From ebeafebc3df248ed3566484f6c55a2637b28061a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=88=B4=E5=9D=87=E9=91=91=20Tai?= Date: Wed, 12 Jan 2022 11:10:56 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=20OAuth2=20plugin=20?= =?UTF-8?q?=E8=A3=A1=E9=A0=AD=E8=99=95=E7=90=86=20Past-Client-Token=20?= =?UTF-8?q?=E7=9A=84=E8=A8=AD=E5=AE=9A=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 背景:在實務需求上,會很有機會需要讓前一個的 client token(credential mode) 並存,以處理多個併發的請求,但原有的行為則會間接允許相同的 client 簽發出兩個能同時被接受的 access token。 - 作法:參考 jwt-auth 設計的 [blacklist_grace_period](https://github.com/tymondesigns/jwt-auth/blob/develop/config/config.php#L238),允許另外的設定去配置 pastClientToken 的 ttl 。 - 影響:在預設不調整的情境下,套件使用者也可保留原本的行為,不需做任何更改。 --- .../satoken/oauth2/config/SaOAuth2Config.java | 22 ++++++++++++++++++- .../oauth2/logic/SaOAuth2Template.java | 6 ++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java index 617a50ac..6e5e99ea 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java @@ -42,6 +42,9 @@ public class SaOAuth2Config implements Serializable { /** Client-Token 保存的时间(单位秒) 默认两个小时 */ public long clientTokenTimeout = 60 * 60 * 2; + /** Past-Client-Token 保存的时间(单位秒) 默认為 null */ + public Long pastClientTokenTimeout = null; + /** * @return isCode @@ -177,6 +180,22 @@ public class SaOAuth2Config implements Serializable { return this; } + /** + * @return pastClientTokenTimeout + */ + public Long getPastClientTokenTimeout() { + return pastClientTokenTimeout; + } + + /** + * @param pastClientTokenTimeout 要设置的 pastClientTokenTimeout + * @return 对象自身 + */ + public SaOAuth2Config setPastClientTokenTimeout(long pastClientTokenTimeout) { + this.pastClientTokenTimeout = pastClientTokenTimeout; + return this; + } + // -------------------- SaOAuth2Handle 所有回调函数 -------------------- @@ -228,7 +247,8 @@ public class SaOAuth2Config implements Serializable { return "SaOAuth2Config [isCode=" + isCode + ", isImplicit=" + isImplicit + ", isPassword=" + isPassword + ", isClient=" + isClient + ", isNewRefresh=" + isNewRefresh + ", codeTimeout=" + codeTimeout + ", accessTokenTimeout=" + accessTokenTimeout + ", refreshTokenTimeout=" + refreshTokenTimeout - + ", clientTokenTimeout=" + clientTokenTimeout + "]"; + + ", clientTokenTimeout=" + clientTokenTimeout + ", pastClientTokenTimeout=" + pastClientTokenTimeout + +"]"; } } diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Template.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Template.java index a5df45bc..c3ec9900 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Template.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Template.java @@ -598,7 +598,11 @@ public class SaOAuth2Template { if(ct == null) { return; } - SaManager.getSaTokenDao().set(splicingPastTokenIndexKey(ct.clientId), ct.clientToken, ct.getExpiresIn()); + Long ttl = ct.getExpiresIn(); + if (null != SaOAuth2Manager.getConfig().getPastClientTokenTimeout()) { + ttl = SaOAuth2Manager.getConfig().getPastClientTokenTimeout(); + } + SaManager.getSaTokenDao().set(splicingPastTokenIndexKey(ct.clientId), ct.clientToken, ttl); } /** * 持久化:用户授权记录