package tech.powerjob.server.auth.jwt.impl;
|
|
import com.google.common.collect.Maps;
|
import io.jsonwebtoken.*;
|
import io.jsonwebtoken.io.Decoders;
|
import io.jsonwebtoken.security.Keys;
|
import lombok.extern.slf4j.Slf4j;
|
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.exception.ExceptionUtils;
|
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.stereotype.Service;
|
import tech.powerjob.server.auth.jwt.JwtService;
|
import tech.powerjob.server.auth.jwt.ParseResult;
|
import tech.powerjob.server.auth.jwt.SecretProvider;
|
|
import javax.annotation.Resource;
|
import java.security.Key;
|
import java.util.Date;
|
import java.util.Map;
|
import java.util.UUID;
|
|
/**
|
* JWT 默认实现
|
*
|
* @author tjq
|
* @since 2023/3/20
|
*/
|
@Slf4j
|
@Service
|
public class JwtServiceImpl implements JwtService {
|
|
@Resource
|
private SecretProvider secretProvider;
|
|
/**
|
* JWT 客户端过期时间
|
*/
|
@Value("${oms.auth.security.jwt.expire-seconds:604800}")
|
private int jwtExpireTime;
|
|
/**
|
* <a href="https://music.163.com/#/song?id=167975">GoodSong</a>
|
*/
|
private static final String BASE_SECURITY =
|
"CengMengXiangZhangJianZouTianYa" +
|
"KanYiKanShiJieDeFanHua" +
|
"NianShaoDeXinZongYouXieQingKuang" +
|
"RuJinWoSiHaiWeiJia"
|
;
|
|
@Override
|
public String build(Map<String, Object> body, String extraSk) {
|
|
final String secret = fetchSk(extraSk);
|
return innerBuild(secret, jwtExpireTime, body);
|
}
|
|
static String innerBuild(String secret, int expireSeconds, Map<String, Object> body) {
|
JwtBuilder jwtBuilder = Jwts.builder()
|
.setHeaderParam("typ", "JWT")
|
.addClaims(body)
|
.setSubject("PowerJob")
|
.setExpiration(new Date(System.currentTimeMillis() + 1000L * expireSeconds))
|
.setId(UUID.randomUUID().toString())
|
.signWith(genSecretKey(secret), SignatureAlgorithm.HS256);
|
return jwtBuilder.compact();
|
}
|
|
@Override
|
public ParseResult parse(String jwt, String extraSk) {
|
try {
|
Map<String, Object> parseResult = innerParse(fetchSk(extraSk), jwt);
|
return new ParseResult().setStatus(ParseResult.Status.SUCCESS).setResult(parseResult);
|
} catch (ExpiredJwtException expiredJwtException) {
|
return new ParseResult().setStatus(ParseResult.Status.EXPIRED).setMsg(expiredJwtException.getMessage());
|
} catch (Exception e) {
|
log.warn("[JwtService] parse jwt[{}] with extraSk[{}] failed", jwt, extraSk, e);
|
return new ParseResult().setStatus(ParseResult.Status.FAILED).setMsg(ExceptionUtils.getMessage(e));
|
}
|
}
|
|
private String fetchSk(String extraSk) {
|
if (StringUtils.isEmpty(extraSk)) {
|
return secretProvider.fetchSecretKey();
|
}
|
return secretProvider.fetchSecretKey().concat(extraSk);
|
}
|
|
static Map<String, Object> innerParse(String secret, String jwtStr) {
|
final Jws<Claims> claimsJws = Jwts.parserBuilder()
|
.setSigningKey(genSecretKey(secret))
|
.build()
|
.parseClaimsJws(jwtStr);
|
Map<String, Object> ret = Maps.newHashMap();
|
ret.putAll(claimsJws.getBody());
|
return ret;
|
}
|
|
private static Key genSecretKey(String secret) {
|
byte[] keyBytes = Decoders.BASE64.decode(BASE_SECURITY.concat(secret));
|
return Keys.hmacShaKeyFor(keyBytes);
|
}
|
|
}
|
