94 lines
4.1 KiB
Java
94 lines
4.1 KiB
Java
package com.example.demo.auth;
|
|
|
|
import com.auth0.jwt.JWT;
|
|
import com.auth0.jwt.algorithms.Algorithm;
|
|
import com.auth0.jwt.interfaces.DecodedJWT;
|
|
import com.auth0.jwt.interfaces.JWTVerifier;
|
|
import org.springframework.stereotype.Service;
|
|
|
|
import java.time.Instant;
|
|
import java.util.HashMap;
|
|
import java.util.Map;
|
|
|
|
@Service
|
|
public class JwtService {
|
|
private final JwtProperties props;
|
|
|
|
public JwtService(JwtProperties props) {
|
|
this.props = props;
|
|
}
|
|
|
|
public String signToken(Long userId, Long shopId, String phone, String provider) {
|
|
Instant now = Instant.now();
|
|
Algorithm alg = Algorithm.HMAC256(props.getSecret() == null ? "dev-secret" : props.getSecret());
|
|
var jwt = JWT.create()
|
|
.withIssuer(props.getIssuer())
|
|
.withIssuedAt(java.util.Date.from(now))
|
|
.withExpiresAt(java.util.Date.from(now.plusSeconds(props.getTtlSeconds())))
|
|
.withClaim("userId", userId)
|
|
.withClaim("shopId", shopId)
|
|
.withClaim("provider", provider);
|
|
if (phone != null && !phone.isBlank()) jwt.withClaim("phone", phone);
|
|
return jwt.sign(alg);
|
|
}
|
|
|
|
public String signToken(Long userId, Long shopId, String phone, String provider, String email) {
|
|
Instant now = Instant.now();
|
|
Algorithm alg = Algorithm.HMAC256(props.getSecret() == null ? "dev-secret" : props.getSecret());
|
|
var jwt = JWT.create()
|
|
.withIssuer(props.getIssuer())
|
|
.withIssuedAt(java.util.Date.from(now))
|
|
.withExpiresAt(java.util.Date.from(now.plusSeconds(props.getTtlSeconds())))
|
|
.withClaim("userId", userId)
|
|
.withClaim("shopId", shopId)
|
|
.withClaim("provider", provider);
|
|
if (phone != null && !phone.isBlank()) jwt.withClaim("phone", phone);
|
|
if (email != null && !email.isBlank()) jwt.withClaim("email", email);
|
|
return jwt.sign(alg);
|
|
}
|
|
|
|
public String signAdminToken(Long adminId, String username) {
|
|
Instant now = Instant.now();
|
|
Algorithm alg = Algorithm.HMAC256(props.getSecret() == null ? "dev-secret" : props.getSecret());
|
|
var jwt = JWT.create()
|
|
.withIssuer(props.getIssuer())
|
|
.withIssuedAt(java.util.Date.from(now))
|
|
.withExpiresAt(java.util.Date.from(now.plusSeconds(props.getTtlSeconds())))
|
|
.withClaim("adminId", adminId)
|
|
.withClaim("role", "admin");
|
|
if (username != null && !username.isBlank()) jwt.withClaim("username", username);
|
|
return jwt.sign(alg);
|
|
}
|
|
|
|
public Map<String,Object> parseClaims(String authorizationHeader) {
|
|
Map<String,Object> out = new HashMap<>();
|
|
if (authorizationHeader == null || authorizationHeader.isBlank()) return out;
|
|
String prefix = "Bearer ";
|
|
if (!authorizationHeader.startsWith(prefix)) return out;
|
|
String token = authorizationHeader.substring(prefix.length()).trim();
|
|
try {
|
|
Algorithm alg = Algorithm.HMAC256(props.getSecret() == null ? "dev-secret" : props.getSecret());
|
|
JWTVerifier verifier = JWT.require(alg)
|
|
.withIssuer(props.getIssuer())
|
|
.acceptLeeway(props.getClockSkewSeconds())
|
|
.build();
|
|
DecodedJWT jwt = verifier.verify(token);
|
|
Long userId = jwt.getClaim("userId").asLong();
|
|
Long shopId = jwt.getClaim("shopId").asLong();
|
|
String phone = jwt.getClaim("phone").asString();
|
|
String email = jwt.getClaim("email").asString();
|
|
Long adminId = jwt.getClaim("adminId").asLong();
|
|
String role = jwt.getClaim("role").asString();
|
|
if (userId != null) out.put("userId", userId);
|
|
if (shopId != null) out.put("shopId", shopId);
|
|
if (phone != null && !phone.isBlank()) out.put("phone", phone);
|
|
if (email != null && !email.isBlank()) out.put("email", email);
|
|
if (adminId != null) out.put("adminId", adminId);
|
|
if (role != null && !role.isBlank()) out.put("role", role);
|
|
} catch (Exception ignore) { }
|
|
return out;
|
|
}
|
|
}
|
|
|
|
|