From ac10fe63e7172c7921e09656b11ba768d12fceb9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BC=A0=E9=9F=AC?= <2360164671@qq.com>
Date: Tue, 28 Jun 2022 20:18:45 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E4=BA=86=E6=8B=A6=E6=88=AA?=
=?UTF-8?q?=E5=99=A8=E5=92=8CToken=E7=9A=84=E5=88=9D=E6=AD=A5=E6=96=B9?=
=?UTF-8?q?=E6=A1=88?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
pom.xml | 5 ++
.../projectmanagement/config/WebConfig.java | 39 +++++++++++
.../projectmanagement/entity/Response.java | 27 ++++++++
.../interceptor/CorsInterceptor.java | 32 ++++++++++
.../interceptor/TokenInterceptor.java | 46 +++++++++++++
.../projectmanagement/utils/TokenUtils.java | 64 +++++++++++++++++++
6 files changed, 213 insertions(+)
create mode 100644 src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/config/WebConfig.java
create mode 100644 src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/entity/Response.java
create mode 100644 src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/CorsInterceptor.java
create mode 100644 src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/TokenInterceptor.java
create mode 100644 src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/TokenUtils.java
diff --git a/pom.xml b/pom.xml
index a2a327d..10f64a0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -105,6 +105,11 @@
springfox-boot-starter
3.0.0
+
+ com.auth0
+ java-jwt
+ 3.19.2
+
diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/config/WebConfig.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/config/WebConfig.java
new file mode 100644
index 0000000..5fddf4f
--- /dev/null
+++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/config/WebConfig.java
@@ -0,0 +1,39 @@
+package cn.edu.hfut.rmdjzz.projectmanagement.config;
+
+import cn.edu.hfut.rmdjzz.projectmanagement.interceptor.CorsInterceptor;
+import cn.edu.hfut.rmdjzz.projectmanagement.interceptor.TokenInterceptor;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import javax.annotation.Resource;
+
+/**
+ * @author 张韬
+ * created at 2022/6/28 19:44
+ */
+@Configuration
+public class WebConfig implements WebMvcConfigurer {
+ @Resource
+ private CorsInterceptor corsInterceptor;
+
+ @Override
+ public void addInterceptors(InterceptorRegistry registry) {
+ registry.addInterceptor(corsInterceptor).addPathPatterns("/**");
+ registry.addInterceptor(new TokenInterceptor())
+ .addPathPatterns("/**")
+ .excludePathPatterns("/api/login");
+ }
+ /*
+ @Override
+ public void addCorsMappings(CorsRegistry registry) {
+ registry.addMapping("/**")
+ .allowedOriginPatterns("*")
+ .allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS")
+ .allowedHeaders("token")
+ .allowCredentials(true)
+ .maxAge(3600)
+ .allowedHeaders("*");
+ }
+ */
+}
\ No newline at end of file
diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/entity/Response.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/entity/Response.java
new file mode 100644
index 0000000..fb7669c
--- /dev/null
+++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/entity/Response.java
@@ -0,0 +1,27 @@
+package cn.edu.hfut.rmdjzz.projectmanagement.entity;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import lombok.Data;
+
+import java.io.Serializable;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author 张韬
+ * created at 2022/6/28 18:32
+ */
+@Data
+public class Response implements Serializable {
+ private int code;
+ private String msg;
+ Map data = new HashMap<>();
+ public void put(String key,Object value){
+ data.put(key,value);
+ }
+ public String JsonString() throws JsonProcessingException {
+ ObjectMapper objectMapper = new ObjectMapper();
+ return objectMapper.writeValueAsString(this);
+ }
+}
diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/CorsInterceptor.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/CorsInterceptor.java
new file mode 100644
index 0000000..4647214
--- /dev/null
+++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/CorsInterceptor.java
@@ -0,0 +1,32 @@
+package cn.edu.hfut.rmdjzz.projectmanagement.interceptor;
+
+import org.springframework.http.HttpMethod;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author 张韬
+ * created at 2022/6/28 18:13
+ */
+@Component
+public class CorsInterceptor implements HandlerInterceptor {
+
+ @Override
+ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+ response.setHeader("Access-Control-Allow-Origin", "*");
+ response.setHeader("Access-Control-Allow-Methods", "*");
+ response.setHeader("Access-Control-Allow-Headers", "content-type,token");
+ response.setHeader("Content-Type", "application/json;charset=utf-8");
+ response.setHeader("Access-Control-Allow-Credentials","false");
+ // 如果是OPTIONS则结束请求
+ if (HttpMethod.OPTIONS.toString().equals(request.getMethod())) {
+ response.setStatus(200);
+ return false;
+ }
+
+ return true;
+ }
+}
diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/TokenInterceptor.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/TokenInterceptor.java
new file mode 100644
index 0000000..d261f58
--- /dev/null
+++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/TokenInterceptor.java
@@ -0,0 +1,46 @@
+package cn.edu.hfut.rmdjzz.projectmanagement.interceptor;
+
+import cn.edu.hfut.rmdjzz.projectmanagement.entity.Response;
+import cn.edu.hfut.rmdjzz.projectmanagement.utils.TokenUtils;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author 张韬
+ * created at 2022/6/28 18:16
+ */
+@Component
+public class TokenInterceptor implements HandlerInterceptor {
+ @Override
+ public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception {
+ System.out.println(httpServletRequest.getRequestURL()+" "+httpServletRequest.getMethod());
+ if (!(object instanceof HandlerMethod)) {
+ return false;
+ }
+ String token = httpServletRequest.getHeader("token");
+ if (null == token || "".equals(token.trim())) {
+ Response res=new Response();
+ res.setMsg("缺少Token");
+ res.setCode(HttpStatus.UNAUTHORIZED.value());
+ httpServletResponse.getWriter().print(res.JsonString());
+ return false;
+ }
+ if(token.charAt(0)=='"'||token.charAt(0)=='\'')
+ token=token.substring(1,token.length()-1);
+ System.out.println(token);
+ if(!TokenUtils.checkToken(token)){
+ Response res=new Response();
+ res.setMsg("无效的Token");
+ res.setCode(HttpStatus.UNAUTHORIZED.value());
+ httpServletResponse.getWriter().print(res.JsonString());
+ return false;
+ }
+ httpServletRequest.setAttribute("token", TokenUtils.autoRequire(token));
+ return true;
+ }
+}
diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/TokenUtils.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/TokenUtils.java
new file mode 100644
index 0000000..74cff18
--- /dev/null
+++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/TokenUtils.java
@@ -0,0 +1,64 @@
+package cn.edu.hfut.rmdjzz.projectmanagement.utils;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.JWTVerifier;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.exceptions.JWTVerificationException;
+import com.auth0.jwt.interfaces.DecodedJWT;
+
+import java.util.Date;
+
+/**
+ * @author 张韬
+ * created at 2022/6/28 18:20
+ */
+public final class TokenUtils {
+ public final static String pvKey="SignedByRMDJZZ";
+ public static String getToken(String username){
+ return JWT.create()
+ .withClaim("username", username)
+ .withIssuedAt(new Date())
+ .withExpiresAt(new Date(System.currentTimeMillis() + 5*60*60*1000))
+ .sign(Algorithm.HMAC256(pvKey));
+
+ }
+ public static boolean checkToken(String token) {
+ JWTVerifier verifier = JWT.require(Algorithm.HMAC256(pvKey)).build();
+ try {
+ verifier.verify(token);
+ return true;
+ } catch (JWTVerificationException e) {
+ e.printStackTrace();
+ return false;
+ }
+ }
+ public static boolean checkTimeOut(String token){
+ if(!checkToken(token))
+ return true;
+ return JWT.decode(token).getClaim("exp").asLong()<(System.currentTimeMillis()/1000);
+ }
+ public static String getUsername(String token){
+ if(!checkToken(token))
+ return "";
+ return JWT.decode(token).getClaim("username").asString();
+ }
+ public static String refreshToken(String token) {
+ return getToken(getUsername(token));
+ }
+ public static String autoRequire(String token) {
+ boolean check = checkToken(token);
+ if (check) {
+ DecodedJWT jwt = JWT.decode(token);
+ long current = System.currentTimeMillis() / 1000;
+ Long start = jwt.getClaim("iat").asLong();
+ Long end = jwt.getClaim("exp").asLong();
+ if ((current - start) * 1.0 / (end - start) > 0.8) {
+ return refreshToken(token);
+ } else {
+ return token;
+ }
+ } else {
+ return "";
+ }
+ }
+}