添加jwt支持

build.gradle

@@ -46,11 +46,14 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-validation'
     implementation "org.noelware.charted.snowflake:snowflake:0.1-beta"
     implementation 'org.springframework.boot:spring-boot-starter-security'
+    implementation 'io.jsonwebtoken:jjwt-api:0.12.6'
     testImplementation 'org.springframework.security:spring-security-test'
     compileOnly 'org.projectlombok:lombok'
     annotationProcessor 'org.projectlombok:lombok'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     runtimeOnly 'org.postgresql:postgresql'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.6'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.6'
     testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 }
 

src/main/java/dev/surl/surl/SurlApplication.kt

@@ -2,10 +2,15 @@ package dev.surl.surl
 
 import org.springframework.boot.autoconfigure.SpringBootApplication
 import org.springframework.boot.runApplication
+import org.springframework.context.ConfigurableApplicationContext
 
 @SpringBootApplication
-open class SurlApplication
+open class SurlApplication {
+    companion object {
+        lateinit var context: ConfigurableApplicationContext
+    }
+}
 
 fun main(args: Array<String>) {
-    runApplication<SurlApplication>(*args)
+    SurlApplication.context = runApplication<SurlApplication>(*args)
 }

src/main/java/dev/surl/surl/cfg/BaseConfiguration.kt

@@ -1,6 +1,14 @@
 package dev.surl.surl.cfg
 
+import io.jsonwebtoken.security.Keys
 import org.springframework.context.annotation.Configuration
+import javax.crypto.SecretKey
 
 @Configuration
-open class BaseConfiguration(val site: String = "https://surl.org")
+open class BaseConfiguration(
+    val site: String = "https://surl.org",
+    val expire: Long = 24 * 60 * 60 * 1000,
+    private val secret: String = "6244a108c0599980e7971845baeb3120",
+    val secretKey: SecretKey = Keys.hmacShaKeyFor(secret.toByteArray()),
+    val tokenHead: String = "token"
+)

src/main/java/dev/surl/surl/cfg/Logging.kt

@@ -0,0 +1,11 @@
+package dev.surl.surl.cfg
+
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+import org.springframework.stereotype.Component
+import kotlin.reflect.KClass
+
+@Component
+open class Logging {
+    fun <T: Any> logger(clazz: KClass<T>): Logger = LoggerFactory.getLogger(clazz::class.java)
+}

src/main/java/dev/surl/surl/cfg/security/WebSecurityConfig.kt

@@ -1,27 +1,58 @@
 package dev.surl.surl.cfg.security
 
+import dev.surl.surl.cfg.Logging
+import jakarta.servlet.FilterChain
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.config.annotation.web.invoke
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
+import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.web.filter.OncePerRequestFilter
 
 @Configuration
 @EnableWebSecurity
 open class WebSecurityConfig {
+    /**
+     * 配置过滤器链
+     */
     @Bean
     open fun filterChain(http: HttpSecurity): SecurityFilterChain {
-
-        println("loading")
         http {
+            csrf { disable() } // 关闭csrf
             authorizeHttpRequests {
-                authorize(anyRequest, authenticated)
+                authorize(anyRequest, permitAll)
             }
-            formLogin {  }
+            headers {
-            httpBasic {
+                cacheControl {  } // 禁用缓存
             }
+
         }
         return http.build()
     }
+
+    /**
+     * 装载BCrypt密码编码器
+     */
+    @Bean
+    open fun passwordEncoder(): BCryptPasswordEncoder {
+        return BCryptPasswordEncoder()
+    }
+
+//    @Bean
+//    open fun authenticationTokenFilter(): OncePerRequestFilter {
+//        return object: OncePerRequestFilter() {
+//            override fun doFilterInternal(
+//                request: HttpServletRequest,
+//                response: HttpServletResponse,
+//                filterChain: FilterChain
+//            ) {
+//                filterChain.doFilter(request, response)
+//            }
+//        }
+//    }
 }

src/main/java/dev/surl/surl/common/Msg.kt

@@ -1,7 +1,5 @@
 package dev.surl.surl.common
 
-data class Msg(
+data class Msg<T>(
-    val code: Int = 0,
+    val code: Int = 0, val msg: String? = null, val value: T? = null
-    val msg: String? = null,
-    val value: Any? = null
 )

src/main/java/dev/surl/surl/common/exception/UserRegistException.kt

@@ -0,0 +1,3 @@
+package dev.surl.surl.common.exception
+
+class UserRegistException(message: String? = null, cause: Throwable? = null): Throwable(message, cause)

src/main/java/dev/surl/surl/controller/SurlAddController.kt

@@ -10,14 +10,14 @@ import org.springframework.http.HttpStatus
 import org.springframework.http.ResponseEntity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.web.bind.annotation.GetMapping
-import org.springframework.web.bind.annotation.PostMapping
 import org.springframework.web.bind.annotation.RequestBody
+import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
 
 @RestController
 @EnableWebSecurity
 class SurlAddController {
-    @PostMapping("/surl/add")
+    @RequestMapping("/surl/add")
     fun addSurl(
         @Valid @RequestBody body: Surl, @Autowired service: SurlService, @Autowired cfg: BaseConfiguration
     ): Any {

src/main/java/dev/surl/surl/controller/UserController.kt

@@ -0,0 +1,19 @@
+package dev.surl.surl.controller
+
+import dev.surl.surl.common.Msg
+import dev.surl.surl.dto.UserDto
+import dev.surl.surl.service.UserService
+import jakarta.validation.Valid
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.web.bind.annotation.RequestBody
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RequestMethod
+import org.springframework.web.bind.annotation.RestController
+
+@RestController
+class UserController {
+    @RequestMapping(method = [RequestMethod.POST], path = ["/reg"])
+    fun reg(
+        @Autowired service: UserService, @Valid @RequestBody(required = true) user: UserDto
+    ) = service.addUser(user.username!!, user.password!!)
+}

src/main/java/dev/surl/surl/dao/User.kt

@@ -8,5 +8,5 @@ import org.jetbrains.exposed.dao.id.EntityID
 class User(id: EntityID<Long>): LongEntity(id) {
     companion object EntityClass: LongEntityClass<User>(Users)
     var username by Users.username
-    var passwd by Users.passwd
+    var password by Users.password
 }

src/main/java/dev/surl/surl/dsl/Users.kt

@@ -5,6 +5,6 @@ import org.jetbrains.exposed.dao.id.IdTable
 object Users: IdTable<Long>("users") {
     override val id = long("id").entityId()
     val username = varchar("username", 256).uniqueIndex()
-    val passwd = varchar("passwd", 256)
+    val password = varchar("password", 256)
     override val primaryKey = PrimaryKey(id, name = "PK_user_id")
 }

src/main/java/dev/surl/surl/dto/UserDto.kt

@@ -0,0 +1,17 @@
+package dev.surl.surl.dto
+
+import com.fasterxml.jackson.annotation.JsonProperty
+import jakarta.validation.constraints.NotNull
+import org.hibernate.validator.constraints.Length
+
+class UserDto (
+    @JsonProperty("username")
+    @get:Length(max = 16, min = 4, message = "username length must be between 4 and 16")
+    @get:NotNull(message = "username cannot be null")
+    val username: String?,
+
+    @JsonProperty("password")
+    @get:Length(max = 16, min = 8, message = "password length must be between 8 and 16")
+    @get:NotNull(message = "password cannot be null")
+    val password: String?
+)

src/main/java/dev/surl/surl/filter/JwtAuthenticationFilter.kt

@@ -0,0 +1,36 @@
+package dev.surl.surl.filter
+//
+//import dev.surl.surl.cfg.BaseConfiguration
+//import dev.surl.surl.util.JwtTokenUtil
+//import jakarta.servlet.FilterChain
+//import jakarta.servlet.http.HttpServletRequest
+//import jakarta.servlet.http.HttpServletResponse
+//import org.springframework.beans.factory.annotation.Autowired
+//import org.springframework.security.core.context.SecurityContextHolder
+//import org.springframework.stereotype.Component
+//import org.springframework.web.filter.OncePerRequestFilter
+//
+//@Component
+//class JwtAuthenticationFilter: OncePerRequestFilter() {
+//    @Autowired
+//    lateinit var jwtTokenUtil: JwtTokenUtil
+//
+//    @Autowired
+//    lateinit var cfg: BaseConfiguration
+//    override fun doFilterInternal(
+//        request: HttpServletRequest,
+//        response: HttpServletResponse,
+//        filterChain: FilterChain
+//    ) {
+//        val token: String? = request.getHeader(cfg.tokenHead)
+//        if(token.isNullOrEmpty()) {
+//            val claims = jwtTokenUtil.getTokenClaim(token)
+//            if(claims != null) {
+//                if(!jwtTokenUtil.isTokenExpired(token) && SecurityContextHolder.getContext().authentication == null) {
+//
+//                }
+//            }
+//        }
+//         filterChain.doFilter(request, response)
+//    }
+//}

src/main/java/dev/surl/surl/handler/AccessHandler.kt

@@ -0,0 +1,18 @@
+package dev.surl.surl.handler
+
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
+import org.springframework.security.access.AccessDeniedException
+import org.springframework.security.web.access.AccessDeniedHandler
+import org.springframework.web.bind.annotation.ControllerAdvice
+
+@ControllerAdvice
+class AccessHandler: AccessDeniedHandler {
+    override fun handle(
+        request: HttpServletRequest?,
+        response: HttpServletResponse?,
+        accessDeniedException: AccessDeniedException?
+    ) {
+        response?.sendRedirect("/login")
+    }
+}

src/main/java/dev/surl/surl/handler/DefaultExceptionHandler.kt

@@ -1,10 +1,12 @@
 package dev.surl.surl.handler
 
 import dev.surl.surl.common.Msg
+import dev.surl.surl.common.exception.UserRegistException
 import org.springframework.http.HttpHeaders
 import org.springframework.http.HttpStatus
 import org.springframework.http.HttpStatusCode
 import org.springframework.http.ResponseEntity
+import org.springframework.http.converter.HttpMessageNotReadableException
 import org.springframework.validation.method.MethodValidationException
 import org.springframework.web.bind.MethodArgumentNotValidException
 import org.springframework.web.bind.annotation.ControllerAdvice
@@ -17,23 +19,35 @@ class DefaultExceptionHandler : ResponseEntityExceptionHandler() {
     override fun handleMethodValidationException(
         ex: MethodValidationException, headers: HttpHeaders, status: HttpStatus, request: WebRequest
     ): ResponseEntity<Any> {
-        return ResponseEntity(Msg(code = -1, msg = ex.allValidationResults.joinToString(";")), status)
+        return ResponseEntity(Msg<String>(code = -1, msg = ex.allValidationResults.joinToString(";")), status)
     }
 
     override fun handleMethodArgumentNotValid(
         ex: MethodArgumentNotValidException, headers: HttpHeaders, status: HttpStatusCode, request: WebRequest
     ): ResponseEntity<Any> {
         return ResponseEntity(
-            Msg(code = -1, msg = ex.allErrors.joinToString(";") {
+            Msg<String>(code = -1, msg = ex.allErrors.joinToString(";") {
                 it.defaultMessage?.toString() ?: "unknown invalid method argument"
             }), status
         )
     }
 
+    override fun handleHttpMessageNotReadable(
+        ex: HttpMessageNotReadableException, headers: HttpHeaders, status: HttpStatusCode, request: WebRequest
+    ): ResponseEntity<Any> {
+        return ResponseEntity(Msg<String>(code = -1, msg = ex.message ?: "unknown error"), status)
+    }
+
     @ExceptionHandler(value = [Exception::class])
     fun handleException(
-        ex: Exception, headers: HttpHeaders, status: HttpStatusCode, request: WebRequest
+        ex: Exception
-    ): ResponseEntity<Msg> {
+    ): ResponseEntity<Msg<String>> {
-        return ResponseEntity(Msg(code = -1, msg = ex.message ?: "unknown error"), status)
+        return ResponseEntity(Msg(code = -1, msg = ex.message ?: "unknown error"), HttpStatus.INTERNAL_SERVER_ERROR)
+    }
+
+    @ExceptionHandler(value = [UserRegistException::class])
+    fun handleUserRegistException(ex: Exception, headers: HttpHeaders, status: HttpStatusCode, request: WebRequest
+    ): ResponseEntity<Msg<String>>{
+        return ResponseEntity(Msg(code = -1, msg = ex.message ?: "unknown regist error"), status)
     }
 }

src/main/java/dev/surl/surl/service/SurlService.kt

@@ -11,10 +11,11 @@ import org.springframework.stereotype.Service
 class SurlService {
     fun addSurl(baseurl: String): String = runBlocking {
         val id = genSnowflakeUID()
-        Surl.new {
+        transaction {
-            this.id._value = id
+            Surl.new(id) {
                 url = baseurl
             }
+        }
         return@runBlocking numberToKey(id)
     }
 

src/main/java/dev/surl/surl/service/UserService.kt

@@ -1,3 +1,43 @@
 package dev.surl.surl.service
 
-class UserService
+import dev.surl.surl.SurlApplication
+import dev.surl.surl.common.Msg
+import dev.surl.surl.common.exception.UserRegistException
+import dev.surl.surl.dao.User
+import dev.surl.surl.dsl.Users
+import dev.surl.surl.util.genSnowflakeUID
+import dev.surl.surl.util.numberToKey
+import kotlinx.coroutines.runBlocking
+import org.jetbrains.exposed.sql.transactions.transaction
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
+import org.springframework.stereotype.Service
+
+@Service
+class UserService(@Autowired private val passwordEncoder: BCryptPasswordEncoder) {
+    fun addUser(username: String, password: String): Msg<Any> {
+//        if (passwordEncoder == null) throw Exception("password encoder is null")
+//        val passwordEncoder = SurlApplication.context.getBean("bcryptor") as PasswordEncoder
+        val id = runBlocking {
+            genSnowflakeUID()
+        }
+        val encryptedPassword = passwordEncoder.encode(password)
+        transaction {
+            if (isUserExist(username)) {
+                throw UserRegistException("user is existed")
+            }
+            User.new(id) {
+                this.username = username
+                this.password = encryptedPassword
+            }
+        }
+        @Suppress("unused") return Msg(value = object {
+            val id = numberToKey(id)
+            val username = username
+        })
+    }
+
+    private fun isUserExist(username: String) = User.find {
+        Users.username eq username
+    }.toList().isNotEmpty()
+}

src/main/java/dev/surl/surl/util/JwtTokenUtil.kt

@@ -0,0 +1,75 @@
+package dev.surl.surl.util
+
+import dev.surl.surl.cfg.BaseConfiguration
+import dev.surl.surl.cfg.Logging
+import io.jsonwebtoken.Claims
+import io.jsonwebtoken.Jwts
+import org.hibernate.validator.internal.engine.DefaultClockProvider
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.context.properties.ConfigurationProperties
+import org.springframework.stereotype.Component
+import java.time.Clock
+import java.util.Date
+
+@Component
+@ConfigurationProperties(prefix = "jwt")
+class JwtTokenUtil {
+    @Autowired
+    private lateinit var cfg: BaseConfiguration
+
+    @Autowired
+    private lateinit var logging: Logging
+
+    private val clock: Clock = DefaultClockProvider.INSTANCE.clock
+
+    fun getToken(identityId: String, authorizes: List<String>): Map<String, Any> {
+        val now = Date()
+        val expireAt = now.time + cfg.expire
+        val expireDate = Date(expireAt)
+        val token = Jwts.builder().run {
+            subject(identityId)
+            issuedAt(now)
+            expiration(expireDate)
+            signWith(cfg.secretKey)
+            claim("roleAuthorizes", authorizes)
+            compact()
+        }
+        return mapOf(
+            "expireAt" to expireAt,
+            "token" to token
+        )
+    }
+
+    fun getTokenClaim(token: String?): Claims? {
+        if(token == null) return null
+        try {
+            return Jwts.parser().verifyWith(cfg.secretKey).build().parseSignedClaims(token).payload
+        } catch (e: Exception) {
+            logging.logger(JwtTokenUtil::class).error("get token claim error", e)
+            return null
+        }
+    }
+
+    private fun getExpireDateFromToken(token: String): Date? {
+        return getClaimFromToken(token) {
+            it?.expiration
+        }
+    }
+
+    fun isTokenExpired(token: String?): Boolean {
+        if(token == null) return true
+        val expireDate = getExpireDateFromToken(token)
+        return if(expireDate == null) true else expireDate.time < clock.millis()
+    }
+
+    fun getUsernameFromToken(token: String): String? {
+        return getClaimFromToken(token) {
+            it?.subject
+        }
+    }
+
+    private fun <T> getClaimFromToken(token: String, resolver: (Claims?) -> T): T {
+        val claims = getTokenClaim(token)
+        return resolver(claims)
+    }
+}

src/main/resources/application.yml

@@ -1,5 +1,7 @@
 server:
   port: 18888
+  servlet:
+    context-path: /api/v1
 spring:
   profiles:
     active: default
@@ -27,10 +29,6 @@ spring:
   exposed:
     show-sql: false
     generate-ddl: true
-  security:
-    user:
-      name: admin
-      password: 123
 logging:
   level:
     root: info