为JWT添加了直接校验token是否有效而不需要提供username的功能。提高其鲁棒性

src/main/java/org/cmh/backend/Utils/JwtUtil.java

@@ -30,14 +30,35 @@ public class JwtUtil {
     }
 
     public static String extractUsername(String token) {
+        try {
             return extractClaims(token).getSubject();
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
+    public static boolean isTokenValid(String token) {
+        try {
+            extractClaims(token);
+        } catch (Exception e) {
+            return false;
+        }
+        return true;
     }
 
     public static boolean isTokenValid(String token, String username) {
+        try {
             return username.equals(extractClaims(token).getSubject()) && !isTokenExpired(token);
+        } catch (Exception e) {
+            return false;
+        }
     }
 
     private static boolean isTokenExpired(String token) {
+        try {
             return extractClaims(token).getExpiration().before(new Date());
+        } catch (Exception e) {
+            return true;
+        }
     }
 }

src/test/java/org/cmh/backend/Utils/JwtUtilTest.java

@@ -43,5 +43,15 @@ public class JwtUtilTest {
         // Validate token expires within 10 hours
         Assert.assertTrue("Token should expire within 10 hours", expirationTime - currentTime <= 1000 * 60 * 60 * 10);
     }
+
+    @Test
+    public void testInvalidToken() {
+        String invalidToken = "invalidToken";
+        String validToken = JwtUtil.generateToken("validUser");
+        Assert.assertFalse("Invalid token should not be valid", JwtUtil.isTokenValid(invalidToken));
+        Assert.assertTrue("Valid token should be able to extract", JwtUtil.isTokenValid(validToken));
+        Assert.assertFalse("Invalid token should not be valid", JwtUtil.isTokenValid(invalidToken, "validUser"));
+        Assert.assertTrue("Valid token should be valid", JwtUtil.isTokenValid(validToken, "validUser"));
+    }
 }