fix：修改token刷新策略，解决退出登录存在的问题，为了消除歧义移除admin账号的特权

Author: moxi624

mogu_admin/src/main/java/com/moxi/mogublog/admin/annotion/AuthorityVerify/AuthorityVerifyAspect.java

@@ -74,12 +74,6 @@ public Object doAround(ProceedingJoinPoint joinPoint, AuthorityVerify authorityV
 
         // 解析出请求者的ID和用户名
         String adminUid = request.getAttribute(SysConf.ADMIN_UID).toString();
-        String userName = request.getAttribute(SysConf.USER_NAME).toString();
-        // 如果是Admin账号，直接放权
-        if(SysConf.ADMIN.equals(userName)) {
-            //执行业务
-            return joinPoint.proceed();
-        }
 
         String visitUrl = redisUtil.get(RedisConf.ADMIN_VISIT_MENU + RedisConf.SEGMENTATION + adminUid);
 

mogu_admin/src/main/java/com/moxi/mogublog/admin/restapi/LoginRestApi.java

@@ -28,6 +28,8 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.servlet.http.HttpServletRequest;
 import java.util.*;
@@ -199,35 +201,21 @@ public String getMenu(HttpServletRequest request) {
         Collection<CategoryMenu> categoryMenuList = new ArrayList<>();
         Admin admin = adminService.getById(request.getAttribute(SysConf.ADMIN_UID).toString());
 
-        /**
-         * 判断该用户是否是admin账号，如果是开放所有的菜单
-         */
-        if(SysConf.ADMIN.equals(admin.getUserName())) {
-            QueryWrapper<CategoryMenu> queryWrapper = new QueryWrapper<>();
-            queryWrapper.eq(SysConf.STATUS, EStatus.ENABLE);
-            categoryMenuList = categoryMenuService.list(queryWrapper);
-        } else {
-            /**
-             * 如果非admin账号
-             * 加载这些角色所能访问的菜单页面列表
-             * 获取该管理员所有角色
-             */
-            List<String> roleUid = new ArrayList<>();
-            roleUid.add(admin.getRoleUid());
-            Collection<Role> roleList = roleService.listByIds(roleUid);
-
-            List<String> categoryMenuUids = new ArrayList<>();
-
-            roleList.forEach(item -> {
-                String caetgoryMenuUids = item.getCategoryMenuUids();
-                String[] uids = caetgoryMenuUids.replace("[", "").replace("]", "").replace("\"", "").split(",");
-                for (int a = 0; a < uids.length; a++) {
-                    categoryMenuUids.add(uids[a]);
-                }
+        List<String> roleUid = new ArrayList<>();
+        roleUid.add(admin.getRoleUid());
+        Collection<Role> roleList = roleService.listByIds(roleUid);
 
-            });
-            categoryMenuList = categoryMenuService.listByIds(categoryMenuUids);
-        }
+        List<String> categoryMenuUids = new ArrayList<>();
+
+        roleList.forEach(item -> {
+            String caetgoryMenuUids = item.getCategoryMenuUids();
+            String[] uids = caetgoryMenuUids.replace("[", "").replace("]", "").replace("\"", "").split(",");
+            for (int a = 0; a < uids.length; a++) {
+                categoryMenuUids.add(uids[a]);
+            }
+
+        });
+        categoryMenuList = categoryMenuService.listByIds(categoryMenuUids);
 
         // 从三级级分类中查询出 二级分类
         List<CategoryMenu> buttonList = new ArrayList<>();
@@ -280,9 +268,12 @@ public String getMenu(HttpServletRequest request) {
 
     @ApiOperation(value = "退出登录", notes = "退出登录", response = String.class)
     @PostMapping(value = "/logout")
-    public String logout(@ApiParam(name = "token", value = "token令牌", required = false) @RequestParam(name = "token", required = false) String token) {
-        String destroyToken = null;
-        return ResultUtil.result(SysConf.SUCCESS, destroyToken);
+    public String logout() {
+        ServletRequestAttributes attribute = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+        HttpServletRequest request = attribute.getRequest();
+        String token = request.getAttribute(SysConf.TOKEN).toString();
+        redisUtil.delete(RedisConf.LOGIN_TOKEN_KEY + RedisConf.SEGMENTATION + token);
+        return ResultUtil.result(SysConf.SUCCESS, MessageConf.OPERATION_SUCCESS);
     }
 
     /**

mogu_admin/src/main/java/com/moxi/mogublog/admin/security/JwtAuthenticationTokenFilter.java

@@ -49,9 +49,18 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
     @Value(value = "${tokenHeader}")
     private String tokenHeader;
 
+    /**
+     * token过期的时间
+     */
     @Value(value = "${audience.expiresSecond}")
     private Long expiresSecond;
 
+    /**
+     * token刷新的时间
+     */
+    @Value(value = "${audience.refreshSecond}")
+    private Long refreshSecond;
+
     @Autowired
     private RedisUtil redisUtil;
 
@@ -71,7 +80,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
         //请求头 'Authorization': tokenHead + token
         if (authHeader != null && authHeader.startsWith(tokenHead)) {
 
-            log.error("传递过来的token为:" + authHeader);
+            log.error("传递过来的token为: {}", authHeader);
 
             final String token = authHeader.substring(tokenHead.length());
 
@@ -85,10 +94,10 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
                 Date expirationDate = jwtHelper.getExpiration(token, audience.getBase64Secret());
                 long nowMillis = System.currentTimeMillis();
                 Date nowDate = new Date(nowMillis);
-                // 得到两个日期相差的间隔
-                Integer minute = DateUtils.getMinuteByTwoDay(expirationDate, nowDate);
+                // 得到两个日期相差的间隔，秒
+                Integer second = DateUtils.getSecondByTwoDay(expirationDate, nowDate);
                 // 如果小于5分钟，那么更新过期时间
-                if(minute < 5) {
+                if(second < refreshSecond) {
                     // 生成一个新的Token
                     String newToken = tokenHead + jwtHelper.refreshToken(token, audience.getBase64Secret(), expiresSecond * 1000);
                     // 生成新的token，发送到客户端
@@ -107,8 +116,9 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
             //把adminUid存储到request中
             request.setAttribute(SysConf.ADMIN_UID, adminUid);
             request.setAttribute(SysConf.USER_NAME, username);
-            logger.info("解析出来用户 : " + username);
-            logger.info("解析出来的用户Uid : " + adminUid);
+            request.setAttribute(SysConf.TOKEN, authHeader);
+            log.info("解析出来用户: {}" ,username);
+            log.info("解析出来的用户Uid: {}", adminUid);
 
             if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
 

mogu_admin/src/main/resources/application.yml

@@ -179,4 +179,5 @@ audience:
   clientId: 098f6bcd4621d373cade4e832627b4f6
   base64Secret: MDk4ZjZiY2Q0NjIxZDM3M2NhZGU0ZTgzMjYyN2I0ZjY=
   name: mogublog
-  expiresSecond: 660  #1个小时 3600
+  expiresSecond: 3600  #1个小时 3600
+  refreshSecond: 300 # 刷新token的时间 5分钟

mogu_config/src/main/java/com/moxi/mogublog/config/jwt/JwtHelper.java

@@ -58,7 +58,7 @@ public String createJWT(String userName, String adminUid, String roleName,
                 .setSubject(userName)
                 .setIssuer(issuer)
                 .setAudience(audience)
-                .signWith(signatureAlgorithm, signingKey);//签名
+                .signWith(signatureAlgorithm, signingKey);
         //添加Token过期时间
         if (TTLMillis >= 0) {
             long expMillis = nowMillis + TTLMillis;

mogu_utils/src/main/java/com/moxi/mogublog/utils/DateUtils.java

@@ -391,19 +391,19 @@ public static int getDayByTwoDay(String sj1, String sj2) {
     }
 
     /**
-     * 得到两个日期相差的分钟
+     * 得到两个日期相差的秒数
      * @param lastDate
      * @param date
      * @return
      */
-    public static int getMinuteByTwoDay(Date lastDate, Date date) {
-        Long minute = 0L;
+    public static int getSecondByTwoDay(Date lastDate, Date date) {
+        Long second = 0L;
         try {
-            minute = (lastDate.getTime() - date.getTime()) / (60 * 1000);
+            second = (lastDate.getTime() - date.getTime()) / 1000;
         } catch (Exception e) {
             return 0;
         }
-        return minute.intValue();
+        return second.intValue();
     }
 
     /**