feat: 添加 TokenUtil，抽离 SecurityUtil

Author: cadecode

application/src/main/resources/application-dev.yml

@@ -1,6 +1,8 @@
 server:
   port: 8000
 spring:
+  application:
+    name: ${uni-boot.config.name}
   redis:
     host: localhost
     port: 6379
@@ -22,20 +24,19 @@ spring:
           password: ENC(donQ3DazAc4/6B+NFSRdxw==)
           driver-class-name: com.p6spy.engine.spy.P6SpyDriver
 
-# 关闭swagger认证
+# 关闭 swagger 认证
 knife4j:
   basic:
     enable: false
 
-# uni-boot-admin 配置
+# uni-boot 配置
 uni-boot:
   config:
     name: UniBootAdmin
     version: 0.0.1
     swagger-on: true
     dynamic-ds-on: false
     file-base-path: D:/uniboot/file/temp/
-  # swagger 配置
   swagger:
     title: Swagger 在线文档
     description: uni-boot-admin 在线文档 by swagger2
@@ -46,7 +47,6 @@ uni-boot:
     module:
       application: top.cadecode.uniboot.controller
       sample: top.cadecode.uniboot.business.sample.controller
-  # security 配置
   security:
     auth-model: redis
     token:

common/core/src/main/java/top/cadecode/uniboot/common/core/util/TokenUtil.java

@@ -0,0 +1,86 @@
+package top.cadecode.uniboot.common.core.util;
+
+import cn.hutool.json.JSONObject;
+import cn.hutool.jwt.JWT;
+
+import java.util.Date;
+import java.util.List;
+
+/**
+ * JWT token 工具栏
+ *
+ * @author Cade Li
+ * @date 2023/6/8
+ */
+public class TokenUtil {
+
+    private static final String ID_KEY = "id";
+    private static final String NAME_KEY = "username";
+    private static final String ROLES_KEY = "roles";
+
+    /**
+     * 生成 Jwt token
+     *
+     * @param id    用户 ID
+     * @param roles 角色
+     * @return token 字符串
+     */
+    public static String generateToken(long id, String name, List<String> roles, Long expiration, String secret) {
+        long expiredTime = System.currentTimeMillis() + expiration * 1000;
+        return JWT.create()
+                .setPayload(ID_KEY, id)
+                .setPayload(NAME_KEY, name)
+                .setPayload(ROLES_KEY, roles)
+                .setExpiresAt(new Date(expiredTime))
+                .setKey(secret.getBytes())
+                .sign();
+    }
+
+    /**
+     * 校验 token 正确性
+     *
+     * @param token token 字符串
+     * @return 是否通过校验
+     */
+    public static boolean verifyToken(String token, String secret) {
+        try {
+            return JWT.of(token)
+                    .setKey(secret.getBytes())
+                    .verify();
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+    /**
+     * 判断 token 是否过期
+     *
+     * @param token token 字符串
+     * @return 是否过期
+     */
+    public static boolean isExpired(String token, String secret) {
+        return !JWT.of(token)
+                .setKey(secret.getBytes())
+                .validate(0);
+    }
+
+    /**
+     * 获取 token 内容
+     *
+     * @param token token 字符串
+     * @return JSONObject
+     */
+    public static JSONObject getPayload(String token) {
+        return JWT.of(token).getPayloads();
+    }
+
+    /**
+     * 获取 token 内容 json 串
+     *
+     * @param token token 字符串
+     * @return json 串
+     */
+    public static String getPayloadStr(String token) {
+        return JWT.of(token).getPayloads().toString();
+    }
+}

framework/src/main/java/top/cadecode/uniboot/framework/config/SecurityConfig.java

@@ -60,6 +60,11 @@ public class SecurityConfig {
      */
     private List<String> ignoreUrls;
 
+    /**
+     * JWT Token 配置
+     */
+    private TokenConfig token;
+
     /**
      * 登录路径
      */
@@ -71,7 +76,6 @@ public class SecurityConfig {
     public static final String USERNAME_PARAMETER = "username";
     public static final String PASSWORD_PARAMETER = "password";
 
-
     /**
      * 注销路径
      */
@@ -174,4 +178,26 @@ public void configure(WebSecurity web) {
             }
         };
     }
+
+    /**
+     * JWT 配置类
+     */
+    @Data
+    public static class TokenConfig {
+
+        /**
+         * token 请求头字段
+         */
+        private String header;
+
+        /**
+         * token 过期时间，单位秒
+         */
+        private Long expiration;
+
+        /**
+         * 密钥
+         */
+        private String secret;
+    }
 }

framework/src/main/java/top/cadecode/uniboot/framework/controller/AuthController.java

@@ -16,7 +16,7 @@
 import top.cadecode.uniboot.common.plugin.log.enums.LogTypeEnum;
 import top.cadecode.uniboot.framework.annotation.ApiFormat;
 import top.cadecode.uniboot.framework.config.SecurityConfig;
-import top.cadecode.uniboot.framework.security.TokenAuthHolder;
+import top.cadecode.uniboot.framework.util.SecurityUtil;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -35,8 +35,6 @@
 @RequestMapping("auth")
 public class AuthController {
 
-    private final TokenAuthHolder tokenAuthHolder;
-
     /**
      * 复用Security login接口，方便swagger展示
      */
@@ -50,7 +48,7 @@ public ApiResult<?> login(HttpServletRequest request, HttpServletResponse respon
                 .form(SecurityConfig.USERNAME_PARAMETER, username)
                 .form(SecurityConfig.PASSWORD_PARAMETER, password)
                 .execute();
-        response.addHeader(tokenAuthHolder.getHeader(), loginRes.header(tokenAuthHolder.getHeader()));
+        response.addHeader(SecurityUtil.getHeader(), loginRes.header(SecurityUtil.getHeader()));
         return JacksonUtil.toBean(loginRes.body(), ApiResult.class);
     }
 
@@ -63,7 +61,7 @@ public ApiResult<?> login(HttpServletRequest request, HttpServletResponse respon
     public ApiResult<?> logout(HttpServletRequest request, HttpServletResponse response) {
         String replacedURL = request.getRequestURL().toString().replace("/auth/logout", SecurityConfig.LOGOUT_URL);
         HttpResponse loginRes = HttpUtil.createPost(replacedURL)
-                .header(tokenAuthHolder.getHeader(), request.getHeader(tokenAuthHolder.getHeader()))
+                .header(SecurityUtil.getHeader(), request.getHeader(SecurityUtil.getHeader()))
                 .execute();
         return JacksonUtil.toBean(loginRes.body(), ApiResult.class);
     }

framework/src/main/java/top/cadecode/uniboot/framework/controller/SysUserController.java

@@ -22,10 +22,10 @@
 import top.cadecode.uniboot.framework.bean.vo.SysMenuVo.SysMenuTreeVo;
 import top.cadecode.uniboot.framework.bean.vo.SysUserVo.SysUserRolesVo;
 import top.cadecode.uniboot.framework.convert.SysUserConvert;
-import top.cadecode.uniboot.framework.security.TokenAuthHolder;
 import top.cadecode.uniboot.framework.service.SysMenuService;
 import top.cadecode.uniboot.framework.service.SysRoleService;
 import top.cadecode.uniboot.framework.service.SysUserService;
+import top.cadecode.uniboot.framework.util.SecurityUtil;
 
 import javax.validation.Valid;
 import javax.validation.constraints.NotEmpty;
@@ -60,15 +60,15 @@ public class SysUserController {
     @ApiOperation("获取用户信息")
     @PostMapping("get_info")
     public SysUserInfoDto getInfo() {
-        SysUserDetailsDto userDetails = TokenAuthHolder.getUserDetails(null);
+        SysUserDetailsDto userDetails = SecurityUtil.getUserDetails(null);
         List<SysMenuTreeVo> sysMenuTreeVos = sysMenuService.listTreeVoByRoles(userDetails.getRoles());
         return SysUserInfoDto.builder().menuList(sysMenuTreeVos).build();
     }
 
     @ApiOperation("修改用户信息（用户中心）")
     @PostMapping("modify_info")
     public boolean modifyInfo(@RequestBody @Valid SysUserModifyInfoRequest request) {
-        SysUserDetailsDto userDetails = TokenAuthHolder.getUserDetails(null);
+        SysUserDetailsDto userDetails = SecurityUtil.getUserDetails(null);
         SysUser po = SysUserConvert.INSTANCE.requestToPo(request);
         po.setId(userDetails.getId());
         return sysUserService.updateById(po);
@@ -77,7 +77,7 @@ public boolean modifyInfo(@RequestBody @Valid SysUserModifyInfoRequest request)
     @ApiOperation("修改用户密码（用户中心）")
     @PostMapping("modify_pass")
     public boolean modifyPass(@RequestBody @Valid SysUserModifyPassRequest request) {
-        SysUserDetailsDto userDetails = TokenAuthHolder.getUserDetails(null);
+        SysUserDetailsDto userDetails = SecurityUtil.getUserDetails(null);
         SysUser sysUser = sysUserService.lambdaQuery().select(SysUser::getPassword)
                 .eq(SysUser::getId, userDetails.getId()).one();
         if (ObjectUtil.notEqual(request.getNewPass(), request.getConfirmedPass())) {

framework/src/main/java/top/cadecode/uniboot/framework/plugin/ApiLogHandler.java

@@ -19,8 +19,8 @@
 import top.cadecode.uniboot.framework.bean.dto.SysLogDto.SysLogInfoDto;
 import top.cadecode.uniboot.framework.bean.po.SysLog;
 import top.cadecode.uniboot.framework.convert.SysLogConvert;
-import top.cadecode.uniboot.framework.security.TokenAuthHolder;
 import top.cadecode.uniboot.framework.service.SysLogService;
+import top.cadecode.uniboot.framework.util.SecurityUtil;
 
 /**
  * Api Log 处理器实现
@@ -63,7 +63,7 @@ public SysLogInfoDto generateLog(ProceedingJoinPoint point, BaseLogInfo baseLogI
                 .logType(apiLogger.type())
                 .classMethod(point.getSignature().getDeclaringTypeName() + '.' + point.getSignature().getName())
                 .exceptional(baseLogInfo.getExceptional())
-                .accessUser(TokenAuthHolder.getUsername())
+                .accessUser(SecurityUtil.getUsername())
                 .description(description)
                 .url(baseLogInfo.getRequest().getRequestURL().toString())
                 .threadId(Long.toString(Thread.currentThread().getId()))

framework/src/main/java/top/cadecode/uniboot/framework/plugin/ObjectFillHandler.java

@@ -3,7 +3,7 @@
 import org.apache.ibatis.reflection.MetaObject;
 import org.springframework.stereotype.Component;
 import top.cadecode.uniboot.common.plugin.mybatis.handler.AbstractObjectFillHandler;
-import top.cadecode.uniboot.framework.security.TokenAuthHolder;
+import top.cadecode.uniboot.framework.util.SecurityUtil;
 
 /**
  * 对象填充处理器
@@ -15,6 +15,6 @@
 public class ObjectFillHandler extends AbstractObjectFillHandler {
     @Override
     public void updateUser(MetaObject metaObject) {
-        this.setFieldValByName("updateUser", TokenAuthHolder.getUsername(), metaObject);
+        this.setFieldValByName("updateUser", SecurityUtil.getUsername(), metaObject);
     }
 }