diff --git a/src/main/kotlin/plus/maa/backend/config/external/Jwt.kt b/src/main/kotlin/plus/maa/backend/config/external/Jwt.kt index 91fb990b..dbb38a5f 100644 --- a/src/main/kotlin/plus/maa/backend/config/external/Jwt.kt +++ b/src/main/kotlin/plus/maa/backend/config/external/Jwt.kt @@ -17,8 +17,4 @@ data class Jwt( * JwtToken的加密密钥 */ var secret: String = "", - /** - * Jwt 最大同时登录设备数 - */ - var maxLogin: Int = 1, ) diff --git a/src/main/kotlin/plus/maa/backend/service/UserService.kt b/src/main/kotlin/plus/maa/backend/service/UserService.kt index be2aef91..489d6981 100644 --- a/src/main/kotlin/plus/maa/backend/service/UserService.kt +++ b/src/main/kotlin/plus/maa/backend/service/UserService.kt @@ -5,7 +5,6 @@ import org.springframework.data.repository.findByIdOrNull import org.springframework.security.crypto.password.PasswordEncoder import org.springframework.stereotype.Service import plus.maa.backend.common.MaaStatusCode -import plus.maa.backend.config.external.MaaCopilotProperties import plus.maa.backend.controller.request.user.LoginDTO import plus.maa.backend.controller.request.user.PasswordResetDTO import plus.maa.backend.controller.request.user.RegisterDTO @@ -19,7 +18,6 @@ import plus.maa.backend.repository.entity.MaaUser import plus.maa.backend.service.jwt.JwtExpiredException import plus.maa.backend.service.jwt.JwtInvalidException import plus.maa.backend.service.jwt.JwtService -import java.util.UUID /** * @author AnselYuki @@ -31,7 +29,6 @@ class UserService( private val passwordEncoder: PasswordEncoder, private val userDetailService: UserDetailServiceImpl, private val jwtService: JwtService, - private val properties: MaaCopilotProperties, ) { /** * 登录方法 @@ -49,15 +46,9 @@ class UserService( throw MaaResultException(MaaStatusCode.MAA_USER_NOT_ENABLED) } - val jwtId = UUID.randomUUID().toString() - val jwtIds = user.refreshJwtIds - jwtIds.add(jwtId) - while (jwtIds.size > properties.jwt.maxLogin) jwtIds.removeAt(0) - userRepository.save(user) - val authorities = userDetailService.collectAuthoritiesFor(user) val authToken = jwtService.issueAuthToken(user.userId!!, null, authorities) - val refreshToken = jwtService.issueRefreshToken(user.userId, jwtId) + val refreshToken = jwtService.issueRefreshToken(user.userId, null) return MaaLoginRsp( authToken.value, @@ -144,18 +135,7 @@ class UserService( val userId = old.subject val user = userRepository.findById(userId).orElseThrow() - - val refreshJwtIds = user.refreshJwtIds - val idIndex = refreshJwtIds.indexOf(old.jwtId) - if (idIndex < 0) throw MaaResultException(401, "invalid token") - - val jwtId = UUID.randomUUID().toString() - refreshJwtIds[idIndex] = jwtId - - userRepository.save(user) - - val refreshToken = jwtService.newRefreshToken(old, jwtId) - + val refreshToken = jwtService.issueRefreshToken(userId, null) val authorities = userDetailService.collectAuthoritiesFor(user) val authToken = jwtService.issueAuthToken(userId, null, authorities) diff --git a/src/main/kotlin/plus/maa/backend/service/jwt/JwtService.kt b/src/main/kotlin/plus/maa/backend/service/jwt/JwtService.kt index 328492d0..953fc92c 100644 --- a/src/main/kotlin/plus/maa/backend/service/jwt/JwtService.kt +++ b/src/main/kotlin/plus/maa/backend/service/jwt/JwtService.kt @@ -57,18 +57,6 @@ class JwtService(properties: MaaCopilotProperties) { return JwtRefreshToken(subject, jwtId, now, expireAt, now, key) } - /** - * 产生新的 RefreshToken. 新的 token 除了签发和生效时间、 id 不同外,其余属性均继承自原来的 token. - * 一般情况下, RefreshToken 应结合数据库使用以避免陷入无法撤销的窘境 - * - * @param old 原 token - * @return 新的 RefreshToken - */ - fun newRefreshToken(old: JwtRefreshToken, jwtId: String?): JwtRefreshToken { - val now = Instant.now() - return JwtRefreshToken(old.subject, jwtId, now, old.expiresAt, now, key) - } - /** * 验证并解析为 RefreshToken. 该方法为 stateless 的验证。 * diff --git a/src/main/resources/application-template.yml b/src/main/resources/application-template.yml index 74a897cc..8e27bfdd 100644 --- a/src/main/resources/application-template.yml +++ b/src/main/resources/application-template.yml @@ -30,7 +30,6 @@ maa-copilot: expire: 21600 # JwtToken的加密密钥 secret: $I_Am_The_Bone_Of_My_Sword!Steel_Is_My_Body_And_Fire_Is_My_Blood!$ - max-login: 1 github: # GitHub api token token: github_pat_xxx diff --git a/src/test/kotlin/plus/maa/backend/service/jwt/JwtServiceTest.kt b/src/test/kotlin/plus/maa/backend/service/jwt/JwtServiceTest.kt index 6f65ed05..50f9c9a6 100644 --- a/src/test/kotlin/plus/maa/backend/service/jwt/JwtServiceTest.kt +++ b/src/test/kotlin/plus/maa/backend/service/jwt/JwtServiceTest.kt @@ -30,22 +30,6 @@ class JwtServiceTest { check(parsedToken.isAuthenticated) } - @Test - @Throws(JwtExpiredException::class, JwtInvalidException::class) - fun refreshTokenCodec() { - val service = createService() - - val subject = "some user id" - val origin = service.issueRefreshToken(subject, null) - - val parsedToken = service.verifyAndParseRefreshToken(origin.value) - check(subject == parsedToken.subject) - val newToken = service.newRefreshToken(parsedToken, null) - check(!newToken.issuedAt.isBefore(parsedToken.issuedAt)) - check(!newToken.notBefore.isBefore(parsedToken.notBefore)) - check(newToken.expiresAt == parsedToken.expiresAt) - } - @Test fun wrongTypeParseShouldFail() { val service = createService() @@ -58,4 +42,4 @@ class JwtServiceTest { service.verifyAndParseAuthToken(refreshToken.value) } } -} \ No newline at end of file +}