fix(JWTToken): sign secret move to properties (#42)
diff --git a/backend/doc/deploy.md b/backend/doc/deploy.md
index f6a3a0e..c267f8e 100644
--- a/backend/doc/deploy.md
+++ b/backend/doc/deploy.md
@@ -29,6 +29,8 @@
![](image/配置文件.PNG)
+务必在application-prod.properties中设置jwt.sign.secret
+
2 打包
![](image/打包.png)
diff --git a/backend/src/main/java/org/apache/iotdb/admin/tool/JJwtTool.java b/backend/src/main/java/org/apache/iotdb/admin/tool/JJwtTool.java
index 8804107..fe0fa29 100644
--- a/backend/src/main/java/org/apache/iotdb/admin/tool/JJwtTool.java
+++ b/backend/src/main/java/org/apache/iotdb/admin/tool/JJwtTool.java
@@ -24,15 +24,30 @@
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import lombok.extern.slf4j.Slf4j;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.util.StringUtils;
+import java.util.ArrayList;
import java.util.Date;
+import java.util.List;
/** date:2022/12/6 author:yzf project_name:backend */
@Slf4j
+@Configuration
+@ConfigurationProperties(prefix = "jwt.sign")
public class JJwtTool {
- private static String secret =
- "HSyJ0eXAiOiJKV1QasdfffffffSd3g8923402347523fffasdfasgwaegwaegawegawegawegawetwgewagagew"
- + "asdf23r23DEEasdfawef134t2fawt2g325gafasdfasdfiLCJhbGciOiJIUzI1NiJ9";
+
+ private static List<String> jwtCache = new ArrayList<>();
+ private static String secret;
+
+ public String getSecret() {
+ return secret;
+ }
+
+ public void setSecret(String payload) {
+ secret = payload;
+ }
public static String generateToken(User user) {
log.info("user=" + user.toString());
@@ -40,20 +55,28 @@
// Calendar instance = Calendar.getInstance();
// instance.add(Calendar.HOUR_OF_DAY, 24);
Date expireDate = new Date(new Date().getTime() + (1000 * 60 * 60 * 10));
- return Jwts.builder()
- .setHeaderParam("type", "JWT")
- .setSubject(user.getId() + "")
- .setIssuedAt(now) // 签发时间
- .claim("userId", user.getId())
- .claim("name", user.getName())
- .setExpiration(expireDate) // 过期时间
- .signWith(SignatureAlgorithm.HS512, secret)
- .compact();
+ String compact =
+ Jwts.builder()
+ .setHeaderParam("type", "JWT")
+ .setSubject(user.getId() + "")
+ .setIssuedAt(now) // 签发时间
+ .claim("userId", user.getId())
+ .claim("name", user.getName())
+ .setExpiration(expireDate) // 过期时间
+ .signWith(SignatureAlgorithm.HS512, secret)
+ .compact();
+ if (StringUtils.hasLength(compact) && !jwtCache.contains(compact)) {
+ jwtCache.add(compact);
+ }
+ return compact;
}
/** 解析token */
public static Claims getClaimsByToken(String token) {
try {
+ if (StringUtils.hasLength(token) && !jwtCache.contains(token)) {
+ return null;
+ }
return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
} catch (Exception e) {
System.out.println("validate is token error");
diff --git a/backend/src/main/resources/application-dev.properties b/backend/src/main/resources/application-dev.properties
index bd75be1..121476b 100644
--- a/backend/src/main/resources/application-dev.properties
+++ b/backend/src/main/resources/application-dev.properties
@@ -36,4 +36,7 @@
spring.servlet.multipart.max-request-size=215MB
# All files generated during CSV import and export are stored in this folder
-file.temp-dir=./tempFile
\ No newline at end of file
+file.temp-dir=./tempFile
+
+# token secret
+jwt.sign.secret = HSyJ0eXAiOiJKV1QasdfffffffSd3g8923402347523fffasdfasgwaegwaegawegawegawegawetwgewagagewasdf23r23DEEasdfawef134t2fawt2g325gafasdfasdfiLCJhbGciOiJIUzI1NiJ9
diff --git a/backend/src/main/resources/application-prod.properties b/backend/src/main/resources/application-prod.properties
index e830534..66a5d2b 100644
--- a/backend/src/main/resources/application-prod.properties
+++ b/backend/src/main/resources/application-prod.properties
@@ -32,4 +32,7 @@
spring.servlet.multipart.max-request-size=215MB
# All files generated during CSV import and export are stored in this folder
-file.temp-dir=./tempFile
\ No newline at end of file
+file.temp-dir=./tempFile
+
+# token secret
+jwt.sign.secret =
diff --git a/backend/src/main/resources/application-test.properties b/backend/src/main/resources/application-test.properties
index 7cd752d..f661868 100644
--- a/backend/src/main/resources/application-test.properties
+++ b/backend/src/main/resources/application-test.properties
@@ -30,4 +30,7 @@
spring.servlet.multipart.max-file-size=200MB
spring.servlet.multipart.max-request-size=215MB
-file.temp-dir=./tempFile
\ No newline at end of file
+file.temp-dir=./tempFile
+
+# token secret
+jwt.sign.secret =