将token令牌存入redis，确保安全性

2026-01-01 21:26:09 +08:00
parent 3d8a32cbf7
commit a004982355
4 changed files with 65 additions and 0 deletions
--- a/src/main/java/com/bao/dating/config/RedisConfig.java
+++ b/src/main/java/com/bao/dating/config/RedisConfig.java
@@ -0,0 +1,25 @@
+package com.bao.dating.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+
+@Configuration
+public class RedisConfig {
+    @Bean
+    public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory redisConnectionFactory) {
+        // 创建RedisTemplate对象
+        RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>();
+        // 设置redis的连接工厂对象
+        redisTemplate.setConnectionFactory(redisConnectionFactory);
+
+        // key 使用 String
+        redisTemplate.setKeySerializer(new StringRedisSerializer());
+        redisTemplate.setValueSerializer(new GenericJackson2JsonRedisSerializer());
+
+        return redisTemplate;
+    }
+}
--- a/src/main/java/com/bao/dating/interceptor/TokenInterceptor.java
+++ b/src/main/java/com/bao/dating/interceptor/TokenInterceptor.java
@@ -7,6 +7,8 @@ import com.bao.dating.context.UserContext;
 import com.bao.dating.util.JwtUtil;
 import io.jsonwebtoken.Claims;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.stereotype.Component;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.HandlerInterceptor;
@@ -19,6 +21,10 @@ import org.springframework.web.servlet.HandlerInterceptor;
@Slf4j
@Component
 public class TokenInterceptor implements HandlerInterceptor {
+
+    @Autowired
+    private RedisTemplate<String, Object> redisTemplate;
+
    /**
     * 在请求处理之前进行拦截
     * 从请求头或URL参数中获取token，验证其有效性，并将用户ID保存到ThreadLocal中
@@ -46,12 +52,26 @@ public class TokenInterceptor implements HandlerInterceptor {
            if (!JwtUtil.validateToken(token)) {
                log.error("Token无效或已过期");
                response.setStatus(401);
+                response.getWriter().write("Token无效或已过期");
                return false;
            }
            
            // 解析 token
            String userId = JwtUtil.getSubjectFromToken(token);

+            // 从Redis获取存储的token进行比对
+            Object redisTokenObj = redisTemplate.opsForValue()
+                    .get("login:token:" + userId);
+            String redisToken = redisTokenObj != null ? redisTokenObj.toString() : null;
+
+            // 验证Redis中的token是否存在且匹配
+            if (redisToken == null || !redisToken.equals(token)) {
+                log.error("登录已失效");
+                response.setStatus(401);
+                response.getWriter().write("登录已失效");
+                return false;
+            }
+
            log.info("用户: {}", userId);
            // 保存 userId 到 ThreadLocal
            UserContext.setUserId(Long.valueOf(userId));
--- a/src/main/java/com/bao/dating/service/impl/UserServiceImpl.java
+++ b/src/main/java/com/bao/dating/service/impl/UserServiceImpl.java
@@ -5,6 +5,7 @@ import com.bao.dating.common.aliyun.GreenImageScan;
 import com.bao.dating.common.aliyun.GreenTextScan;
 import com.bao.dating.common.result.AliOssResult;
 import com.bao.dating.common.result.GreenAuditResult;
+import com.bao.dating.config.RedisConfig;
 import com.bao.dating.context.UserContext;
 import com.bao.dating.mapper.UserMapper;
 import com.bao.dating.pojo.dto.UserInfoUpdateDTO;
@@ -18,6 +19,7 @@ import com.bao.dating.util.JwtUtil;
 import com.bao.dating.util.MD5Util;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.stereotype.Service;
 import org.springframework.web.multipart.MultipartFile;

@@ -27,6 +29,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
+import java.util.concurrent.TimeUnit;

 /**
 * 用户服务实现类
@@ -45,6 +48,9 @@ public class UserServiceImpl implements UserService {
    @Autowired
    private GreenImageScan greenImageScan;

+    @Autowired
+    private RedisTemplate<String, Object> redisTemplate;
+
    @Autowired
    private UserMapper userMapper;

@@ -76,6 +82,15 @@ public class UserServiceImpl implements UserService {
        }
        // 生成token
        String token = JwtUtil.generateToken(String.valueOf(user.getUserId()));
+
+        String redisKey = "login:token:" + user.getUserId();
+        redisTemplate.opsForValue().set(
+                redisKey,
+                token,
+                7,
+                TimeUnit.DAYS
+        );
+
        // 封装返回
        UserLoginVO userLoginVO = new UserLoginVO();
        userLoginVO.setUserId(user.getUserId());