黑白名单优化

Author: edenleung

src/Blacklist.php

@@ -14,6 +14,7 @@
 use xiaodi\JWTAuth\Exception\JWTInvalidArgumentException;
 use xiaodi\JWTAuth\Exception\TokenAlreadyEexpired;
 use xiaodi\JWTAuth\Handle\RequestToken;
+use think\Container;
 
 class Jwt
 {
@@ -41,8 +42,9 @@ public function __construct(App $app, $store = null)
 
     public function store(string $name = '')
     {
-        $jwt = app('jwt', ['store' => $name], true);
+        $jwt = Container::getInstance()->make(Jwt::class, ['store' => $name], true);
         $this->app->bind('jwt',  $jwt);
+        
         return $jwt;
     }
 
@@ -119,6 +121,8 @@ public function token(array $claims): Token
             ->setExpiration($exp)
             ->set('refreshAt', $refreshAt);
 
+        $builder->set('store', $this->store);
+
         foreach ($claims as $key => $claim) {
             $builder->set($key, $claim);
         }

src/Jwt.php

@@ -5,14 +5,28 @@
 namespace xiaodi\JWTAuth;
 
 use Lcobucci\JWT\Token;
+use Lcobucci\JWT\Parser;
+use think\App;
 
 class Manager
 {
-    private $blacklist;
+    protected $store;
+    protected $cache;
 
-    public function __construct(Blacklist $blacklist)
+    public function __construct(App $app)
     {
-        $this->blacklist = $blacklist;
+        $this->app = $app;
+        $this->cache = $this->getDefaultCache();
+    }
+
+    /**
+     * 获取 缓存驱动.
+     *
+     * @return void
+     */
+    protected function getDefaultCache()
+    {
+        return $this->app->cache;
     }
 
     /**
@@ -24,8 +38,96 @@ public function __construct(Blacklist $blacklist)
      */
     public function login(Token $token)
     {
-        // TODO 但凡获取新token后 都把以前的注销(黑名单)
-        // $jti = $token->getClaim('jti');
+        $jti = $token->getClaim('jti');
+        $store = $token->getClaim('store');
+
+        if ($jwt = $this->getUidToken($jti, $store)) {
+            $oldToken = (new Parser)->parse($jwt);
+            $this->addBlackList($oldToken);
+        }
+
+        $this->addWhitelist($token);
+    }
+
+    /**
+     * 加入白名单.
+     *
+     * @param Token $token
+     *
+     * @return void
+     */
+    public function addWhitelist(Token $token)
+    {
+        $jti = $token->getClaim('jti');
+        $store = $token->getClaim('store');
+        $key = $this->getUidWhiteKey($jti, $store);
+        $exp = $token->getClaim('exp') - time();
+
+        $this->cache->set($key, (string) $token, $exp);
+        $this->addWhiteStore($store, $key);
+    }
+
+    /**
+     * 加入缓存用户已登录的应用
+     * 
+     * @param [type] $store
+     * @param [type] $value
+     * @return void
+     */
+    protected function addWhiteStore($store, $value)
+    {
+        $key = 'jwt' . ':' . 'whitelist' . ':' . $store;
+        $this->cache->push($key, $value);
+    }
+
+    /**
+     * 加入黑名单
+     *
+     * @return void
+     */
+    public function addBlackList(Token $token)
+    {
+        $jti = $token->getClaim('jti');
+        $store = $token->getClaim('store');
+        $key = $this->getUidBlackKey($jti, $store);
+
+        $exp = $token->getClaim('exp') - time();
+        $key .= ':' . md5((string)$token);
+        $this->cache->set($key, (string) $token, $exp);
+    }
+
+    /**
+     * 获取用户最新token
+     *
+     * @param [type] $jti
+     * @return void
+     */
+    public function getUidToken($jti, $store)
+    {
+        $key = $this->getUidWhiteKey($jti, $store);
+        return $this->cache->get($key);
+    }
+
+    /**
+     * 获取jti 白名单 key
+     *
+     * @param string $jti
+     * @return string
+     */
+    public function getUidWhiteKey($jti, $store)
+    {
+        return 'jwt' . ':' . 'whitelist' . ':' . $store . ':' . $jti;
+    }
+
+    /**
+     * 获取jti 黑名单 key
+     *
+     * @param [type] $jti
+     * @return void
+     */
+    public function getUidBlackKey($jti, $store)
+    {
+        return 'jwt' . ':' . 'blacklist' . ':' . $store . ':' . $jti;
     }
 
     /**
@@ -37,7 +139,7 @@ public function login(Token $token)
      */
     public function logout(Token $token)
     {
-        $this->blacklist->add($token);
+        $this->addBlackList($token);
     }
 
     /**
@@ -49,7 +151,6 @@ public function logout(Token $token)
      */
     public function refresh(Token $token)
     {
-        // 注销此Token
         $this->logout($token);
     }
 
@@ -62,6 +163,37 @@ public function refresh(Token $token)
      */
     public function hasBlacklist(Token $token)
     {
-        return $this->blacklist->has($token);
+        $jti = $token->getClaim('jti');
+        $store = $token->getClaim('store');
+        $key = $this->getUidBlackKey($jti, $store);
+        $key .= ':' . md5((string)$token);
+        return $this->cache->has($key);
+    }
+
+    /**
+     * 删除应用所有白名单内的Token
+     *
+     * @param [type] $store
+     * @return void
+     */
+    public function resetStoreWhiteToken($store)
+    {
+        $key = 'jwt' . ':' . 'whitelist' . ':' . $store;
+
+        $keys = $this->cache->get($key);
+
+        $parse = new Parser();
+        if ($keys) {
+            foreach($keys as $item) {
+                $token = $this->cache->get($item);
+                if ($token) {
+                    $this->cache->delete($item);
+                    $token = $parse->parse($token);
+                    $store = $token->getClaim('store');
+                    $this->addBlackList($token, $store);
+                }
+            }
+            $this->cache->delete($key);
+        }
     }
 }