@@ -78,7 +78,8 @@ public function token(array $claims): Token
7878 ->setId ($ uniqidtrue )
7979 ->setIssuedAt (time ())
8080 ->setNotBefore (time () + $ this notBefore ())
81- ->setExpiration (time () + $ this ttl ());
81+ ->setExpiration (time () + $ this ttl ())
82+ ->set ('refreshAt ' , time () + $ this refreshTTL ());
8283
8384 foreach ($ claimsas $ key$ claim
8485 $ this builder ->set ($ key$ claim
@@ -216,6 +217,11 @@ public function verify(Token $token = null)
216217 */
217218 protected function validateToken ()
218219 {
220+ // 是否在黑名单
221+ if ($ this manager ->hasBlacklist ($ this token )) {
222+ throw new TokenAlreadyEexpired ('此 Token 已注销,请重新登录 ' , $ this getReloginCode ());
223+ }
224+
219225 // 验证密钥是否与创建签名的密钥一致
220226 if (false === $ this token ->verify ($ this getSigner (), $ this makeSignerKey ())) {
221227 throw new JWTException ('此 Token 与 密钥不匹配 ' , 500 );
@@ -227,18 +233,13 @@ protected function validateToken()
227233 throw new JWTException ('此 Token 暂未可用 ' , 500 );
228234 }
229235
230- // 是否在黑名单
231- if ($ this manager ->hasBlacklist ($ this token )) {
232- throw new TokenAlreadyEexpired ('此 Token 已注销,请重新登录 ' , $ this getReloginCode ());
233- }
234-
235236 // 是否已过期
236- if ($ this token ->isExpired ()) {
237- if (time () < ($ this token ->getClaim ('iat ' ) + $ this refreshTTL ())) {
238- throw new TokenAlreadyEexpired ('Token 已过期,请重新刷新 ' , $ this getAlreadyCode ());
239- } else {
240- throw new TokenAlreadyEexpired ('Token 刷新时间已过,请重新登录 ' , $ this getReloginCode ());
237+ if (true === $ this token ->isExpired ()) {
238+ if (time () <= $ this token ->getClaim ('refreshAt ' )) {
239+ throw new TokenAlreadyEexpired ('Token 已过期,请重新刷新 ' .time () . '- ' . $ this token ->getClaim ('refreshAt ' ), $ this getAlreadyCode ());
241240 }
241+
242+ throw new TokenAlreadyEexpired ('Token 刷新时间已过,请重新登录 ' , $ this getReloginCode ());
242243 }
243244
244245 $ datanew ValidationData ();
0 commit comments