feat(learning-auth): add optional JWT learning flow with secure demo endpoint

2026-03-09 02:11:49 +08:00
parent 8f93488989
commit efcfe7e012
11 changed files with 322 additions and 1 deletions
--- a/src/main/java/com/example/demo/security/LearningJwtUtil.java
+++ b/src/main/java/com/example/demo/security/LearningJwtUtil.java
@@ -0,0 +1,54 @@
+package com.example.demo.security;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.SecretKey;
+import java.nio.charset.StandardCharsets;
+import java.util.Date;
+import java.util.Map;
+
+@Component
+public class LearningJwtUtil {
+
+    @Value("${learning.auth.jwt.secret}")
+    private String secret;
+
+    @Value("${learning.auth.jwt.expiration:86400000}")
+    private long expiration;
+
+    private SecretKey key() {
+        return Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8));
+    }
+
+    public String generateToken(String username) {
+        Date now = new Date();
+        return Jwts.builder()
+                .claims(Map.of("username", username))
+                .subject(username)
+                .issuedAt(now)
+                .expiration(new Date(now.getTime() + expiration))
+                .signWith(key(), Jwts.SIG.HS256)
+                .compact();
+    }
+
+    public boolean validate(String token) {
+        try {
+            parse(token);
+            return true;
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+    public String username(String token) {
+        return parse(token).getSubject();
+    }
+
+    private Claims parse(String token) {
+        return Jwts.parser().verifyWith(key()).build().parseSignedClaims(token).getPayload();
+    }
+}