feat: 完成双token刷新
This commit is contained in:
ccnetcore
@@ -14,6 +14,6 @@ namespace Yi.Framework.Rbac.Domain.Shared.Options
|
|||||||
|
|
||||||
public string SecurityKey { get; set; } = "892u4j1803qj23jro0fjkf8bmsdf9nb9mf92834u23jdf923jrnmvasbceqwt347562tgdhdnsv9wevbnop";
|
public string SecurityKey { get; set; } = "892u4j1803qj23jro0fjkf8bmsdf9nb9mf92834u23jdf923jrnmvasbceqwt347562tgdhdnsv9wevbnop";
|
||||||
|
|
||||||
public long ExpiresMinuteTime { get; set; } = 120;
|
public long ExpiresSecondTime { get; set; } = 600;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -19,9 +19,9 @@ namespace Yi.Framework.Rbac.Domain.Authorization
|
|||||||
public class RefreshTokenMiddleware : IMiddleware, ITransientDependency
|
public class RefreshTokenMiddleware : IMiddleware, ITransientDependency
|
||||||
{
|
{
|
||||||
private AccountManager _accountManager;
|
private AccountManager _accountManager;
|
||||||
|
|
||||||
public RefreshTokenMiddleware(AccountManager accountManager)
|
public RefreshTokenMiddleware(AccountManager accountManager)
|
||||||
{
|
{
|
||||||
|
|
||||||
_accountManager = accountManager;
|
_accountManager = accountManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -29,6 +29,10 @@ namespace Yi.Framework.Rbac.Domain.Authorization
|
|||||||
{
|
{
|
||||||
var refreshToken = context.Request.Headers["refresh_token"].ToString();
|
var refreshToken = context.Request.Headers["refresh_token"].ToString();
|
||||||
if (!string.IsNullOrEmpty(refreshToken))
|
if (!string.IsNullOrEmpty(refreshToken))
|
||||||
|
{
|
||||||
|
//Jwt鉴权失败,过期了,再去找刷新token,进行刷新处理,不用每次都去刷新
|
||||||
|
var bearerAuthResult = await context.AuthenticateAsync("Bearer");
|
||||||
|
if (!bearerAuthResult.Succeeded)
|
||||||
{
|
{
|
||||||
//每个用户的token刷新频率可以进行控制,防止刷新token当访问token使用
|
//每个用户的token刷新频率可以进行控制,防止刷新token当访问token使用
|
||||||
var authResult = await context.AuthenticateAsync(TokenTypeConst.Refresh);
|
var authResult = await context.AuthenticateAsync(TokenTypeConst.Refresh);
|
||||||
@@ -45,7 +49,15 @@ namespace Yi.Framework.Rbac.Domain.Authorization
|
|||||||
//请求头替换,补充后续鉴权逻辑
|
//请求头替换,补充后续鉴权逻辑
|
||||||
context.Request.Headers["Authorization"] = "Bearer " + access_Token;
|
context.Request.Headers["Authorization"] = "Bearer " + access_Token;
|
||||||
}
|
}
|
||||||
|
//刷新token 与 access_token都失效了
|
||||||
|
// else
|
||||||
|
// {
|
||||||
|
//context.Response.StatusCode = StatusCodes.Status401Unauthorized;
|
||||||
|
//return;
|
||||||
|
// }
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
await next(context);
|
await next(context);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -57,8 +69,6 @@ namespace Yi.Framework.Rbac.Domain.Authorization
|
|||||||
{
|
{
|
||||||
app.UseMiddleware<RefreshTokenMiddleware>();
|
app.UseMiddleware<RefreshTokenMiddleware>();
|
||||||
return app;
|
return app;
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -106,7 +106,7 @@ namespace Yi.Framework.Rbac.Domain.Managers
|
|||||||
issuer: _jwtOptions.Issuer,
|
issuer: _jwtOptions.Issuer,
|
||||||
audience: _jwtOptions.Audience,
|
audience: _jwtOptions.Audience,
|
||||||
claims: claims,
|
claims: claims,
|
||||||
expires: DateTime.Now.AddMinutes(_jwtOptions.ExpiresMinuteTime),
|
expires: DateTime.Now.AddSeconds(_jwtOptions.ExpiresSecondTime),
|
||||||
notBefore: DateTime.Now,
|
notBefore: DateTime.Now,
|
||||||
signingCredentials: creds);
|
signingCredentials: creds);
|
||||||
string returnToken = new JwtSecurityTokenHandler().WriteToken(token);
|
string returnToken = new JwtSecurityTokenHandler().WriteToken(token);
|
||||||
@@ -127,7 +127,7 @@ namespace Yi.Framework.Rbac.Domain.Managers
|
|||||||
issuer: _refreshJwtOptions.Issuer,
|
issuer: _refreshJwtOptions.Issuer,
|
||||||
audience: _refreshJwtOptions.Audience,
|
audience: _refreshJwtOptions.Audience,
|
||||||
claims: claims,
|
claims: claims,
|
||||||
expires: DateTime.Now.AddMinutes(_refreshJwtOptions.ExpiresMinuteTime),
|
expires: DateTime.Now.AddSeconds(_refreshJwtOptions.ExpiresSecondTime),
|
||||||
notBefore: DateTime.Now,
|
notBefore: DateTime.Now,
|
||||||
signingCredentials: creds);
|
signingCredentials: creds);
|
||||||
string returnToken = new JwtSecurityTokenHandler().WriteToken(token);
|
string returnToken = new JwtSecurityTokenHandler().WriteToken(token);
|
||||||
|
|||||||
@@ -190,25 +190,21 @@ namespace Yi.Framework.Rbac.Domain.Managers
|
|||||||
{
|
{
|
||||||
//此处优先从缓存中获取
|
//此处优先从缓存中获取
|
||||||
UserRoleMenuDto output = null;
|
UserRoleMenuDto output = null;
|
||||||
var tokenExpiresMinuteTime =
|
var tokenExpiresSecondTime =
|
||||||
LazyServiceProvider.GetRequiredService<IOptions<JwtOptions>>().Value.ExpiresMinuteTime;
|
LazyServiceProvider.GetRequiredService<IOptions<JwtOptions>>().Value.ExpiresSecondTime;
|
||||||
var cacheData = await _userCache.GetOrAddAsync(new UserInfoCacheKey(userId),
|
var cacheData = await _userCache.GetOrAddAsync(new UserInfoCacheKey(userId),
|
||||||
async () =>
|
async () =>
|
||||||
{
|
{
|
||||||
var user = await _userRepository.GetUserAllInfoAsync(userId);
|
var user = await _userRepository.GetUserAllInfoAsync(userId);
|
||||||
var data = EntityMapToDto(user);
|
var data = EntityMapToDto(user);
|
||||||
//系统用户数据被重置,老前端访问重新授权
|
//系统用户数据被重置,老前端访问重新授权
|
||||||
if (data is null)
|
|
||||||
{
|
|
||||||
throw new AbpAuthorizationException();
|
|
||||||
}
|
|
||||||
|
|
||||||
//data.Menus.Clear();
|
//data.Menus.Clear();
|
||||||
output = data;
|
output = data ?? throw new AbpAuthorizationException();
|
||||||
return new UserInfoCacheItem(data);
|
return new UserInfoCacheItem(data);
|
||||||
},
|
},
|
||||||
() => new DistributedCacheEntryOptions
|
() => new DistributedCacheEntryOptions
|
||||||
{ AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(tokenExpiresMinuteTime) });
|
{ AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(tokenExpiresSecondTime) });
|
||||||
|
|
||||||
if (cacheData is not null)
|
if (cacheData is not null)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -1,21 +1,21 @@
|
|||||||
import axios from "axios";
|
import axios from "axios";
|
||||||
import router from "@/router";
|
import router from "@/router";
|
||||||
import { ElMessage } from "element-plus";
|
import {ElMessage} from "element-plus";
|
||||||
import { config } from "@/config/axios/config";
|
import {config} from "@/config/axios/config";
|
||||||
import { Session } from "@/utils/storage";
|
import {Session} from "@/utils/storage";
|
||||||
import useAuths from "@/hooks/useAuths";
|
import useAuths from "@/hooks/useAuths";
|
||||||
|
|
||||||
const { VITE_APP_ENV_NAME } = import.meta.env;
|
const {VITE_APP_ENV_NAME} = import.meta.env;
|
||||||
const { getToken, removeToken } = useAuths();
|
const {getToken,getRefreshToken, removeToken, setToken, setRefreshToken} = useAuths();
|
||||||
|
|
||||||
const { base_url, request_timeout, pre_interface } = config;
|
const {base_url, request_timeout, pre_interface} = config;
|
||||||
export const PATH_URL = base_url[VITE_APP_ENV_NAME];
|
export const PATH_URL = base_url[VITE_APP_ENV_NAME];
|
||||||
|
|
||||||
// 配置新建一个 axios 实例
|
// 配置新建一个 axios 实例
|
||||||
const service = axios.create({
|
const service = axios.create({
|
||||||
baseURL: PATH_URL, // api 的 base_url
|
baseURL: PATH_URL, // api 的 base_url
|
||||||
timeout: request_timeout, // 请求超时时间
|
timeout: request_timeout, // 请求超时时间
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: {"Content-Type": "application/json"},
|
||||||
hideerror: false, //是否在底层显示错误信息
|
hideerror: false, //是否在底层显示错误信息
|
||||||
isFinish: false,
|
isFinish: false,
|
||||||
});
|
});
|
||||||
@@ -28,6 +28,11 @@ service.interceptors.request.use(
|
|||||||
if (token) {
|
if (token) {
|
||||||
config.headers["Authorization"] = `Bearer ${token}`;
|
config.headers["Authorization"] = `Bearer ${token}`;
|
||||||
}
|
}
|
||||||
|
const refreshToken = getRefreshToken();
|
||||||
|
if (refreshToken) {
|
||||||
|
config.headers["refresh_token"] = `${refreshToken}`;
|
||||||
|
}
|
||||||
|
|
||||||
if (Session.get("tenantId")) {
|
if (Session.get("tenantId")) {
|
||||||
config.headers["TenantId"] = Session.get("tenantId");
|
config.headers["TenantId"] = Session.get("tenantId");
|
||||||
}
|
}
|
||||||
@@ -42,27 +47,39 @@ service.interceptors.request.use(
|
|||||||
// 添加响应拦截器
|
// 添加响应拦截器
|
||||||
service.interceptors.response.use(
|
service.interceptors.response.use(
|
||||||
(response) => {
|
(response) => {
|
||||||
const { config } = response;
|
const {config} = response;
|
||||||
config.isFinish = true;
|
config.isFinish = true;
|
||||||
|
//后端返回双token,替换
|
||||||
|
if (response.headers["refresh_token"]) {
|
||||||
|
setToken(response.headers["access_token"]);
|
||||||
|
setRefreshToken(response.headers["refresh_token"]);
|
||||||
|
// //然后修改config重新请求
|
||||||
|
// config.headers["Authorization"] = `Bearer ${getToken()}`;
|
||||||
|
// service.request(config);
|
||||||
|
}
|
||||||
|
|
||||||
return Promise.resolve(response);
|
return Promise.resolve(response);
|
||||||
},
|
},
|
||||||
(error) => {
|
(error) => {
|
||||||
const { config } = error;
|
const {config} = error;
|
||||||
// 对响应错误做点什么
|
// 对响应错误做点什么
|
||||||
if (error.message.indexOf("timeout") != -1) {
|
if (error.message.indexOf("timeout") !== -1) {
|
||||||
ElMessage({
|
ElMessage({
|
||||||
type: "error",
|
type: "error",
|
||||||
message: "网络超时",
|
message: "网络超时",
|
||||||
});
|
});
|
||||||
} else if (error.message == "Network Error") {
|
} else if (error.message === "Network Error") {
|
||||||
ElMessage({
|
ElMessage({
|
||||||
type: "error",
|
type: "error",
|
||||||
message: "网络连接错误",
|
message: "网络连接错误",
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
|
//处理状态码和消息
|
||||||
const res = error.response || {};
|
const res = error.response || {};
|
||||||
const status = Number(res.status) || 200;
|
const status = Number(res.status) || 200;
|
||||||
const message = res?.data?.error?.message;
|
const message = res?.data?.error?.message;
|
||||||
|
|
||||||
if (status === 401) {
|
if (status === 401) {
|
||||||
ElMessageBox.confirm("该功能需要登陆后享有,是否立即登录?", "提示", {
|
ElMessageBox.confirm("该功能需要登陆后享有,是否立即登录?", "提示", {
|
||||||
confirmButtonText: "确认",
|
confirmButtonText: "确认",
|
||||||
@@ -74,6 +91,7 @@ service.interceptors.response.use(
|
|||||||
});
|
});
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
//处理非200
|
||||||
if (status !== 200) {
|
if (status !== 200) {
|
||||||
if (status >= 500) {
|
if (status >= 500) {
|
||||||
ElMessage({
|
ElMessage({
|
||||||
|
|||||||
@@ -14,7 +14,6 @@ export const AUTH_USER = "AUTH_USER";
|
|||||||
export default function useAuths(opt) {
|
export default function useAuths(opt) {
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
const defaultOpt = {
|
const defaultOpt = {
|
||||||
loginUrl: "/login", // 登录页跳转url 默认: /login
|
loginUrl: "/login", // 登录页跳转url 默认: /login
|
||||||
loginReUrl: "", // 登录页登陆成功后带重定向redirect=的跳转url 默认为空
|
loginReUrl: "", // 登录页登陆成功后带重定向redirect=的跳转url 默认为空
|
||||||
@@ -29,7 +28,7 @@ export default function useAuths(opt) {
|
|||||||
|
|
||||||
// 获取token
|
// 获取token
|
||||||
const getToken = () => {
|
const getToken = () => {
|
||||||
var token= Local.get(TokenKey);
|
var token = Local.get(TokenKey);
|
||||||
return token;
|
return token;
|
||||||
};
|
};
|
||||||
// 获取token
|
// 获取token
|
||||||
@@ -37,13 +36,13 @@ export default function useAuths(opt) {
|
|||||||
return Local.get(RefreshTokenKey);
|
return Local.get(RefreshTokenKey);
|
||||||
};
|
};
|
||||||
|
|
||||||
const isLogin=computed(()=>{
|
const isLogin = computed(() => {
|
||||||
return getToken()? true : false
|
return getToken() ? true : false
|
||||||
});
|
});
|
||||||
|
|
||||||
const currentUserInfo=computed(()=>{
|
const currentUserInfo = computed(() => {
|
||||||
return useUserStore();
|
return useUserStore();
|
||||||
});
|
});
|
||||||
|
|
||||||
// 存储token到cookies
|
// 存储token到cookies
|
||||||
const setToken = (token) => {
|
const setToken = (token) => {
|
||||||
@@ -121,7 +120,7 @@ const currentUserInfo=computed(()=>{
|
|||||||
await loginSuccess(res);
|
await loginSuccess(res);
|
||||||
return res;
|
return res;
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
const { data } = error;
|
const {data} = error;
|
||||||
if (error.status === 403 && data.error?.message === "验证码错误") {
|
if (error.status === 403 && data.error?.message === "验证码错误") {
|
||||||
useUserStore().updateCodeImage();
|
useUserStore().updateCodeImage();
|
||||||
}
|
}
|
||||||
@@ -131,7 +130,7 @@ const currentUserInfo=computed(()=>{
|
|||||||
// 获取用户基本信息、角色、菜单权限
|
// 获取用户基本信息、角色、菜单权限
|
||||||
const getUserInfo = async () => {
|
const getUserInfo = async () => {
|
||||||
try {
|
try {
|
||||||
let { data } = await getUserDetailInfo();
|
let {data} = await getUserDetailInfo();
|
||||||
// useUserStore
|
// useUserStore
|
||||||
// store.dispatch("updateUserInfo", result);
|
// store.dispatch("updateUserInfo", result);
|
||||||
return data;
|
return data;
|
||||||
@@ -151,7 +150,7 @@ const currentUserInfo=computed(()=>{
|
|||||||
|
|
||||||
// 登录成功之后的操作
|
// 登录成功之后的操作
|
||||||
const loginSuccess = async (res) => {
|
const loginSuccess = async (res) => {
|
||||||
const { token,refreshToken } = res.data;
|
const {token, refreshToken} = res.data;
|
||||||
|
|
||||||
setToken(token);
|
setToken(token);
|
||||||
setRefreshToken(refreshToken);
|
setRefreshToken(refreshToken);
|
||||||
@@ -178,8 +177,6 @@ const currentUserInfo=computed(()=>{
|
|||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// 注册
|
// 注册
|
||||||
const registerFun = async (params) => {
|
const registerFun = async (params) => {
|
||||||
// try {
|
// try {
|
||||||
@@ -196,7 +193,7 @@ const currentUserInfo=computed(()=>{
|
|||||||
// 找回密码
|
// 找回密码
|
||||||
const retrievePasswordFun = async (params) => {
|
const retrievePasswordFun = async (params) => {
|
||||||
// try {
|
// try {
|
||||||
const {data}=await userRetrievePassword(params);
|
const {data} = await userRetrievePassword(params);
|
||||||
ElMessage({
|
ElMessage({
|
||||||
message: `恭喜!账号:${data},找回成功!密码已重置,请登录!`,
|
message: `恭喜!账号:${data},找回成功!密码已重置,请登录!`,
|
||||||
type: "success",
|
type: "success",
|
||||||
|
|||||||
@@ -1,10 +1,10 @@
|
|||||||
|
|
||||||
import axios from 'axios';
|
import axios from 'axios';
|
||||||
import { getToken } from '@/utils/auth'
|
import {getToken} from '@/utils/auth'
|
||||||
export let isRelogin = { show: false };
|
|
||||||
|
export let isRelogin = {show: false};
|
||||||
// import JsonBig from 'json-bigint'
|
// import JsonBig from 'json-bigint'
|
||||||
const myaxios = axios.create({
|
const myaxios = axios.create({
|
||||||
baseURL:import.meta.env.VITE_APP_BASEAPI,
|
baseURL: import.meta.env.VITE_APP_BASEAPI,
|
||||||
timeout: 50000,
|
timeout: 50000,
|
||||||
// transformResponse: [data => {
|
// transformResponse: [data => {
|
||||||
// try {
|
// try {
|
||||||
@@ -22,7 +22,6 @@ const myaxios = axios.create({
|
|||||||
})
|
})
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// 请求拦截器
|
// 请求拦截器
|
||||||
myaxios.interceptors.request.use(function (config) {
|
myaxios.interceptors.request.use(function (config) {
|
||||||
if (getToken()) {
|
if (getToken()) {
|
||||||
@@ -37,17 +36,15 @@ myaxios.interceptors.request.use(function (config) {
|
|||||||
// 响应拦截器
|
// 响应拦截器
|
||||||
myaxios.interceptors.response.use(function (response) {
|
myaxios.interceptors.response.use(function (response) {
|
||||||
//业务错误
|
//业务错误
|
||||||
if(response.data.statusCode==403)
|
if (response.data.statusCode == 403) {
|
||||||
{
|
|
||||||
ElMessage.error(response.data.errors)
|
ElMessage.error(response.data.errors)
|
||||||
}
|
}
|
||||||
return response;
|
return response;
|
||||||
}, function (error) {
|
}, function (error) {
|
||||||
const code = error.response.status;
|
const code = error.response.status;
|
||||||
const msg = error.message;
|
const msg = error.message;
|
||||||
//业务异常+应用异常,统一处理
|
//业务异常+应用异常,统一处理
|
||||||
switch(code)
|
switch (code) {
|
||||||
{
|
|
||||||
case 401:
|
case 401:
|
||||||
ElMessage.error('登录已过期')
|
ElMessage.error('登录已过期')
|
||||||
break;
|
break;
|
||||||
|
|||||||
Reference in New Issue
Block a user