1

zj

21 hours ago f31fc9f42f78de0808e7f4bdc797c5e622df09e3

 trading-order-security-common/src/main/java/com/yami/trading/security/common/manager/TokenStore.java

@@ -172,7 +172,7 @@
                .get(getAccessKey(realAccessToken));

        if (userInfoInTokenBO == null) {
            throw new YamiShopBindException(403,"accessToken 已过期");
            throw new YamiShopBindException(403,"accessToken have expired");
        }
        return userInfoInTokenBO;
    }
@@ -190,7 +190,7 @@
        String accessToken = stringRedisTemplate.opsForValue().get(getRefreshToAccessKey(realRefreshToken));

        if (StrUtil.isBlank(accessToken)) {
            throw new YamiShopBindException(403,"refreshToken 已过期");
            throw new YamiShopBindException(403,"refreshToken have expired");
        }
        UserInfoInTokenBO userInfoInTokenBO = getUserInfoByAccessToken(accessToken,
                false);
@@ -257,15 +257,18 @@
            int expiresIn = getExpiresIn(sysType);
            long second = 1000L;
            if (System.currentTimeMillis() - createTokenTime > expiresIn * second) {
                logger.error("登录token已过期");
                throw new YamiShopBindException(403,"token error");
            }
        }
        catch (Exception e) {
        }catch (Exception e) {
            logger.error("登录token异常"+e.getMessage());
            e.printStackTrace();
            throw new YamiShopBindException(403,"token error");
        }

        // 防止解密后的token是脚本，从而对redis进行攻击，uuid只能是数字和小写字母
        if (!PrincipalUtil.isSimpleChar(decryptToken)) {
            logger.error("token解密异常："+decryptStr);
            throw new YamiShopBindException(403,"token error");
        }
        return decryptToken;