fix:refreshToken

2026-03-20 13:52:33 +08:00
parent 22f0b546ad
commit 816dfb2304
6 changed files with 101 additions and 0 deletions
--- a/xs-service/src/main/java/com/xiang/xservice/auth/service/service/XUserService.java
+++ b/xs-service/src/main/java/com/xiang/xservice/auth/service/service/XUserService.java
@@ -2,6 +2,7 @@ package com.xiang.xservice.auth.service.service;

 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.xiang.xservice.auth.api.dto.req.LoginRequest;
+import com.xiang.xservice.auth.api.dto.req.RefreshRequest;
 import com.xiang.xservice.auth.api.dto.req.RegisterRequest;
 import com.xiang.xservice.auth.api.dto.req.user.UserAddRequest;
 import com.xiang.xservice.auth.api.dto.req.user.UserDeptUpdateRequest;
@@ -38,4 +39,6 @@ public interface XUserService {
    Boolean setUserRole(UserRoleUpdateRequest request);

    UserDTO getUserDetail(Long userId);
+
+    LoginResp refresh(RefreshRequest request);
 }
--- a/xs-service/src/main/java/com/xiang/xservice/auth/service/service/impl/XUserServiceImpl.java
+++ b/xs-service/src/main/java/com/xiang/xservice/auth/service/service/impl/XUserServiceImpl.java
@@ -9,6 +9,7 @@ import com.xiang.xservice.auth.api.code.Code01UserErrorCode;
 import com.xiang.xservice.auth.api.code.Code02RoleErrorCode;
 import com.xiang.xservice.auth.api.code.Code03DeptErrorCode;
 import com.xiang.xservice.auth.api.dto.req.LoginRequest;
+import com.xiang.xservice.auth.api.dto.req.RefreshRequest;
 import com.xiang.xservice.auth.api.dto.req.RegisterRequest;
 import com.xiang.xservice.auth.api.dto.req.user.UserAddRequest;
 import com.xiang.xservice.auth.api.dto.req.user.UserDeptUpdateRequest;
@@ -123,6 +124,7 @@ public class XUserServiceImpl implements XUserService {
                        LoginResp loginResp = new LoginResp();
                        loginResp.setToken(user.getToken());
                        loginResp.setUsername(request.getUsername());
+                        loginResp.setRefreshToken(user.getRefreshToken());
                        return loginResp;
                    }
                }
@@ -159,6 +161,7 @@ public class XUserServiceImpl implements XUserService {
        LoginResp loginResp = new LoginResp();
        loginResp.setToken(token);
        loginResp.setUsername(request.getUsername());
+        loginResp.setRefreshToken(refreshToken);
        // 3. redis缓存token
        redisService.set(RedisConstant.LOGIN_TOKEN + request.getUsername(), token, 3, TimeUnit.HOURS);
        // 4. db 存储token
@@ -318,4 +321,56 @@ public class XUserServiceImpl implements XUserService {
        }
        return dto;
    }
+
+    @Override
+    public LoginResp refresh(RefreshRequest request) {
+        XUser user = userMapper.selectByUsername(request.getUsername());
+        if (Objects.isNull(user)) {
+            throw new BusinessException(Code01UserErrorCode.USER_NOT_EXISTS);
+        }
+        if (StringUtils.isBlank(user.getRefreshToken()) || !user.getRefreshToken().equals(request.getRefreshToken())) {
+            throw new BusinessException(Code01UserErrorCode.REFRESH_TOKEN_NOT_EXISTS);
+        }
+        // 校验 refreshToken 是否过期
+        Jwt refreshJwt;
+        try {
+            refreshJwt = jwtDecoder.decode(request.getRefreshToken());
+        } catch (Exception e) {
+            log.error("【刷新token】refreshToken解析失败", e);
+            throw new BusinessException("refreshToken 无效或已过期");
+        }
+        if (Objects.isNull(refreshJwt.getExpiresAt()) || refreshJwt.getExpiresAt().isBefore(Instant.now())) {
+            throw new BusinessException("refreshToken 已过期，请重新登录");
+        }
+        // 查询角色
+        List<String> roleCodes = Lists.newArrayList();
+        List<XUserRole> userRoles = userRoleMapper.getByUserId(user.getId());
+        if (CollectionUtils.isNotEmpty(userRoles)) {
+            List<XRole> roles = roleMapper.getRoleByIds(userRoles.stream().map(XUserRole::getRoleId).collect(Collectors.toList()));
+            if (CollectionUtils.isNotEmpty(roles)) {
+                roleCodes.addAll(roles.stream().map(XRole::getCode).toList());
+            }
+        }
+        // 生成新的 accessToken
+        Instant now = Instant.now();
+        JwtClaimsSet claims = JwtClaimsSet.builder()
+                .issuedAt(now)
+                .expiresAt(now.plus(3, ChronoUnit.HOURS))
+                .claim("userId", user.getId())
+                .claim("tenantId", user.getTenantId())
+                .claim("timestamp", System.currentTimeMillis())
+                .claim("username", request.getUsername())
+                .claim("authorities", roleCodes)
+                .build();
+        String newToken = jwtEncoder.encode(JwtEncoderParameters.from(claims)).getTokenValue();
+        // 更新 Redis 和 DB
+        redisService.set(RedisConstant.LOGIN_TOKEN + request.getUsername(), newToken, 3, TimeUnit.HOURS);
+        user.setToken(newToken);
+        userMapper.update(user);
+        LoginResp loginResp = new LoginResp();
+        loginResp.setToken(newToken);
+        loginResp.setUsername(request.getUsername());
+        loginResp.setRefreshToken(request.getRefreshToken());
+        return loginResp;
+    }
 }