代码漏洞修复

soc-common/soc-common-core/src/main/java/com/xunmei/common/core/config/StaticInitializerUtil.java

@@ -0,0 +1,23 @@
+package com.xunmei.common.core.config;
+
+import com.xunmei.common.core.utils.JwtUtils;
+import io.jsonwebtoken.Jwt;
+import org.springframework.stereotype.Component;
+
+/**
+ * @author gaoxiong
+ * @Title: 代理类初始化jwt
+ * @Package
+ * @Description:
+ * @date 2023/11/2916:18
+ */
+@Component
+public class StaticInitializerUtil {
+
+    private TokenSettings tokenSettings;
+
+    public StaticInitializerUtil(TokenSettings tokenSettings){
+
+        JwtUtils.setTokenSettings(tokenSettings);
+    }
+}

soc-common/soc-common-core/src/main/java/com/xunmei/common/core/config/TokenSettings.java

@@ -0,0 +1,22 @@
+package com.xunmei.common.core.config;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * @author gaoxiong
+ * @Title: token密钥配置类读取
+ * @Package
+ * @Description:
+ * @date 2023/11/2916:13
+ */
+@ConfigurationProperties(prefix = "jwt")
+@Configuration
+@Data
+public class TokenSettings {
+
+    private String secretKey;
+
+    private String issuer;
+}

soc-common/soc-common-core/src/main/java/com/xunmei/common/core/constant/TokenConstants.java

@@ -20,6 +20,6 @@ public class TokenConstants
     /**
      * 令牌秘钥
      */
-    public final static String SECRET = "abcdefghijklmnopqrstuvwxyz";
+    //public final static String SECRET = "abcdefghijklmnopqrstuvwxyz";
 
 }

soc-common/soc-common-core/src/main/java/com/xunmei/common/core/utils/JwtUtils.java

@@ -1,7 +1,7 @@
 package com.xunmei.common.core.utils;
 
+import com.xunmei.common.core.config.TokenSettings;
 import com.xunmei.common.core.constant.SecurityConstants;
-import com.xunmei.common.core.constant.TokenConstants;
 import com.xunmei.common.core.text.Convert;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
@@ -16,7 +16,31 @@ import java.util.Map;
  */
 public class JwtUtils
 {
-    public static String secret = TokenConstants.SECRET;
+
+    private static String secretKey;
+
+    private static String issuer;
+
+    public static void setTokenSettings(TokenSettings tokenSettings){
+        secretKey = tokenSettings.getSecretKey();
+        issuer = tokenSettings.getIssuer();
+    }
+
+    public static String getSecretKey() {
+        return secretKey;
+    }
+
+    public static void setSecretKey(String secretKey) {
+        JwtUtils.secretKey = secretKey;
+    }
+
+    public static String getIssuer() {
+        return issuer;
+    }
+
+    public static void setIssuer(String issuer) {
+        JwtUtils.issuer = issuer;
+    }
 
     /**
      * 从数据声明生成令牌
@@ -26,7 +50,7 @@ public class JwtUtils
      */
     public static String createToken(Map<String, Object> claims)
     {
-        String token = Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.HS512, secret).compact();
+        String token = Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.HS512, secretKey).compact();
         return token;
     }
 
@@ -38,7 +62,7 @@ public class JwtUtils
      */
     public static Claims parseToken(String token)
     {
-        return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
+        return Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token).getBody();
     }
 
     /**

soc-common/soc-common-core/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

@@ -1,2 +1,4 @@
 com.xunmei.common.core.utils.SpringUtils
 com.xunmei.common.core.config.MybatisPlusConfig
+com.xunmei.common.core.config.TokenSettings
+com.xunmei.common.core.config.StaticInitializerUtil