mirrors/buildadmin
1
0
Fork 0
mirror of https://gitee.com/wonderful-code/buildadmin synced 2024-11-21 22:55:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor:优化 token 管理

Browse Source
This commit is contained in:
妙码生花 2022-08-31 01:58:12 +08:00
parent af5faffff0
commit 09d0dfe2d8
7 changed files with 103 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/api/controller/Common.php
View File

@ -28,7 +28,7 @@ class Common extends Api
public function refreshToken()
{
$refreshToken = $this->request->post('refresh_token');
$refreshToken = Token::get($refreshToken);
$refreshToken = Token::get($refreshToken, false);
if (!$refreshToken || $refreshToken['expiretime'] < time()) {
$this->error(__('Login expired, please login again.'));

4
app/common/facade/Token.php
View File

@ -8,9 +8,9 @@ use think\Facade;
/**
* Token 门面类
* @see Driver
* @method Driver get(string $token) static 获取 token 的数据
* @method Driver get(string $token, bool $expirationException = true) static 获取 token 的数据
* @method Driver set(string $token, string $type, int $user_id, int $expire = 0) static 设置 token
* @method Driver check(string $token, string $type, int $user_id) static 检查token是否有效
* @method Driver check(string $token, string $type, int $user_id, bool $expirationException = true) static 检查token是否有效
* @method Driver delete(string $token) static 删除一个token
* @method Driver clear(string $type, int $user_id) static 清理一个用户的所有token
*/

10
app/common/library/Token.php
View File

@ -170,11 +170,12 @@ class Token
/**
* 获取token
* @param string $token
* @param bool $expirationException
* @return array
*/
public function get(string $token): array
public function get(string $token, bool $expirationException = true): array
{
return $this->getDriver()->get($token);
return $this->getDriver()->get($token, $expirationException);
}
/**
@ -182,11 +183,12 @@ class Token
* @param string $token
* @param string $type
* @param int $user_id
* @param bool $expirationException
* @return bool
*/
public function check(string $token, string $type, int $user_id): bool
public function check(string $token, string $type, int $user_id, bool $expirationException = true): bool
{
return $this->getDriver()->check($token, $type, $user_id);
return $this->getDriver()->check($token, $type, $user_id, $expirationException);
}
/**

8
app/common/library/token/Driver.php
View File

@ -30,19 +30,21 @@ abstract class Driver
/**
* 获取 token 的数据
* @param string $token Token
* @param string $token Token
* @param bool $expirationException 过期直接抛出异常
* @return array
*/
abstract function get(string $token): array;
abstract function get(string $token, bool $expirationException = true): array;
/**
* 检查token是否有效
* @param string $token
* @param string $type
* @param int $user_id
* @param bool $expirationException
* @return bool
*/
abstract function check(string $token, string $type, int $user_id): bool;
abstract function check(string $token, string $type, int $user_id, bool $expirationException = true): bool;
/**
* 删除一个token

37
app/common/library/token/driver/Mysql.php
View File

@ -46,40 +46,37 @@ class Mysql extends Driver
$token = $this->getEncryptedToken($token);
$this->handler->insert(['token' => $token, 'type' => $type, 'user_id' => $user_id, 'createtime' => time(), 'expiretime' => $expiretime]);
// 每隔24小时清理一次过期缓存
// 每隔48小时清理一次过期缓存
$time = time();
$lastCacheCleanupTime = Cache::get('last_cache_cleanup_time');
if (!$lastCacheCleanupTime || $lastCacheCleanupTime < $time - 86400) {
if (!$lastCacheCleanupTime || $lastCacheCleanupTime < $time - 172800) {
Cache::set('last_cache_cleanup_time', $time);
$this->handler->where('expiretime', '<', time())->where('expiretime', '>', 0)->delete();
}
return true;
}
public function get(string $token): array
public function get(string $token, bool $expirationException = true): array
{
$data = $this->handler->where('token', $this->getEncryptedToken($token))->find();
if ($data) {
if (!$data['expiretime'] || $data['expiretime'] > time()) {
// 返回未加密的token给客户端使用
$data['token'] = $token;
//返回剩余有效时间
$data['expires_in'] = $this->getExpiredIn($data['expiretime']);
return $data;
} elseif ($data['type'] == 'admin-refresh' || $data['type'] == 'user-refresh') {
return $data;
} else {
// token过期-触发前端刷新token
$response = Response::create(['code' => 409, 'msg' => 'Token expiration'], 'json');
throw new HttpResponseException($response);
}
if (!$data) {
return [];
}
return [];
// 返回未加密的token给客户端使用
$data['token'] = $token;
// 返回剩余有效时间
$data['expires_in'] = $this->getExpiredIn($data['expiretime'] ?? 0);
if ($data['expiretime'] && $data['expiretime'] <= time() && $expirationException) {
// token过期-触发前端刷新token
$response = Response::create(['code' => 409, 'msg' => 'Token expiration', 'data' => $data], 'json');
throw new HttpResponseException($response);
}
return $data;
}
public function check(string $token, string $type, int $user_id): bool
public function check(string $token, string $type, int $user_id, bool $expirationException = true): bool
{
$data = $this->get($token);
$data = $this->get($token, $expirationException);
return $data && $data['type'] == $type && $data['user_id'] == $user_id;
}

99
app/common/library/token/driver/Redis.php
View File

@ -3,6 +3,8 @@
namespace app\common\library\token\driver;
use app\common\library\token\Driver;
use think\exception\HttpResponseException;
use think\Response;
/**
* @see Driver
@ -14,13 +16,13 @@ class Redis extends Driver
* @var array
*/
protected $options = [];
/**
* 构造函数
* @param array $options 参数
* @access public
*/
public function __construct($options = [])
public function __construct(array $options = [])
{
if (!extension_loaded('redis')) {
throw new \BadFunctionCallException('未安装redis扩展');
@ -39,69 +41,94 @@ class Redis extends Driver
$this->handler->auth($this->options['password']);
}
if (0 != $this->options['select']) {
if (false !== $this->options['select']) {
$this->handler->select($this->options['select']);
}
}
public function set(string $token, string $type, int $user_id, int $expire = 0): bool
public function set(string $token, string $type, int $user_id, int $expire = null): bool
{
if (!$expire) {
if (is_null($expire)) {
$expire = $this->options['expire'];
}
$key = $this->getEncryptedToken($token);
$value = $user_id.'-'.$type;
$expiretime = $expire !== 0 ? time() + $expire : 0;
$token = $this->getEncryptedToken($token);
$tokenInfo = [
'token' => $token,
'type' => $type,
'user_id' => $user_id,
'createtime' => time(),
'expiretime' => $expiretime,
];
$tokenInfo = json_encode($tokenInfo, JSON_UNESCAPED_UNICODE);
if ($expire) {
$result = $this->handler->setex($key, $expire, $value);
if ($type == 'admin' || $type == 'user') {
// 增加 redis中的 token 过期时间,以免 token 过期自动刷新永远无法触发
$expire *= 2;
}
$result = $this->handler->setex($token, $expire, $tokenInfo);
} else {
$result = $this->handler->set($key, $value);
$result = $this->handler->set($token, $tokenInfo);
}
//写入会员关联的token,删除时用
$this->handler->sAdd($this->options['persistent'].$user_id, $key);
return true;
}
public function get(string $token): array
{
$key = $this->getEncryptedToken($token);
$value = $this->handler->get($key);
if (is_null($value) || false === $value) {
return [];
}
//获取有效期
$expire = $this->handler->ttl($key);
$expire = $expire < 0 ? 365 * 86400 : $expire;
$expiretime = time() + $expire;
$value = explode('-',$value)[0];
//解决使用redis方式储存token时api接口Token刷新与检测因expires_in拼写错误报错的BUG
$result = ['token' => $token, 'user_id' => $value, 'expiretime' => $expiretime, 'expires_in' => $expire];
$this->handler->sAdd($this->getUserKey($user_id), $token);
return $result;
}
public function check(string $token, string $type, int $user_id): bool
public function get(string $token, bool $expirationException = true): array
{
$data = $this->handler->hget($token,$type);
return $data && $data == $user_id;
$key = $this->getEncryptedToken($token);
$data = $this->handler->get($key);
if (is_null($data) || false === $data) {
return [];
}
$data = json_decode($data, true);
// 返回未加密的token给客户端使用
$data['token'] = $token;
// 过期时间
$data['expires_in'] = $this->getExpiredIn($data['expiretime'] ?? 0);
if ($data['expiretime'] && $data['expiretime'] <= time() && $expirationException) {
// token过期-触发前端刷新token
$response = Response::create(['code' => 409, 'msg' => 'Token expiration', 'data' => $data], 'json');
throw new HttpResponseException($response);
}
return $data;
}
public function check(string $token, string $type, int $user_id, bool $expirationException = true): bool
{
$data = $this->get($token, $expirationException);
return $data && $data['type'] == $type && $data['user_id'] == $user_id;
}
public function delete(string $token): bool
{
$data = $this->get($token);
$data = $this->get($token, false);
if ($data) {
$key = $this->getEncryptedToken($token);
$key = $this->getEncryptedToken($token);
$user_id = $data['user_id'];
$this->handler->del($key);
$this->handler->sRem($this->options['persistent'].$user_id, $key);
$this->handler->sRem($this->getUserKey($user_id), $key);
}
return true;
}
public function clear(string $type, int $user_id): bool
{
$keys = $this->handler->sMembers($this->options['persistent'].$user_id);
$this->handler->del($this->options['persistent'].$user_id);
$keys = $this->handler->sMembers($this->getUserKey($user_id));
$this->handler->del($this->getUserKey($user_id));
$this->handler->del($keys);
return true;
}
/**
* 获取会员的key
* @param $user_id
* @return string
*/
protected function getUserKey($user_id): string
{
return $this->options['userprefix'] . $user_id;
}
}

19
config/buildadmin.php
View File

@ -82,16 +82,15 @@ return [
'expire' => 2592000,
],
'redis' => [
'type' => 'Redis',
'host' => '127.0.0.1',
'port' => 6379,
'password' => '',
'select' => 0,
'timeout' => 0,
'expire' => 0,
'persistent' => false,
'userprefix' => 'up:',
'tokenprefix' => 'tp:',
'type' => 'Redis',
'host' => '127.0.0.1',
'port' => 6379,
'password' => '',
'select' => false,
'timeout' => 0,
'expire' => 0,
'persistent' => false,
'userprefix' => 'up:',
]
]
],