fix：解决jwt刷新没有写入到Cookie的问题

Author: moxi624

mogu_admin/src/main/java/com/moxi/mogublog/admin/AdminApplication.java

@@ -9,12 +9,17 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import springfox.documentation.swagger2.annotations.EnableSwagger2;
 
 import javax.annotation.PostConstruct;
+import javax.servlet.http.HttpServletRequest;
 import java.util.TimeZone;
 
 @EnableTransactionManagement
@@ -42,13 +47,13 @@ public static void main(String[] args) {
         SpringApplication.run(AdminApplication.class, args);
     }
 
-    private CorsConfiguration buildConfig() {
-        CorsConfiguration corsConfiguration = new CorsConfiguration();
-        corsConfiguration.addAllowedOrigin("*");
-        corsConfiguration.addAllowedHeader("*");
-        corsConfiguration.addAllowedMethod("*");
-        return corsConfiguration;
-    }
+//    private CorsConfiguration buildConfig() {
+//        CorsConfiguration corsConfiguration = new CorsConfiguration();
+//        corsConfiguration.addAllowedOrigin("localhost");
+//        corsConfiguration.addAllowedHeader("*");
+//        corsConfiguration.addAllowedMethod("*");
+//        return corsConfiguration;
+//    }
 
     /**
      * 设置时区
@@ -63,11 +68,28 @@ void setDefaultTimezone() {
      *
      * @return
      */
+//    @Bean
+//    public CorsFilter corsFilter() {
+//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+//        source.registerCorsConfiguration("/**", buildConfig());
+//        return new CorsFilter(source);
+//    }
+
     @Bean
-    public CorsFilter corsFilter() {
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/**", buildConfig());
-        return new CorsFilter(source);
+    public WebMvcConfigurer corsConfigurer() {
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings(CorsRegistry registry) {
+                //配置允许跨域访问的路径
+                registry.addMapping("/**/**")
+                        .allowedOrigins("*")
+                        .allowedMethods("*")
+                        .allowedHeaders("*")
+                        .allowCredentials(true)
+                        .exposedHeaders("")
+                        .maxAge(3600);
+            }
+        };
     }
 
 }

mogu_admin/src/main/java/com/moxi/mogublog/admin/security/JwtAuthenticationTokenFilter.java

@@ -4,6 +4,8 @@
 import com.moxi.mogublog.admin.global.SysConf;
 import com.moxi.mogublog.config.jwt.Audience;
 import com.moxi.mogublog.config.jwt.JwtHelper;
+import com.moxi.mogublog.utils.CookieUtils;
+import com.moxi.mogublog.utils.DateUtils;
 import com.moxi.mogublog.utils.RedisUtil;
 import com.moxi.mogublog.utils.StringUtils;
 import lombok.extern.slf4j.Slf4j;
@@ -22,6 +24,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Date;
 import java.util.concurrent.TimeUnit;
 
 @Slf4j
@@ -74,10 +77,25 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
             // 获取在线的管理员信息
             String onlineAdmin = redisUtil.get(RedisConf.LOGIN_TOKEN_KEY + RedisConf.SEGMENTATION + authHeader);
+
             if(StringUtils.isNotEmpty(onlineAdmin) && !jwtHelper.isExpiration(token, audience.getBase64Secret())) {
-                // 重新更新过期时间
-                redisUtil.setEx(RedisConf.LOGIN_TOKEN_KEY + RedisConf.SEGMENTATION + authHeader, onlineAdmin, 30, TimeUnit.MINUTES);
-                jwtHelper.refreshToken(token, audience.getBase64Secret(), expiresSecond);
+                /**
+                 * 得到过期时间
+                 */
+                Date expirationDate = jwtHelper.getExpiration(token, audience.getBase64Secret());
+                long nowMillis = System.currentTimeMillis();
+                Date nowDate = new Date(nowMillis);
+                // 得到两个日期相差的间隔
+                Integer minute = DateUtils.getMinuteByTwoDay(expirationDate, nowDate);
+                // 如果小于5分钟，那么更新过期时间
+                if(minute < 5) {
+                    // 生成一个新的Token
+                    String newToken = tokenHead + jwtHelper.refreshToken(token, audience.getBase64Secret(), expiresSecond * 1000);
+                    // 生成新的token，发送到客户端
+                    CookieUtils.setCookie("Admin-Token", newToken, expiresSecond.intValue());
+                    // 重新更新Redis中的过期时间
+                    redisUtil.setEx(RedisConf.LOGIN_TOKEN_KEY + RedisConf.SEGMENTATION + newToken, onlineAdmin, expiresSecond, TimeUnit.SECONDS);
+                }
             } else {
                 chain.doFilter(request, response);
                 return;

mogu_admin/src/main/resources/application.yml

@@ -172,11 +172,11 @@ mybatis-plus:
     cache-enabled: false
 
 ##jwt配置
-tokenHead: bearer;
+tokenHead: bearer_
 tokenHeader: Authorization
 isRememberMeExpiresSecond: 259200 #记住账号为3天有效
 audience:
   clientId: 098f6bcd4621d373cade4e832627b4f6
   base64Secret: MDk4ZjZiY2Q0NjIxZDM3M2NhZGU0ZTgzMjYyN2I0ZjY=
   name: mogublog
-  expiresSecond: 3600  #1个小时 3600
+  expiresSecond: 660  #1个小时 3600

mogu_utils/src/main/java/com/moxi/mogublog/utils/CookieUtils.java

@@ -1,5 +1,8 @@
 package com.moxi.mogublog.utils;
 
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -83,67 +86,58 @@ public static String getCookieValue(HttpServletRequest request, String cookieNam
     /**
      * 设置Cookie的值 不设置生效时间默认浏览器关闭即失效,也不编码
      */
-    public static void setCookie(HttpServletRequest request, HttpServletResponse response, String cookieName,
+    public static void setCookie(String cookieName,
                                  String cookieValue) {
-        setCookie(request, response, cookieName, cookieValue, -1);
+        setCookie(cookieName, cookieValue, -1);
     }
 
     /**
      * 设置Cookie的值 在指定时间内生效,但不编码
      */
-    public static void setCookie(HttpServletRequest request, HttpServletResponse response, String cookieName,
-                                 String cookieValue, int cookieMaxage) {
-        setCookie(request, response, cookieName, cookieValue, cookieMaxage, false);
+    public static void setCookie(String cookieName, String cookieValue, int cookieMaxage) {
+        setCookie(cookieName, cookieValue, cookieMaxage, false);
     }
 
     /**
      * 设置Cookie的值 不设置生效时间,但编码
      */
-    public static void setCookie(HttpServletRequest request, HttpServletResponse response, String cookieName,
-                                 String cookieValue, boolean isEncode) {
-        setCookie(request, response, cookieName, cookieValue, -1, isEncode);
+    public static void setCookie(String cookieName, String cookieValue, boolean isEncode) {
+        setCookie(cookieName, cookieValue, -1, isEncode);
     }
 
     /**
      * 设置Cookie的值 在指定时间内生效, 编码参数
      */
-    public static void setCookie(HttpServletRequest request, HttpServletResponse response, String cookieName,
-                                 String cookieValue, int cookieMaxage, boolean isEncode) {
-        doSetCookie(request, response, cookieName, cookieValue, cookieMaxage, isEncode);
-    }
-
-    /**
-     * 设置Cookie的值 在指定时间内生效, 编码参数(指定编码)
-     */
-    public static void setCookie(HttpServletRequest request, HttpServletResponse response, String cookieName,
-                                 String cookieValue, int cookieMaxage, String encodeString) {
-        doSetCookie(request, response, cookieName, cookieValue, cookieMaxage, encodeString);
+    public static void setCookie(String cookieName, String cookieValue, int cookieMaxage, boolean isEncode) {
+        doSetCookie(cookieName, cookieValue, cookieMaxage, isEncode);
     }
 
     /**
      * 删除Cookie带cookie域名
      */
-    public static void deleteCookie(HttpServletRequest request, HttpServletResponse response,
-                                    String cookieName) {
-        doSetCookie(request, response, cookieName, "", -1, false);
+    public static void deleteCookie(String cookieName) {
+        doSetCookie(cookieName, "", -1, false);
     }
 
     /**
      * 设置Cookie的值，并使其在指定时间内生效
      *
      * @param cookieMaxage cookie生效的最大秒数
      */
-    private static final void doSetCookie(HttpServletRequest request, HttpServletResponse response,
-                                          String cookieName, String cookieValue, int cookieMaxage, boolean isEncode) {
+    private static final void doSetCookie(String cookieName, String cookieValue, int cookieMaxage, boolean isEncode) {
+        ServletRequestAttributes attribute = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+        HttpServletRequest request = attribute.getRequest();
+        HttpServletResponse response = attribute.getResponse();
         try {
             if (cookieValue == null) {
                 cookieValue = "";
             } else if (isEncode) {
                 cookieValue = URLEncoder.encode(cookieValue, "utf-8");
             }
             Cookie cookie = new Cookie(cookieName, cookieValue);
-            if (cookieMaxage > 0)
+            if (cookieMaxage > 0) {
                 cookie.setMaxAge(cookieMaxage);
+            }
             if (null != request) {// 设置域名的cookie
                 String domainName = getDomainName(request);
                 System.out.println(domainName);
@@ -172,19 +166,16 @@ private static final void doSetCookie(HttpServletRequest request, HttpServletRes
                 cookieValue = URLEncoder.encode(cookieValue, encodeString);
             }
             Cookie cookie = new Cookie(cookieName, cookieValue);
-            if (cookieMaxage > 0)
+            if (cookieMaxage > 0) {
                 cookie.setMaxAge(cookieMaxage);
+            }
             if (null != request) {// 设置域名的cookie
                 String domainName = getDomainName(request);
                 System.out.println(domainName);
                 if (!"localhost".equals(domainName)) {
                     cookie.setDomain(domainName);
                 }
             }
-            String str = request.getContextPath();
-            String str1 = request.getLocalAddr();
-            System.out.println("str:" + str);
-            System.out.println("str1:" + str1);
             cookie.setPath("/");
             response.addCookie(cookie);
         } catch (Exception e) {

mogu_utils/src/main/java/com/moxi/mogublog/utils/DateUtils.java

@@ -377,7 +377,7 @@ public static int getCurrentMonthDay() {
     /**
      * 得到二个日期间的间隔天数
      */
-    public static int getTwoDay(String sj1, String sj2) {
+    public static int getDayByTwoDay(String sj1, String sj2) {
         SimpleDateFormat myFormatter = new SimpleDateFormat("yyyy-MM-dd");
         Long day = 0L;
         try {
@@ -390,6 +390,22 @@ public static int getTwoDay(String sj1, String sj2) {
         return day.intValue();
     }
 
+    /**
+     * 得到两个日期相差的分钟
+     * @param lastDate
+     * @param date
+     * @return
+     */
+    public static int getMinuteByTwoDay(Date lastDate, Date date) {
+        Long minute = 0L;
+        try {
+            minute = (lastDate.getTime() - date.getTime()) / (60 * 1000);
+        } catch (Exception e) {
+            return 0;
+        }
+        return minute.intValue();
+    }
+
     /**
      * 判断某个日期属于本周的第几天 (星期一代表第一天)
      *

vue_mogu_admin/src/utils/request.js

@@ -6,6 +6,7 @@ import { getToken } from '@/utils/auth'
 // 创建axios实例
 const service = axios.create({
   baseURL: '', // api 的 base_url
+  withCredentials: true, //允许后台的cookie传递到前端
   timeout: 100000 // 请求超时时间
 })
 
@@ -33,6 +34,7 @@ service.interceptors.response.use(
     // /**
     //  * code为非20000是抛错 可结合自己业务进行修改
     //  */
+
     const res = response.data
     if (res.code === 'success' || res.code === 'error') {
       return response.data