package com.vibevault.security; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.security.Keys; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; import javax.crypto.SecretKey; import java.nio.charset.StandardCharsets; import java.util.Date; /** * JWT 服务 * * 需要实现: * - 生成 JWT token(包含用户名) * - 从 token 中提取用户名 * - 验证 token 是否有效(未过期、签名正确) */ @Service public class JwtService { @Value("${jwt.secret:your-secret-key-here-should-be-at-least-256-bits-long-for-hs256}") private String secret; @Value("${jwt.expiration:86400000}") private long expiration; /** * 为用户生成 JWT token */ public String generateToken(String username) { Date now = new Date(); Date expirationDate = new Date(now.getTime() + expiration); return Jwts.builder() .subject(username) .issuedAt(now) .expiration(expirationDate) .signWith(getSigningKey()) .compact(); } /** * 从 token 中提取用户名 */ public String extractUsername(String token) { return Jwts.parser() .verifyWith(getSigningKey()) .build() .parseSignedClaims(token) .getPayload() .getSubject(); } /** * 验证 token 是否有效 */ public boolean isTokenValid(String token, String username) { try { String extractedUsername = extractUsername(token); Date expirationDate = Jwts.parser() .verifyWith(getSigningKey()) .build() .parseSignedClaims(token) .getPayload() .getExpiration(); Date now = new Date(); return username.equals(extractedUsername) && expirationDate.after(now); } catch (Exception e) { // 任何异常都表示 token 无效 return false; } } /** * 验证 token 是否对特定用户有效 */ public boolean isTokenValid(String token, com.vibevault.model.User user) { return isTokenValid(token, user.getUsername()); } /** * 获取签名密钥 */ private SecretKey getSigningKey() { return Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8)); } }