hamx/ArtisanConnectBackend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dużo lepsza autoryzacja teraz, dużo lepsza. Tokeny wygasają, można mieć tylko jeden aktywny token per user

Browse Source
This commit is contained in:
Andrii Solianyk
2025-06-02 13:46:09 +02:00
parent 0d32b4a495
commit ffbd8d220c
4 changed files with 32 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/_11/asktpk/artisanconnectbackend/security/JwtRequestFilter.java
View File

@@ -36,8 +36,12 @@ public class JwtRequestFilter extends OncePerRequestFilter {
if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
jwt = authorizationHeader.substring(7);
if (jwtUtil.isBlacklisted(jwt)) {
if (jwtUtil.isBlacklisted(jwt) || !jwtUtil.isLatestToken(jwt)) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType("application/json");
response.setCharacterEncoding("UTF-8");
String jsonResponse = "{\"error\": \"Token is invalid or expired. Please login again.\"}";
response.getWriter().write(jsonResponse);
return;
}

27
src/main/java/_11/asktpk/artisanconnectbackend/security/JwtUtil.java
View File

@@ -8,10 +8,7 @@ import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import javax.crypto.SecretKey;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Function;
@@ -40,11 +37,27 @@ public class JwtUtil {
return Keys.hmacShaKeyFor(secret.getBytes());
}
private final Map<String, String> userActiveTokens = new ConcurrentHashMap<>();
public boolean isLatestToken(String token) {
String email = extractEmail(token);
String tokenId = extractTokenId(token);
String latestTokenId = userActiveTokens.get(email);
return latestTokenId != null && latestTokenId.equals(tokenId);
}
public String generateToken(String email, String role, Long userId) {
Map<String, Object> claims = new HashMap<>();
claims.put("role", role);
claims.put("userId", userId);
return createToken(claims, email);
claims.put("tokenId", UUID.randomUUID().toString());
String token = createToken(claims, email);
userActiveTokens.put(email, extractTokenId(token));
return token;
}
private String createToken(Map<String, Object> claims, String subject) {
@@ -57,6 +70,10 @@ public class JwtUtil {
.compact();
}
public String extractTokenId(String token) {
return extractAllClaims(token).get("tokenId", String.class);
}
public String extractEmail(String token) {
return extractClaim(token, Claims::getSubject);
}