken  访问令牌
+     * @return 是否有效
+     */
+    @Override
+    public boolean validateRefreshToken(String refreshToken) {
+        return redisTemplate.hasKey(formatRefreshTokenKey(refreshToken));
+    }
+
     /**
      * 刷新令牌
      *
@@ -255,6 +266,16 @@ public class RedisTokenManager implements TokenManager {
         return StrUtil.format(RedisConstants.Auth.ACCESS_TOKEN_USER, token);
     }
 
+    /**
+     * 格式化刷新令牌的 Redis 键
+     *
+     * @param refreshToken 访问令牌
+     * @return 格式化后的 Redis 键
+     */
+    private String formatRefreshTokenKey(String refreshToken) {
+        return StrUtil.format(RedisConstants.Auth.REFRESH_TOKEN_USER, refreshToken);
+    }
+
     /**
      * 将值存储到 Redis
      *

src/main/java/com/youlai/boot/core/security/token/TokenManager.java

@@ -38,6 +38,14 @@ public interface TokenManager {
      */
     boolean validateToken(String token);
 
+    /**
+     * 校验 刷新 Token 是否有效
+     *
+     * @param refreshToken JWT Token
+     * @return 是否有效
+     */
+    boolean validateRefreshToken(String refreshToken);
+
     /**
      *  刷新 Token
      *

src/main/java/com/youlai/boot/shared/auth/service/impl/AuthServiceImpl.java

@@ -218,7 +218,7 @@ public class AuthServiceImpl implements AuthService {
     @Override
     public AuthenticationToken refreshToken(String refreshToken) {
         // 验证刷新令牌
-        boolean isValidate = tokenManager.validateToken(refreshToken);
+        boolean isValidate = tokenManager.validateRefreshToken(refreshToken);
 
         if (!isValidate) {
             throw new BusinessException(ResultCode.REFRESH_TOKEN_INVALID);

src/main/resources/application-dev.yml

@@ -85,6 +85,7 @@ security:
     - /api/v1/auth/login/**       # 登录接口(账号密码登录、手机验证码登录和微信登录)
     - /api/v1/auth/captcha        # 验证码获取接口
     - /api/v1/auth/refresh-token  # 刷新令牌接口
+    - /api/v1/auth/logout         # 开放退出登录
     - /ws/**                      # WebSocket接口
   # 非安全端点路径，完全绕过 Spring Security 的安全控制
   unsecured-urls:
@@ -220,4 +221,4 @@ captcha:
 wx:
   miniapp:
     app-id: xxxxxx
-    app-secret: xxxxxx
+    app-secret: xxxxxx