dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clean code

Browse Source
This commit is contained in:
oyurov 2022-11-02 14:07:49 +01:00
parent 6d34aa237c
commit 3ab1f34594
8 changed files with 25 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
application/src/main/java/org/thingsboard/server/service/security/auth/TokenOutdatingService.java
View File

@ -19,66 +19,42 @@ import io.jsonwebtoken.Claims;
import lombok.RequiredArgsConstructor;
import org.springframework.context.event.EventListener;
import org.springframework.stereotype.Service;
import org.thingsboard.server.cache.TbCacheValueWrapper;
import org.springframework.util.StringUtils;
import org.thingsboard.server.cache.TbTransactionalCache;
import org.thingsboard.server.common.data.id.UserId;
import org.thingsboard.server.common.data.security.event.UserAuthDataChangedEvent;
import org.thingsboard.server.common.data.security.model.JwtToken;
import org.thingsboard.server.config.JwtSettings;
import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
import java.util.Optional;
import static java.util.concurrent.TimeUnit.MILLISECONDS;
import static java.util.concurrent.TimeUnit.SECONDS;
@Service
@RequiredArgsConstructor
public class TokenOutdatingService {
private final TbTransactionalCache<String, Long> cache;
private final JwtTokenFactory tokenFactory;
private final JwtSettings jwtSettings;
@EventListener(classes = UserAuthDataChangedEvent.class)
public void onUserAuthDataChanged(UserAuthDataChangedEvent event) {
cache.put(event.getId(), event.getTs());
if (StringUtils.hasText(event.getId())) {
cache.put(event.getId(), event.getTs());
}
}
public boolean isOutdated(JwtToken token, UserId userId) {
Claims claims = tokenFactory.parseTokenClaims(token).getBody();
long issueTime = claims.getIssuedAt().getTime();
String sessionId = claims.get("sessionId", String.class);
Boolean isUserIdOutdated = Optional.ofNullable(cache.get(userId.toString()))
.map(outdatageTimeByUserId -> {
if (refreshTokenNotExpired(outdatageTimeByUserId.get(), System.currentTimeMillis())) {
return accessTokenNotExpired(issueTime, outdatageTimeByUserId.get());
} else {
return false;
}
})
.orElse(false);
if (!isUserIdOutdated) {
return Optional.ofNullable(cache.get(sessionId)).map(outdatageTimeBySessionId -> {
if (refreshTokenNotExpired(outdatageTimeBySessionId.get(), System.currentTimeMillis())) {
return accessTokenNotExpired(issueTime, outdatageTimeBySessionId.get());
} else {
return false;
}
}
).orElse(false);
}
return isUserIdOutdated;
String sessionId = claims.get("sessionId", String.class) == null ? "" : claims.get("sessionId", String.class);
return isTokenOutdated(issueTime, userId.toString()) || isTokenOutdated(issueTime, sessionId);
}
private boolean accessTokenNotExpired(long issueTime, Long outdatageTime) {
private Boolean isTokenOutdated(long issueTime, String sessionId) {
return Optional.ofNullable(cache.get(sessionId)).map(outdatageTime -> isTokenOutdated(issueTime, outdatageTime.get())).orElse(false);
}
private boolean isTokenOutdated(long issueTime, Long outdatageTime) {
return MILLISECONDS.toSeconds(issueTime) < MILLISECONDS.toSeconds(outdatageTime);
}
private boolean refreshTokenNotExpired(Long outdatageTime, long currentTime) {
return currentTime - outdatageTime <= SECONDS.toMillis(jwtSettings.getRefreshTokenExpTime());
}
}

3
application/src/main/resources/thingsboard.yml
View File

@ -421,7 +421,8 @@ cache:
timeToLiveInMinutes: "${CACHE_SPECS_ATTRIBUTES_TTL:1440}"
maxSize: "${CACHE_SPECS_ATTRIBUTES_MAX_SIZE:100000}"
usersUpdateTime:
timeToLiveInMinutes: "${CACHE_SPECS_USERS_UPDATE_TIME_TTL:20000}"
# MUST be the same as jwt refresh token expiration time, the value here represents 604800 seconds in minutes
timeToLiveInMinutes: "${CACHE_SPECS_USERS_UPDATE_TIME_TTL:10080}"
maxSize: "${CACHE_SPECS_USERS_UPDATE_TIME_MAX_SIZE:10000}"
otaPackages:
timeToLiveInMinutes: "${CACHE_SPECS_OTA_PACKAGES_TTL:60}"

6
application/src/test/java/org/thingsboard/server/service/security/auth/TokenOutdatingTest.java
View File

@ -32,7 +32,6 @@ import org.thingsboard.server.common.data.User;
import org.thingsboard.server.common.data.id.UserId;
import org.thingsboard.server.common.data.security.Authority;
import org.thingsboard.server.common.data.security.UserCredentials;
import org.thingsboard.server.common.data.security.event.UserAuthDataChangedEvent;
import org.thingsboard.server.common.data.security.event.UserCredentialsInvalidationEvent;
import org.thingsboard.server.common.data.security.event.UserSessionInvalidationEvent;
import org.thingsboard.server.common.data.security.model.JwtToken;
@ -70,7 +69,8 @@ import static org.mockito.Mockito.when;
"security.jwt.tokenIssuer=test.io",
"security.jwt.tokenSigningKey=secret",
"security.jwt.tokenExpirationTime=600",
"security.jwt.refreshTokenExpTime=10"
"security.jwt.refreshTokenExpTime=60",
"cache.specs.usersUpdateTime.timeToLiveInMinutes=1"
})
public class TokenOutdatingTest {
private JwtAuthenticationProvider accessTokenAuthenticationProvider;
@ -160,7 +160,7 @@ public class TokenOutdatingTest {
assertTrue(tokenOutdatingService.isOutdated(jwtToken, securityUser.getId()));
SECONDS.sleep(10);
SECONDS.sleep(60);
assertFalse(tokenOutdatingService.isOutdated(jwtToken, securityUser.getId()));
}

8
common/cache/src/main/java/org/thingsboard/server/cache/usersUpdateTime/UsersUpdateTimeCaffeineCache.java → common/cache/src/main/java/org/thingsboard/server/cache/usersUpdateTime/UsersSessionInvalidationCaffeineCache.java vendored
View File

@ -24,11 +24,11 @@ import org.thingsboard.server.common.data.CacheConstants;
@ConditionalOnProperty(prefix = "cache", value = "type", havingValue = "caffeine", matchIfMissing = true)
@Service("UsersUpdateTimeCache")
public class UsersUpdateTimeCaffeineCache extends CaffeineTbTransactionalCache<String, Long> {
@Service("UsersSessionInvalidation")
public class UsersSessionInvalidationCaffeineCache extends CaffeineTbTransactionalCache<String, Long> {
@Autowired
public UsersUpdateTimeCaffeineCache(CacheManager cacheManager) {
super(cacheManager, CacheConstants.USERS_UPDATE_TIME_CACHE);
public UsersSessionInvalidationCaffeineCache(CacheManager cacheManager) {
super(cacheManager, CacheConstants.USERS_SESSION_INVALIDATION_CACHE);
}
}

8
common/cache/src/main/java/org/thingsboard/server/cache/usersUpdateTime/UserUpdateTimeRedisCache.java → common/cache/src/main/java/org/thingsboard/server/cache/usersUpdateTime/UsersSessionInvalidationRedisCache.java vendored
View File

@ -26,11 +26,11 @@ import org.thingsboard.server.cache.TbFSTRedisSerializer;
import org.thingsboard.server.common.data.CacheConstants;
@ConditionalOnProperty(prefix = "cache", value = "type", havingValue = "redis")
@Service("UsersUpdateTimeCache")
public class UserUpdateTimeRedisCache extends RedisTbTransactionalCache<String, Long> {
@Service("UsersSessionInvalidation")
public class UsersSessionInvalidationRedisCache extends RedisTbTransactionalCache<String, Long> {
@Autowired
public UserUpdateTimeRedisCache(TBRedisCacheConfiguration configuration, CacheSpecsMap cacheSpecsMap, RedisConnectionFactory connectionFactory) {
super(CacheConstants.USERS_UPDATE_TIME_CACHE, cacheSpecsMap, connectionFactory, configuration, new TbFSTRedisSerializer<>());
public UsersSessionInvalidationRedisCache(TBRedisCacheConfiguration configuration, CacheSpecsMap cacheSpecsMap, RedisConnectionFactory connectionFactory) {
super(CacheConstants.USERS_SESSION_INVALIDATION_CACHE, cacheSpecsMap, connectionFactory, configuration, new TbFSTRedisSerializer<>());
}
}

23
common/cache/src/main/java/org/thingsboard/server/cache/usersUpdateTime/UsersUpdateTimeCacheEvictEvent.java vendored
View File

@ -1,23 +0,0 @@
/**
* Copyright © 2016-2022 The Thingsboard Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.thingsboard.server.cache.usersUpdateTime;
import lombok.Data;
@Data
public class UsersUpdateTimeCacheEvictEvent {
private final String key;
}

2
common/data/src/main/java/org/thingsboard/server/common/data/CacheConstants.java
View File

@ -32,7 +32,7 @@ public class CacheConstants {
public static final String ASSET_PROFILE_CACHE = "assetProfiles";
public static final String ATTRIBUTES_CACHE = "attributes";
public static final String USERS_UPDATE_TIME_CACHE = "usersUpdateTime";
public static final String USERS_SESSION_INVALIDATION_CACHE = "usersUpdateTime";
public static final String OTA_PACKAGE_CACHE = "otaPackages";
public static final String OTA_PACKAGE_DATA_CACHE = "otaPackagesData";
public static final String REPOSITORY_SETTINGS_CACHE = "repositorySettings";

3
common/data/src/main/java/org/thingsboard/server/common/data/security/event/UserAuthDataChangedEvent.java
View File

@ -15,9 +15,6 @@
*/
package org.thingsboard.server.common.data.security.event;
import lombok.Data;
import org.thingsboard.server.common.data.id.UserId;
import java.io.Serializable;
public abstract class UserAuthDataChangedEvent implements Serializable {