feat(mod): tenant + jwt config + util REQ-MOD-001 (a6ef4aa1) | Commits | 朱子纯 / test

Authored by zichun 2026-04-29 17:00:37 +0800

1 parent ac69e557

Showing 3 changed files with 110 additions and 0 deletions

backend/src/main/java/com/xly/erp/common/security/JwtUtil.java 0 → 100644

		1	+package com.xly.erp.common.security;
		2	+
		3	+import com.xly.erp.common.config.StubSecurityProperties;
		4	+import com.xly.erp.common.exception.BizException;
		5	+import io.jsonwebtoken.Jwts;
		6	+import io.jsonwebtoken.JwtException;
		7	+import org.springframework.beans.factory.annotation.Autowired;
		8	+import org.springframework.stereotype.Component;
		9	+
		10	+import javax.crypto.SecretKey;
		11	+import javax.crypto.spec.SecretKeySpec;
		12	+import java.nio.charset.StandardCharsets;
		13	+import java.time.Duration;
		14	+import java.util.Date;
		15	+
		16	+@Component
		17	+public class JwtUtil {
		18	+
		19	+ private static final Duration TTL = Duration.ofHours(8);
		20	+
		21	+ private final SecretKey key;
		22	+
		23	+ public JwtUtil(String secret) {
		24	+ this.key = new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
		25	+ }
		26	+
		27	+ @Autowired
		28	+ public JwtUtil(StubSecurityProperties props) {
		29	+ this(props.getJwtSecret());
		30	+ }
		31	+
		32	+ public String sign(String userNo) {
		33	+ Date now = new Date();
		34	+ return Jwts.builder()
		35	+ .subject(userNo)
		36	+ .issuedAt(now)
		37	+ .expiration(new Date(now.getTime() + TTL.toMillis()))
		38	+ .signWith(key)
		39	+ .compact();
		40	+ }
		41	+
		42	+ public String parse(String token) {
		43	+ try {
		44	+ return Jwts.parser()
		45	+ .verifyWith(key)
		46	+ .build()
		47	+ .parseSignedClaims(token)
		48	+ .getPayload()
		49	+ .getSubject();
		50	+ } catch (JwtException \| IllegalArgumentException e) {
		51	+ throw new BizException(20001, "未认证或 token 已失效");
		52	+ }
		53	+ }
		54	+}

backend/src/test/java/com/xly/erp/common/security/JwtUtilTest.java 0 → 100644

		1	+package com.xly.erp.common.security;
		2	+
		3	+import com.xly.erp.common.exception.BizException;
		4	+import org.junit.jupiter.api.Test;
		5	+
		6	+import static org.assertj.core.api.Assertions.assertThat;
		7	+import static org.assertj.core.api.Assertions.assertThatThrownBy;
		8	+
		9	+class JwtUtilTest {
		10	+
		11	+ private static final String SECRET = "f8d4be76bff13bf32fa33ca0b14a4b152ad01ca5719f57df18ec4ecf2370b235";
		12	+
		13	+ private final JwtUtil jwtUtil = new JwtUtil(SECRET);
		14	+
		15	+ @Test
		16	+ void signAndParse_roundTrip() {
		17	+ String token = jwtUtil.sign("ALICE001");
		18	+ assertThat(token).isNotBlank();
		19	+ assertThat(jwtUtil.parse(token)).isEqualTo("ALICE001");
		20	+ }
		21	+
		22	+ @Test
		23	+ void parseTamperedToken_throwsBizException20001() {
		24	+ String token = jwtUtil.sign("ALICE001");
		25	+ String tampered = token.substring(0, token.length() - 4) + "XXXX";
		26	+ assertThatThrownBy(() -> jwtUtil.parse(tampered))
		27	+ .isInstanceOf(BizException.class)
		28	+ .hasFieldOrPropertyWithValue("code", 20001);
		29	+ }
		30	+
		31	+ @Test
		32	+ void parseGarbageToken_throwsBizException20001() {
		33	+ assertThatThrownBy(() -> jwtUtil.parse("not.a.real.jwt"))
		34	+ .isInstanceOf(BizException.class)
		35	+ .hasFieldOrPropertyWithValue("code", 20001);
		36	+ }
		37	+}

backend/src/test/java/com/xly/erp/common/security/TestJwtHelper.java 0 → 100644

		1	+package com.xly.erp.common.security;
		2	+
		3	+import org.springframework.beans.factory.annotation.Autowired;
		4	+import org.springframework.stereotype.Component;
		5	+
		6	+@Component
		7	+public class TestJwtHelper {
		8	+
		9	+ private final JwtUtil jwtUtil;
		10	+
		11	+ @Autowired
		12	+ public TestJwtHelper(JwtUtil jwtUtil) {
		13	+ this.jwtUtil = jwtUtil;
		14	+ }
		15	+
		16	+ public String signFor(String userNo) {
		17	+ return jwtUtil.sign(userNo);
		18	+ }
		19	+}