From 9587336b9ab7391aed821efd81c25783eaab2435 Mon Sep 17 00:00:00 2001 From: tjlygdx Date: Wed, 13 May 2026 17:45:02 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E3=80=90=E6=BC=8F=E6=B4=9E=E3=80=91?= =?UTF-8?q?=E4=BF=AE=E5=A4=8DDataEase=20X-DE-TOKEN=20JWT=20=E7=AD=BE?= =?UTF-8?q?=E5=90=8D=E6=A0=A1=E9=AA=8C=E7=BB=95=E8=BF=87?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/io/dataease/utils/TokenUtils.java | 35 +++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/sdk/common/src/main/java/io/dataease/utils/TokenUtils.java b/sdk/common/src/main/java/io/dataease/utils/TokenUtils.java index 526e7bc164..d39f7eeed0 100644 --- a/sdk/common/src/main/java/io/dataease/utils/TokenUtils.java +++ b/sdk/common/src/main/java/io/dataease/utils/TokenUtils.java @@ -1,15 +1,19 @@ package io.dataease.utils; +import com.auth0.jwt.JWTVerifier; +import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.JWT; import com.auth0.jwt.interfaces.DecodedJWT; +import com.auth0.jwt.interfaces.Verification; import io.dataease.auth.bo.TokenUserBO; +import io.dataease.auth.config.SubstituleLoginConfig; import io.dataease.exception.DEException; import org.apache.commons.lang3.ObjectUtils; import org.apache.commons.lang3.StringUtils; +import org.springframework.util.ReflectionUtils; public class TokenUtils { - public static TokenUserBO userBOByToken(String token) { DecodedJWT jwt = JWT.decode(token); Long userId = jwt.getClaim("uid").asLong(); @@ -28,7 +32,13 @@ public class TokenUtils { if (StringUtils.length(token) < 100) { DEException.throwException("token is invalid"); } - return userBOByToken(token); + Object apisixTokenManage = CommonBeanFactory.getBean("apisixTokenManage"); + if (ObjectUtils.isNotEmpty(apisixTokenManage)) { + return validateByApisixTokenManage(apisixTokenManage, token); + } + TokenUserBO userBO = userBOByToken(token); + validateSubstituteToken(token, userBO); + return userBO; } @@ -48,4 +58,25 @@ public class TokenUtils { } return new TokenUserBO(userId, oid); } + + private static TokenUserBO validateByApisixTokenManage(Object apisixTokenManage, String token) { + Object tokenBO = ReflectionUtils.invokeMethod(ReflectionUtils.findMethod(apisixTokenManage.getClass(), "validate", String.class), apisixTokenManage, token); + if (ObjectUtils.isEmpty(tokenBO)) { + DEException.throwException("token is invalid"); + } + Long userId = (Long) ReflectionUtils.invokeMethod(DeReflectUtil.findMethod(tokenBO.getClass(), "getUserId"), tokenBO); + Long defaultOid = (Long) ReflectionUtils.invokeMethod(DeReflectUtil.findMethod(tokenBO.getClass(), "getDefaultOid"), tokenBO); + return new TokenUserBO(userId, defaultOid); + } + + private static void validateSubstituteToken(String token, TokenUserBO userBO) { + String secret = SubstituleLoginConfig.getTokenSecret(); + if (StringUtils.isBlank(secret)) { + DEException.throwException("token is invalid"); + } + Algorithm algorithm = Algorithm.HMAC256(secret); + Verification verification = JWT.require(algorithm).withClaim("uid", userBO.getUserId()).withClaim("oid", userBO.getDefaultOid()); + JWTVerifier verifier = verification.build(); + verifier.verify(token); + } }