1、get忽略target文件夹 2、jwt优化

liyj

2024-08-17 7ebfa2e67f3c69a6973aa2cbf46a9c493c311010

1、get忽略target文件夹
2、jwt优化

 .gitignore

@@ -18,4 +18,6 @@
dyh-service/dyh-sys/target/
dyh-service/dyh-utils/logs/
dyh-service/dyh-utils/target/
dyh-service/dyh-sync/logs/
dyh-service/dyh-sync/target/
logs/

 dyh-gateway/src/main/java/cn/huge/gateway/filter/AuthFilter.java

@@ -46,16 +46,14 @@
    @Value("${jwt.secret-key}")
    private String secretKey;

    @Value("${jwt.iss_user.format}")
    private String issUser;

    @Value("${jwt.auth-skip-urls}")
    private String[] skipAuthUrls;

    @Value("${jwt.blacklist-key.format}")
    private String jwtBlacklistKeyFormat;

    /**
     * jwt用户
     */
    private static String ISSUSER = "HUGEINFO";

    @Override
    public int getOrder() {
@@ -89,52 +87,43 @@
            if (status) {
                return chain.filter(exchange);
            } else {
                // todo 运营中心暂时写死token
                if (url.indexOf("dyh-oper") != -1) {
                    String userId = "10001";
                    ServerHttpRequest mutableReq = null;
                    exchange.getRequest().mutate().header("Authorization-userId", userId).build();
                    ServerWebExchange mutableExchange = exchange.mutate().request(mutableReq).build();
                    return chain.filter(mutableExchange);
                //从请求头中取出token
                String token = exchange.getRequest().getHeaders().getFirst("Authorization");
                //未携带token或token在黑名单内
                if (StringUtils.isEmpty(token) || isBlackToken(token)) {
                    ServerHttpResponse originalResponse = exchange.getResponse();
                    originalResponse.setStatusCode(HttpStatus.OK);
                    originalResponse.getHeaders().add("Content-Type", "application/json;charset=UTF-8");
                    byte[] response = "{\"code\": \"401\",\"msg\": \"用户未登录，请进行登录！\"}"
                            .getBytes(StandardCharsets.UTF_8);
                    DataBuffer buffer = originalResponse.bufferFactory().wrap(response);
                    return originalResponse.writeWith(Flux.just(buffer));
                } else {
                    //从请求头中取出token
                    String token = exchange.getRequest().getHeaders().getFirst("Authorization");
                    //未携带token或token在黑名单内
                    if (StringUtils.isEmpty(token) || isBlackToken(token)) {
                    //取出token包含的身份
                    Map<String, Object> result = verifyJWT(token);
                    int code = (int) result.get("code");
                    if (code != 0) {
                        ServerHttpResponse originalResponse = exchange.getResponse();
                        originalResponse.setStatusCode(HttpStatus.OK);
                        originalResponse.getHeaders().add("Content-Type", "application/json;charset=UTF-8");
                        byte[] response = "{\"code\": \"401\",\"msg\": \"用户未登录，请进行登录！\"}"
                                .getBytes(StandardCharsets.UTF_8);
                        String responseResult = "{\"code\": \"" + code + "\", \"msg\": \"" + result.get("msg") + "\"}";
                        byte[] response = responseResult.getBytes(StandardCharsets.UTF_8);
                        DataBuffer buffer = originalResponse.bufferFactory().wrap(response);
                        return originalResponse.writeWith(Flux.just(buffer));
                    } else {
                        //取出token包含的身份
                        Map<String, Object> result = verifyJWT(token);
                        int code = (int) result.get("code");
                        if (code != 0) {
                            ServerHttpResponse originalResponse = exchange.getResponse();
                            originalResponse.setStatusCode(HttpStatus.OK);
                            originalResponse.getHeaders().add("Content-Type", "application/json;charset=UTF-8");
                            String responseResult = "{\"code\": \"" + code + "\", \"msg\": \"" + result.get("msg") + "\"}";
                            byte[] response = responseResult.getBytes(StandardCharsets.UTF_8);
                            DataBuffer buffer = originalResponse.bufferFactory().wrap(response);
                            return originalResponse.writeWith(Flux.just(buffer));
                        //将现在的request，添加当前身份
                        String userId = (String) result.get("userId");
                        ServerHttpRequest mutableReq = null;
                        String custId = (String) result.get("custId");
                        if (StringUtils.isNotEmpty(custId)) {
                            URI uri = exchange.getRequest().getURI();
                            URI newUri = assembleUri(uri, custId);
                            exchange.getRequest().mutate().uri(newUri).header("Authorization-userId", userId).header("Authorization-custId", custId).build();
                        } else {
                            //将现在的request，添加当前身份
                            String userId = (String) result.get("userId");
                            ServerHttpRequest mutableReq = null;
                            String custId = (String) result.get("custId");
                            if (StringUtils.isNotEmpty(custId)) {
                                URI uri = exchange.getRequest().getURI();
                                URI newUri = assembleUri(uri, custId);
                                exchange.getRequest().mutate().uri(newUri).header("Authorization-userId", userId).header("Authorization-custId", custId).build();
                            } else {
                                exchange.getRequest().mutate().header("Authorization-userId", userId).build();
                            }
                            ServerWebExchange mutableExchange = exchange.mutate().request(mutableReq).build();
                            return chain.filter(mutableExchange);
                            exchange.getRequest().mutate().header("Authorization-userId", userId).build();
                        }
                        ServerWebExchange mutableExchange = exchange.mutate().request(mutableReq).build();
                        return chain.filter(mutableExchange);
                    }
                }
            }
@@ -151,7 +140,7 @@
        try {
            Algorithm algorithm = Algorithm.HMAC256(secretKey);
            JWTVerifier verifier = JWT.require(algorithm)
                    .withIssuer(ISSUSER)
                    .withIssuer(issUser)
                    .build();
            DecodedJWT jwt = verifier.verify(token);
            String userId = jwt.getClaim("userId").asString();

 dyh-gateway/src/main/resources/config/application.yml

@@ -39,6 +39,8 @@
jwt:
  #jwt生成密钥
  secret-key: asdfghjkl
  #用户
  iss_user: HUGEINFO
  refresh-token-key:
    #refreshToken 存储key
    format: JWT_REFRESH_TOKEN::%s

 dyh-service/dyh-cust/src/main/java/cn/huge/module/utils/JwtUtils.java

File was renamed from dyh-service/dyh-base/src/main/java/cn/huge/base/common/utils/JwtUtils.java
@@ -1,4 +1,4 @@
package cn.huge.base.common.utils;
package cn.huge.module.utils;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
@@ -22,6 +22,11 @@
     * jwt生成密钥
     */
    public static String secretKey;

    /**
     * jwt生成密钥
     */
    public static String issUser;

    /**
     * token过期时间：4小时
@@ -48,6 +53,11 @@
        secretKey = secret_Key;
    }

    @Value("${jwt.iss_user}")
    public void setIssUser(String iss_user) {
        issUser = iss_user;
    }

    @Value("${jwt.token.expire-time}")
    public void setTokenExpireTime(long token_expire_time) {
        tokenExpireTime = token_expire_time;
@@ -69,11 +79,6 @@
    }

    /**
     * jwt用户
     */
    private static String ISSUSER = "HUGEINFO";

    /**
     * 生成token
     * @param userId 登录用户标识
     * @return String
@@ -83,7 +88,7 @@
        Date now = new Date();
        Algorithm algo = Algorithm.HMAC256(secretKey);
        String token = JWT.create()
                .withIssuer(ISSUSER)
                .withIssuer(issUser)
                .withIssuedAt(now)
                .withExpiresAt(new Date(now.getTime() + tokenExpireTime))
                .withClaim("userId", userId)
@@ -102,35 +107,13 @@
        Date now = new Date();
        Algorithm algo = Algorithm.HMAC256(secretKey);
        String token = JWT.create()
                .withIssuer(ISSUSER)
                .withIssuer(issUser)
                .withIssuedAt(now)
                .withExpiresAt(new Date(now.getTime() + tokenExpireTime))
                .withClaim("custId", custId)
                .withClaim("userId", userId)
                .sign(algo);
        return token;
    }

    /**
     * 生成讯飞token
     * @return
     */
    public static String buildXfJWT(){
        //生成jwt
        Date time = new Date();
        String secret = "D34F84C9963548A9BA4A70AD6D61A99E";
        String appId = "1000000001";
        Algorithm algorithm = Algorithm.HMAC256(secret);
        String auth = JWT.create()
                .withIssuer(appId)
                .withClaim("time", time+"")
                .sign(algorithm);
        return "Bearer "+auth;
    }

    public static void main(String[] args) {
        String auth = buildXfJWT();
        System.out.println(auth);
    }
}
/**

 dyh-service/dyh-cust/src/main/resources/config/application.yml

@@ -65,6 +65,8 @@
jwt:
  #jwt生成密钥
  secret-key: asdfghjkl
  #用户
  iss_user: HUGEINFO
  refresh-token-key:
    #refreshToken 存储key
    format: JWT_REFRESH_TOKEN::%s

 dyh-service/dyh-cust/src/test/java/cn/huge/module/DyhCustApplicationTest.java

@@ -1,6 +1,5 @@
package cn.huge.module;

import cn.huge.base.common.utils.JwtUtils;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;