tongtong/youlai-boot
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 修改密码将token加入黑名单使其会话失效

Browse Source
This commit is contained in:
Ray.Hao
2024-10-12 08:18:13 +08:00
parent 7ef553c856
commit cc03add4a3
3 changed files with 67 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/main/java/com/youlai/boot/shared/auth/service/impl/AuthServiceImpl.java
View File

@@ -5,28 +5,22 @@ import cn.hutool.captcha.CaptchaUtil;
import cn.hutool.captcha.generator.CodeGenerator;
import cn.hutool.core.util.IdUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.json.JSONObject;
import cn.hutool.jwt.JWTPayload;
import cn.hutool.jwt.JWTUtil;
import com.youlai.boot.common.constant.SecurityConstants;
import com.youlai.boot.core.security.util.SecurityUtils;
import com.youlai.boot.shared.auth.enums.CaptchaTypeEnum;
import com.youlai.boot.shared.auth.service.AuthService;
import com.youlai.boot.system.model.dto.CaptchaResult;
import com.youlai.boot.system.model.dto.LoginResult;
import com.youlai.boot.config.property.CaptchaProperties;
import com.youlai.boot.core.security.util.JwtUtils;
import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpHeaders;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import java.awt.*;
import java.util.concurrent.TimeUnit;
@@ -78,32 +72,10 @@ public class AuthServiceImpl implements AuthService {
*/
@Override
public void logout() {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String token = request.getHeader(HttpHeaders.AUTHORIZATION);
if (StrUtil.isNotBlank(token) && token.startsWith(SecurityConstants.JWT_TOKEN_PREFIX)) {
token = token.substring(SecurityConstants.JWT_TOKEN_PREFIX.length());
// 解析Token以获取有效载荷payload
JSONObject payloads = JWTUtil.parseToken(token).getPayloads();
// 解析 Token 获取 jti(JWT ID) 和 exp(过期时间)
String jti = payloads.getStr(JWTPayload.JWT_ID);
Long expiration = payloads.getLong(JWTPayload.EXPIRES_AT); // 过期时间(秒)
// 如果exp存在则计算Token剩余有效时间
if (expiration != null) {
long currentTimeSeconds = System.currentTimeMillis() / 1000;
if (expiration < currentTimeSeconds) {
// Token已过期不再加入黑名单
return;
}
// 将Token的jti加入黑名单并设置剩余有效时间使其在过期后自动从黑名单移除
long ttl = expiration - currentTimeSeconds;
redisTemplate.opsForValue().set(SecurityConstants.BLACKLIST_TOKEN_PREFIX + jti, null, ttl, TimeUnit.SECONDS);
} else {
// 如果exp不存在说明Token永不过期则永久加入黑名单
redisTemplate.opsForValue().set(SecurityConstants.BLACKLIST_TOKEN_PREFIX + jti, null);
}
String token = SecurityUtils.getTokenFromRequest();
if (StrUtil.isNotBlank(token)) {
SecurityUtils.invalidateToken(token);
}
// 清空Spring Security上下文
SecurityContextHolder.clearContext();
}
/**