onixbyte/helix-server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

perf: 性能优化

Browse Source 
使用全局唯一 JWT Verifier 实例
This commit is contained in:
siujamo
2025-12-31 09:46:28 +08:00
parent 659d123f2b
commit c74a67cdc6
3 changed files with 36 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/main/java/com/onixbyte/helix/client/TokenClient.java
+18 -1
View File
@@ -1,7 +1,9 @@
package com.onixbyte.helix.client; package com.onixbyte.helix.client;
import com.auth0.jwt.JWT; import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.onixbyte.helix.domain.entity.User; import com.onixbyte.helix.domain.entity.User;
import com.onixbyte.helix.properties.TokenProperties; import com.onixbyte.helix.properties.TokenProperties;
import com.onixbyte.helix.utils.DateTimeUtil; import com.onixbyte.helix.utils.DateTimeUtil;
@@ -24,6 +26,7 @@ public class TokenClient {
private final Algorithm algorithm; private final Algorithm algorithm;
private final TokenProperties tokenProperties; private final TokenProperties tokenProperties;
private final JWTVerifier verifier;
/** /**
* Constructs a new TokenClient with the necessary algorithm and token properties. * Constructs a new TokenClient with the necessary algorithm and token properties.
@@ -33,9 +36,10 @@ public class TokenClient {
* validity period * validity period
*/ */
@Autowired @Autowired
public TokenClient(Algorithm algorithm, TokenProperties tokenProperties) { public TokenClient(Algorithm algorithm, TokenProperties tokenProperties, JWTVerifier verifier) {
this.algorithm = algorithm; this.algorithm = algorithm;
this.tokenProperties = tokenProperties; this.tokenProperties = tokenProperties;
this.verifier = verifier;
} }
/** /**
@@ -56,4 +60,17 @@ public class TokenClient {
.withExpiresAt(DateTimeUtil.asInstant(expiresAt)) .withExpiresAt(DateTimeUtil.asInstant(expiresAt))
.sign(algorithm); .sign(algorithm);
} }
/**
* Verify and decode token.
*
* @param token a JWT token
* @return information included in the given token
* @throws com.auth0.jwt.exceptions.JWTVerificationException if the token is invalid, such as
* expired, or not signed by
* specific server
*/
public DecodedJWT verifyToken(String token) {
return verifier.verify(token);
}
} }
src/main/java/com/onixbyte/helix/config/SecurityConfig.java
+9
View File
@@ -1,5 +1,7 @@
package com.onixbyte.helix.config; package com.onixbyte.helix.config;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.algorithms.Algorithm;
import com.onixbyte.helix.filter.TokenAuthenticationFilter; import com.onixbyte.helix.filter.TokenAuthenticationFilter;
import com.onixbyte.helix.properties.CorsProperties; import com.onixbyte.helix.properties.CorsProperties;
@@ -206,4 +208,11 @@ public class SecurityConfig {
public Algorithm algorithm(TokenProperties properties) { public Algorithm algorithm(TokenProperties properties) {
return Algorithm.HMAC256(properties.secret()); return Algorithm.HMAC256(properties.secret());
} }
@Bean
public JWTVerifier verifier(Algorithm algorithm, TokenProperties tokenProperties) {
return JWT.require(algorithm)
.withIssuer(tokenProperties.issuer())
.build();
}
} }
src/main/java/com/onixbyte/helix/filter/TokenAuthenticationFilter.java
+9 -8
View File
@@ -3,6 +3,7 @@ package com.onixbyte.helix.filter;
import com.auth0.jwt.JWT; import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException; import com.auth0.jwt.exceptions.JWTVerificationException;
import com.onixbyte.helix.client.TokenClient;
import com.onixbyte.helix.manager.AuthorityManager; import com.onixbyte.helix.manager.AuthorityManager;
import com.onixbyte.helix.manager.UserManager; import com.onixbyte.helix.manager.UserManager;
import com.onixbyte.helix.security.authentication.UsernamePasswordAuthentication; import com.onixbyte.helix.security.authentication.UsernamePasswordAuthentication;
@@ -26,14 +27,18 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
private final static Logger log = LoggerFactory.getLogger(TokenAuthenticationFilter.class); private final static Logger log = LoggerFactory.getLogger(TokenAuthenticationFilter.class);
private final Algorithm algorithm;
private final UserManager userManager; private final UserManager userManager;
private final AuthorityManager authorityManager; private final AuthorityManager authorityManager;
private final TokenClient tokenClient;
public TokenAuthenticationFilter(Algorithm algorithm, UserManager userManager, AuthorityManager authorityManager) { public TokenAuthenticationFilter(
this.algorithm = algorithm; UserManager userManager,
AuthorityManager authorityManager,
TokenClient tokenClient
) {
this.userManager = userManager; this.userManager = userManager;
this.authorityManager = authorityManager; this.authorityManager = authorityManager;
this.tokenClient = tokenClient;
} }
@Override @Override
@@ -54,12 +59,8 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
} }
token = token.substring(7); token = token.substring(7);
var verifier = JWT.require(algorithm)
.withIssuer("Helix Server")
.build();
try { try {
var decodedToken = verifier.verify(token); var decodedToken = tokenClient.verifyToken(token);
var username = decodedToken.getSubject(); var username = decodedToken.getSubject();
var user = userManager.selectByUsername(username); var user = userManager.selectByUsername(username);