fix(): 修改sysjob代码规范.修改JWT令牌秘钥

2024-06-06 18:04:29 +08:00 · 2024-06-06 18:04:29 +08:00 · d03437431a
parent 0576e94f6c
commit d03437431a
4 changed files with 50 additions and 8 deletions
--- a/cloud-common/cloud-common-core/src/main/java/com/muyu/common/core/constant/TokenConstants.java
+++ b/cloud-common/cloud-common-core/src/main/java/com/muyu/common/core/constant/TokenConstants.java
@ -19,6 +19,6 @@ public class TokenConstants {
    /**
     * 令牌秘钥
     */
-    public final static String SECRET = "abcdefghijklmnopqrstuvwxyz";
+    public final static String SECRET = "abcdefghijklmnsalieopadfaqawefwerstuvwxyz";

 }
--- a/cloud-common/cloud-common-core/src/main/java/com/muyu/common/core/utils/JwtUtils.java
+++ b/cloud-common/cloud-common-core/src/main/java/com/muyu/common/core/utils/JwtUtils.java
@ -5,8 +5,11 @@ import com.muyu.common.core.constant.TokenConstants;
 import com.muyu.common.core.text.Convert;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
+import io.jsonwebtoken.security.SecureDigestAlgorithm;

+import javax.crypto.SecretKey;
+import java.util.Date;
 import java.util.Map;

 /**
@ -15,7 +18,30 @@ import java.util.Map;
 * @author muyu
 */
 public class JwtUtils {
-    public static String secret = TokenConstants.SECRET;
+
+    /**
+     * 加密算法
+     */
+    private final static SecureDigestAlgorithm<SecretKey, SecretKey> ALGORITHM = Jwts.SIG.HS256;
+    /**
+     * 私钥 / 生成签名的时候使用的秘钥secret，一般可以从本地配置文件中读取，切记这个秘钥不能外露，只在服务端使用，在任何场景都不应该流露出去。
+     * 一旦客户端得知这个secret, 那就意味着客户端是可以自我签发jwt了。
+     * 应该大于等于 256位(长度32及以上的字符串)，并且是随机的字符串
+     */
+    private final static String secret = TokenConstants.SECRET;
+    /**
+     * 秘钥实例
+     */
+    public static final SecretKey KEY = Keys.hmacShaKeyFor(secret.getBytes());
+    /**
+     * jwt签发者
+     */
+    private final static String JWT_ISS = "MUYU";
+    /**
+     * jwt主题
+     */
+    private final static String SUBJECT = "Peripherals";
+

    /**
     * 从数据声明生成令牌
@ -25,8 +51,20 @@ public class JwtUtils {
     * @return 令牌
     */
    public static String createToken (Map<String, Object> claims) {
-        String token = Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.HS512, secret).compact();
-        return token;
+        return Jwts.builder()
+                // 设置头部信息header
+                .header().add("typ", "JWT").add("alg", "HS256").and()
+                // 设置自定义负载信息payload
+                .claims(claims)
+                // 签发时间
+                .issuedAt(new Date())
+                // 主题
+                .subject(SUBJECT)
+                // 签发者
+                .issuer(JWT_ISS)
+                // 签名
+                .signWith(KEY, ALGORITHM)
+                .compact();
    }

    /**
@ -37,7 +75,11 @@ public class JwtUtils {
     * @return 数据声明
     */
    public static Claims parseToken (String token) {
-        return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
+        return Jwts.parser()
+                .verifyWith(KEY)
+                .build()
+                .parseSignedClaims(token)
+                .getPayload();
    }

    /**
--- a/cloud-modules/cloud-modules-job/src/main/java/com/muyu/job/domain/SysJob.java
+++ b/cloud-modules/cloud-modules-job/src/main/java/com/muyu/job/domain/SysJob.java
@ -19,7 +19,7 @@ import java.util.Date;
 *
 * @author muyu
 */
-@Setter
+@Data
@SuperBuilder
@NoArgsConstructor
@AllArgsConstructor
--- a/pom.xml
+++ b/pom.xml
@ -31,7 +31,7 @@
        <commons.io.version>2.13.0</commons.io.version>
        <velocity.version>2.3</velocity.version>
        <fastjson.version>2.0.41</fastjson.version>
-        <jjwt.version>0.9.1</jjwt.version>
+        <jjwt.version>0.12.5</jjwt.version>
        <minio.version>8.5.10</minio.version>
        <poi.version>4.1.2</poi.version>
        <transmittable-thread-local.version>2.14.3</transmittable-thread-local.version>