feat: 长时间无操作则token自动失效

backend/src/main/java/io/dataease/auth/filter/JWTFilter.java

@@ -6,6 +6,9 @@ import io.dataease.auth.entity.TokenInfo;
 import io.dataease.auth.service.AuthUserService;
 import io.dataease.auth.util.JWTUtils;
 import io.dataease.commons.utils.CommonBeanFactory;
+import io.dataease.commons.utils.ServletUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
 import org.slf4j.Logger;
@@ -23,6 +26,8 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
 
     private Logger LOGGER = LoggerFactory.getLogger(this.getClass());
 
+    public final static String expireMessage = "login token is expire";
+
     /*@Autowired
     private AuthUserService authUserService;*/
 
@@ -46,7 +51,10 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
         HttpServletRequest httpServletRequest = (HttpServletRequest) request;
         String authorization = httpServletRequest.getHeader("Authorization");
         // 当没有出现登录超时 且需要刷新token 则执行刷新token
-        if (!JWTUtils.loginExpire(authorization) && JWTUtils.needRefresh(authorization)){
+        if (JWTUtils.loginExpire(authorization)){
+            throw  new AuthenticationException(expireMessage);
+        }
+        if (JWTUtils.needRefresh(authorization)){
             authorization = refreshToken(request, response);
         }
         JWTToken token = new JWTToken(authorization);
@@ -67,7 +75,12 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
                 boolean loginSuccess = executeLogin(request, response);
                 return loginSuccess;
             } catch (Exception e) {
-                response401(request, response);
+                if (e instanceof AuthenticationException && StringUtils.equals(e.getMessage(), expireMessage)){
+                    responseExpire(request, response);
+                }else {
+                    response401(request, response);
+                }
+
             }
         }
         return false;
@@ -129,4 +142,16 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
             LOGGER.error(e.getMessage());
         }
     }
+
+    private void responseExpire(ServletRequest req, ServletResponse resp) {
+        try {
+            HttpServletResponse httpServletResponse = (HttpServletResponse) resp;
+            httpServletResponse.addHeader("Access-Control-Expose-Headers", "authentication-status");
+            httpServletResponse.setHeader("authentication-status", "login_expire");
+            httpServletResponse.setStatus(401);
+        } catch (Exception e) {
+            LOGGER.error(e.getMessage());
+        }
+    }
+
 }

backend/src/main/java/io/dataease/auth/util/JWTUtils.java

@@ -6,23 +6,23 @@ import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.JWTDecodeException;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import io.dataease.auth.entity.TokenInfo;
+import io.dataease.auth.filter.JWTFilter;
 import io.dataease.commons.utils.CommonBeanFactory;
-import io.dataease.commons.utils.ServletUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authc.AuthenticationException;
 import org.springframework.cache.Cache;
 import org.springframework.cache.CacheManager;
-import javax.servlet.http.HttpServletResponse;
 import java.util.Date;
 
 
 public class JWTUtils {
 
 
-    // token过期时间5min (过期会自动刷新续命 目的是避免一直都是同一个token )
-    private static final long EXPIRE_TIME = 1*60*1000;
+    // token过期时间1min (过期会自动刷新续命 目的是避免一直都是同一个token )
+    private static final long EXPIRE_TIME = 1*60*1000/2;
     // 登录间隔时间10min 超过这个时间强制重新登录
-    private static final long Login_Interval = 2*60*1000;
+    private static final long Login_Interval = 20*60*1000;
 
 
     /**
@@ -38,17 +38,12 @@ public class JWTUtils {
                 .withClaim("username", tokenInfo.getUsername())
                 .withClaim("userId", tokenInfo.getUserId())
                 .build();
-        DecodedJWT jwt = verifier.verify(token);
-        //Long lastLoginTime = jwt.getClaim("lastLoginTime").asLong();
-        Long lastOperateTime = tokenLastOperateTime(token);
-        long now = System.currentTimeMillis();
-        if (now - lastOperateTime > Login_Interval){
+        verifier.verify(token);
+        if (loginExpire(token)){
             // 登录超时
-            HttpServletResponse response = ServletUtils.response();
-            response.addHeader("Access-Control-Expose-Headers", "authentication-status");
-            response.setHeader("authentication-status", "login_expire");
+            throw new AuthenticationException(JWTFilter.expireMessage);
             // 前端拦截 登录超时状态 直接logout
-            return false;
+            //return false;
         }
         return true;
     }
@@ -143,6 +138,7 @@ public class JWTUtils {
     public static void addTokenExpire(String token){
         CacheManager cacheManager = CommonBeanFactory.getBean(CacheManager.class);
         Cache tokens_expire = cacheManager.getCache("tokens_expire");
-        tokens_expire.put(token, System.currentTimeMillis());
+        long now = System.currentTimeMillis();
+        tokens_expire.put(token, now);
     }
 }