fix(JWTToken): sign secret move to properties (#42)
diff --git a/backend/doc/deploy.md b/backend/doc/deploy.md index f6a3a0e..c267f8e 100644 --- a/backend/doc/deploy.md +++ b/backend/doc/deploy.md
@@ -29,6 +29,8 @@  +务必在application-prod.properties中设置jwt.sign.secret + 2 打包 
diff --git a/backend/src/main/java/org/apache/iotdb/admin/tool/JJwtTool.java b/backend/src/main/java/org/apache/iotdb/admin/tool/JJwtTool.java index 8804107..fe0fa29 100644 --- a/backend/src/main/java/org/apache/iotdb/admin/tool/JJwtTool.java +++ b/backend/src/main/java/org/apache/iotdb/admin/tool/JJwtTool.java
@@ -24,15 +24,30 @@ import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import lombok.extern.slf4j.Slf4j; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.context.annotation.Configuration; +import org.springframework.util.StringUtils; +import java.util.ArrayList; import java.util.Date; +import java.util.List; /** date:2022/12/6 author:yzf project_name:backend */ @Slf4j +@Configuration +@ConfigurationProperties(prefix = "jwt.sign") public class JJwtTool { - private static String secret = - "HSyJ0eXAiOiJKV1QasdfffffffSd3g8923402347523fffasdfasgwaegwaegawegawegawegawetwgewagagew" - + "asdf23r23DEEasdfawef134t2fawt2g325gafasdfasdfiLCJhbGciOiJIUzI1NiJ9"; + + private static List<String> jwtCache = new ArrayList<>(); + private static String secret; + + public String getSecret() { + return secret; + } + + public void setSecret(String payload) { + secret = payload; + } public static String generateToken(User user) { log.info("user=" + user.toString()); @@ -40,20 +55,28 @@ // Calendar instance = Calendar.getInstance(); // instance.add(Calendar.HOUR_OF_DAY, 24); Date expireDate = new Date(new Date().getTime() + (1000 * 60 * 60 * 10)); - return Jwts.builder() - .setHeaderParam("type", "JWT") - .setSubject(user.getId() + "") - .setIssuedAt(now) // 签发时间 - .claim("userId", user.getId()) - .claim("name", user.getName()) - .setExpiration(expireDate) // 过期时间 - .signWith(SignatureAlgorithm.HS512, secret) - .compact(); + String compact = + Jwts.builder() + .setHeaderParam("type", "JWT") + .setSubject(user.getId() + "") + .setIssuedAt(now) // 签发时间 + .claim("userId", user.getId()) + .claim("name", user.getName()) + .setExpiration(expireDate) // 过期时间 + .signWith(SignatureAlgorithm.HS512, secret) + .compact(); + if (StringUtils.hasLength(compact) && !jwtCache.contains(compact)) { + jwtCache.add(compact); + } + return compact; } /** 解析token */ public static Claims getClaimsByToken(String token) { try { + if (StringUtils.hasLength(token) && !jwtCache.contains(token)) { + return null; + } return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody(); } catch (Exception e) { System.out.println("validate is token error");
diff --git a/backend/src/main/resources/application-dev.properties b/backend/src/main/resources/application-dev.properties index bd75be1..121476b 100644 --- a/backend/src/main/resources/application-dev.properties +++ b/backend/src/main/resources/application-dev.properties
@@ -36,4 +36,7 @@ spring.servlet.multipart.max-request-size=215MB # All files generated during CSV import and export are stored in this folder -file.temp-dir=./tempFile \ No newline at end of file +file.temp-dir=./tempFile + +# token secret +jwt.sign.secret = HSyJ0eXAiOiJKV1QasdfffffffSd3g8923402347523fffasdfasgwaegwaegawegawegawegawetwgewagagewasdf23r23DEEasdfawef134t2fawt2g325gafasdfasdfiLCJhbGciOiJIUzI1NiJ9
diff --git a/backend/src/main/resources/application-prod.properties b/backend/src/main/resources/application-prod.properties index e830534..66a5d2b 100644 --- a/backend/src/main/resources/application-prod.properties +++ b/backend/src/main/resources/application-prod.properties
@@ -32,4 +32,7 @@ spring.servlet.multipart.max-request-size=215MB # All files generated during CSV import and export are stored in this folder -file.temp-dir=./tempFile \ No newline at end of file +file.temp-dir=./tempFile + +# token secret +jwt.sign.secret =
diff --git a/backend/src/main/resources/application-test.properties b/backend/src/main/resources/application-test.properties index 7cd752d..f661868 100644 --- a/backend/src/main/resources/application-test.properties +++ b/backend/src/main/resources/application-test.properties
@@ -30,4 +30,7 @@ spring.servlet.multipart.max-file-size=200MB spring.servlet.multipart.max-request-size=215MB -file.temp-dir=./tempFile \ No newline at end of file +file.temp-dir=./tempFile + +# token secret +jwt.sign.secret =