为JWT添加了直接校验token是否有效而不需要提供username的功能。提高其鲁棒性

2024-07-01 18:39:08 +08:00 · 2024-07-01 18:39:08 +08:00 · c863f1023b
commit c863f1023b
parent aa9e0d8804
2 changed files with 34 additions and 3 deletions
--- a/src/main/java/org/cmh/backend/Utils/JwtUtil.java
+++ b/src/main/java/org/cmh/backend/Utils/JwtUtil.java
@ -30,14 +30,35 @@ public class JwtUtil {
    }

    public static String extractUsername(String token) {
-        return extractClaims(token).getSubject();
+        try {
+            return extractClaims(token).getSubject();
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
+    public static boolean isTokenValid(String token) {
+        try {
+            extractClaims(token);
+        } catch (Exception e) {
+            return false;
+        }
+        return true;
    }

    public static boolean isTokenValid(String token, String username) {
-        return username.equals(extractClaims(token).getSubject()) && !isTokenExpired(token);
+        try {
+            return username.equals(extractClaims(token).getSubject()) && !isTokenExpired(token);
+        } catch (Exception e) {
+            return false;
+        }
    }

    private static boolean isTokenExpired(String token) {
-        return extractClaims(token).getExpiration().before(new Date());
+        try {
+            return extractClaims(token).getExpiration().before(new Date());
+        } catch (Exception e) {
+            return true;
+        }
    }
 }
--- a/src/test/java/org/cmh/backend/Utils/JwtUtilTest.java
+++ b/src/test/java/org/cmh/backend/Utils/JwtUtilTest.java
@ -43,5 +43,15 @@ public class JwtUtilTest {
        // Validate token expires within 10 hours
        Assert.assertTrue("Token should expire within 10 hours", expirationTime - currentTime <= 1000 * 60 * 60 * 10);
    }
+
+    @Test
+    public void testInvalidToken() {
+        String invalidToken = "invalidToken";
+        String validToken = JwtUtil.generateToken("validUser");
+        Assert.assertFalse("Invalid token should not be valid", JwtUtil.isTokenValid(invalidToken));
+        Assert.assertTrue("Valid token should be able to extract", JwtUtil.isTokenValid(validToken));
+        Assert.assertFalse("Invalid token should not be valid", JwtUtil.isTokenValid(invalidToken, "validUser"));
+        Assert.assertTrue("Valid token should be valid", JwtUtil.isTokenValid(validToken, "validUser"));
+    }
 }