增加token超时已过期认证，修改接口根据token获取用户信息

2025-10-31 15:45:00 +08:00 · 2025-10-31 15:45:00 +08:00 · c72efce288
commit c72efce288
parent bbd56036b7
3 changed files with 22 additions and 23 deletions
--- a/src/dao/auth.lua
+++ b/src/dao/auth.lua
@ -69,4 +69,8 @@ function _M.logout(jsonData)
    return code, ret
 end

+function _M.getUser(userid)
+    return userModel:find(userid)
+end
+
 return _M
--- a/src/service/auth/auth.lua
+++ b/src/service/auth/auth.lua
@ -41,7 +41,7 @@ function _M.login()
    end

    --获取的登陆的用户信息，返回tocken
-    ngx.log(ngx.INFO, "userid:"..id.." username:"..username)
+    --ngx.log(ngx.INFO, "userid:"..id.." username:"..username)
    local jwt_token = token.generateToken(id, username)
    local data = {}
    data["token"] = jwt_token
@ -99,7 +99,6 @@ function _M.logout()
        return
    end
    --验证成功记录登出的日志信息
-    ngx.log(ngx.INFO, cjson.encode(ret["body"]))
    local userid = ret["body"]["payload"]["userid"]
    local username = ret["body"]["payload"]["username"]
    ngx.log(ngx.INFO, "userid:"..userid.." username:"..username.." logout system")
@ -109,36 +108,28 @@ end

 --根据token获取用户信息
 function _M.user()
-    --读取请求体的数据
-    ngx.req.read_body()
-    --获取请求数据
-    local body_data = ngx.req.get_body_data()
-    -- 验证数据是否符合json
-    local retJson = validator.validatorJson(body_data)
+    --获取请求头中的令牌数据
+    local auth_header = ngx.var.http_Authorization
+    --验证数据的正确性
+    local retToken = token.authorizationToken(auth_header)
    --验证失败则返回
-    if not retJson then
-        local result = resp:json(0x000001)
+    local code = retToken["code"]
+    if code ~= 200 then
+        local result = resp:json(code, retToken["message"])
        resp:send(result)
        return
    end
-    --ngx.say(body_data)
-    local code, ret = authDao.login(cjson.decode(body_data))
+    --验证成功获取用户id信息
+    local userid = retToken["body"]["payload"]["userid"]
+    local code, ret = authDao.getUser(userid)
    --读取数据错误
    if code ~= 0 or table.getn(ret) < 0 then
        local result = resp:json(0x000001)
        resp:send(result)
        return
    end
-    --获取的登陆的用户信息，返回tocken
-    obj.payload.userid = ret["id"]
-    obj.payload.username = ret["name"]
-    obj.payload.role = ""
-    local jwt_token = jwt:sign(conf.secret_key, obj)
-    --ngx.say(jwt_token)
-    local data = {}
-    data["token"] = jwt_token
-    data["userInfo"] = ret
-    local result = resp:json(code, data)
+    --获取的登陆的用户信息
+    local result = resp:json(code, ret)
    resp:send(result)
 end

--- a/src/util/token.lua
+++ b/src/util/token.lua
@ -64,7 +64,11 @@ function _M.authorizationToken(auth_header)
        return response
    end
    --判断token是否超时
-
+    if jwt_obj.payload.exp and ngx.time() > jwt_obj.payload.exp then
+        response["code"] = 401
+        response["message"] = "令牌已过期"
+        return response
+    end
    --全部校验完成后，说明令牌有效，返回令牌数据
    response["code"] = 200
    response["message"] = "令牌校验通过"