通过存储的token进行token的校验

2 years ago · c998c5bad3
parent ac9cf00500
commit c998c5bad3
5 changed files with 51 additions and 14 deletions
--- a/online-taxi-public/api-passenger/src/main/java/com/taxi/apipassenger/interceptor/InterceptorConfig.java
+++ b/online-taxi-public/api-passenger/src/main/java/com/taxi/apipassenger/interceptor/InterceptorConfig.java
@ -1,15 +1,26 @@
 package com.taxi.apipassenger.interceptor;

+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
 public class InterceptorConfig implements WebMvcConfigurer {
+
+    /**
+     * 在拦截器初始化时，JwtInterceptor的bean已经生成
+     * @return
+     */
+    @Bean
+    public JwtInterceptor jwtInterceptor(){
+        return new JwtInterceptor();
+    }
+
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
 //        WebMvcConfigurer.super.addInterceptors(registry);
-        registry.addInterceptor(new JwtInterceptor())
+        registry.addInterceptor(jwtInterceptor())
                .addPathPatterns("/**")//拦截的路径
                .excludePathPatterns("/noauthTest")
                .excludePathPatterns("/verification-code-check")
--- a/online-taxi-public/api-passenger/src/main/java/com/taxi/apipassenger/interceptor/JwtInterceptor.java
+++ b/online-taxi-public/api-passenger/src/main/java/com/taxi/apipassenger/interceptor/JwtInterceptor.java
@ -2,11 +2,14 @@ package com.taxi.apipassenger.interceptor;

 import com.auth0.jwt.exceptions.TokenExpiredException;
 import com.internal.dto.ResponseResult;
+import com.internal.dto.TokenResult;
 import com.internal.util.JwtUtils;
+import com.internal.util.RedisPrefixUtils;
 import net.sf.json.JSONObject;
-import org.springframework.lang.Nullable;
+import org.apache.commons.lang.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.web.servlet.HandlerInterceptor;
-import org.springframework.web.servlet.ModelAndView;

 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@ -15,15 +18,20 @@ import java.security.SignatureException;

 public class JwtInterceptor implements HandlerInterceptor {

+    @Autowired
+    private StringRedisTemplate stringRedisTemplate;
+
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        boolean resultBoolean = true;
        String resultStr = "";
        String token = request.getHeader("Authorization");

+        //解析token
+        TokenResult tokenResult = null;
        try {
            //解析token
-            JwtUtils.parseToken(token);
+            tokenResult =JwtUtils.parseToken(token);
        } catch (SignatureException exception) {
            resultStr = "token sign error ";
            resultBoolean = false;
@ -33,6 +41,28 @@ public class JwtInterceptor implements HandlerInterceptor {
        }catch (Exception exception){
            resultBoolean = false;
        }
+        if(tokenResult == null){
+            resultStr = "token sign error ";
+            resultBoolean = false;
+        }else{
+            //拼接tokenKey
+            String phone = tokenResult.getPassengerPhone();
+            String identity = tokenResult.getIdentity();
+            String tokenKey  = RedisPrefixUtils.getTokenPrefixKey(phone,identity);
+            //从redis中取出token
+            String redisToke = stringRedisTemplate.opsForValue().get(tokenKey);
+            if(StringUtils.isBlank(redisToke)){
+                resultStr = "token invalid ";
+                resultBoolean = false;
+            }else{
+                if(!token.trim().equals(redisToke)){
+                    resultStr = "token invalid ";
+                    resultBoolean = false;
+                }
+            }
+        }
+
+        //
        if(!resultBoolean){
            PrintWriter outPrintWriter = response.getWriter();
            JSONObject jsonObject = JSONObject.fromObject(ResponseResult.fail(resultStr));
--- a/online-taxi-public/api-passenger/src/main/java/com/taxi/apipassenger/service/VerificationCodeService.java
+++ b/online-taxi-public/api-passenger/src/main/java/com/taxi/apipassenger/service/VerificationCodeService.java
@ -3,21 +3,17 @@ package com.taxi.apipassenger.service;
 import com.internal.contant.CommonStatusEnum;
 import com.internal.contant.IdentityConstant;
 import com.internal.dto.ResponseResult;
-import com.internal.dto.TokenResult;
 import com.internal.request.VerificationCodeDTO;
 import com.internal.response.CheckCodeResponse;
 import com.internal.response.NumberResponse;
 import com.internal.util.JwtUtils;
-import com.internal.util.Utils;
+import com.internal.util.RedisPrefixUtils;
 import com.taxi.apipassenger.remote.ServicePassengerUserClient;
 import com.taxi.apipassenger.remote.ServiceVerificatoncodeClient;
-import net.sf.json.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.StringRedisTemplate;
-import org.springframework.stereotype.Indexed;
 import org.springframework.stereotype.Service;

-import java.lang.invoke.ConstantCallSite;
 import java.util.concurrent.TimeUnit;

@Service
@ -40,7 +36,7 @@ public class VerificationCodeService {
        int numberCode = responseResult.getData().getNumberCode();
        System.out.println("访问service-verificationcode服务，获取验证码：" + numberCode);
        //key,value,过期时间
-        String key = Utils.getVerificationCodePrefixKey(passenegerPhone);
+        String key = RedisPrefixUtils.getVerificationCodePrefixKey(passenegerPhone);
        //存入redis
        stringRedisTemplate.opsForValue().set(key, numberCode + "", 2, TimeUnit.MINUTES);

@ -56,7 +52,7 @@ public class VerificationCodeService {
     */
    public ResponseResult checkCode(String passenegerPhone, String verificationCode) {
        //一、根据手机号，reids-key规则，查询验证码
-        String key = Utils.getVerificationCodePrefixKey(passenegerPhone);
+        String key = RedisPrefixUtils.getVerificationCodePrefixKey(passenegerPhone);
        String codeRedis = stringRedisTemplate.opsForValue().get(key);
        System.out.println("redis中的code:" + codeRedis);

@ -76,7 +72,7 @@ public class VerificationCodeService {
                        IdentityConstant.PASSENGER_IDENTITY);
                
                //将token存入redis
-                String tokenKey = Utils.getTokenPrefixKey(passenegerPhone,
+                String tokenKey = RedisPrefixUtils.getTokenPrefixKey(passenegerPhone,
                        IdentityConstant.PASSENGER_IDENTITY);
                stringRedisTemplate.opsForValue().set(tokenKey,token,30,TimeUnit.DAYS);
                
--- a/online-taxi-public/api-passenger/target/classes/com/taxi/apipassenger/service/VerificationCodeService.class
+++ b/online-taxi-public/api-passenger/target/classes/com/taxi/apipassenger/service/VerificationCodeService.class
--- a/online-taxi-public/internal-common/src/main/java/com/internal/util/RedisPrefixUtils.java
+++ b/online-taxi-public/internal-common/src/main/java/com/internal/util/RedisPrefixUtils.java
@ -1,13 +1,13 @@
 package com.internal.util;

-public class Utils {
+public class RedisPrefixUtils {

    public static String getVerificationCodePrefixKey(String passenegerPhone) {
        return ApiPassengerConstant.verificationCodePrefix + passenegerPhone;
    }

    /**
-     * 根据手机号和身份标识，来生成token
+     * 根据手机号和身份标识，来生成tokenKey
     * @param passenegerPhone
     * @param identity
     * @return