render-slot-catfactsdaily/src/main/java/com/example/catfactsdaily/service/JwtService.java at main · Eyelor/render-slot-catfactsdaily · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
package com.example.catfactsdaily.service;

import com.example.catfactsdaily.entity.TokenBlacklisted;
import com.example.catfactsdaily.repository.TokenBlacklistedRepository;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Isolation;
import org.springframework.transaction.annotation.Transactional;

import java.security.Key;
import java.security.Principal;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;

@Service
public class JwtService {

    private static final Logger logger = LoggerFactory.getLogger(JwtService.class);

    @Value("${security.jwt.secret-key}")
    private String secretKey;

    @Value("${security.jwt.expiration-time}")
    private Long jwtExpiration;

    private final TokenBlacklistedRepository tokenBlacklistedRepository;

    @Autowired
    public JwtService(TokenBlacklistedRepository tokenBlacklistedRepository) {
        this.tokenBlacklistedRepository = tokenBlacklistedRepository;
    }

    public String extractUsername(String token) {
        return extractClaim(token, Claims::getSubject);
    }

    public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
        final Claims claims = extractAllClaims(token);
        return claimsResolver.apply(claims);
    }

    public String generateToken(UserDetails userDetails, Integer userId) {
        return generateToken(new HashMap<>(), userDetails, userId);
    }

    public String generateToken(Map<String, Object> extraClaims, UserDetails userDetails, Integer userId) {
        extraClaims.put("userId", userId);
        return buildToken(extraClaims, userDetails, jwtExpiration);
    }

    public Integer extractUserId(String token) {
        Claims claims = extractAllClaims(token);
        Integer userId = claims.get("userId", Integer.class);
        logger.info("Extracted userId from token: {}", userId);
        return userId;
    }

    public Integer extractUserIdFromPrincipal(Principal principal) {
        if (principal instanceof UsernamePasswordAuthenticationToken authToken) {
            String token = (String) authToken.getDetails();
            Integer userId = extractUserId(token);
            logger.info("Extracted userId from principal: {}", userId);
            return userId;
        }
        throw new IllegalArgumentException("Invalid principal");
    }

    public Long getExpirationTime() {
        return jwtExpiration;
    }

    private String buildToken(
            Map<String, Object> extraClaims,
            UserDetails userDetails,
            Long expiration
    ) {
        return Jwts
                .builder()
                .setClaims(extraClaims)
                .setSubject(userDetails.getUsername())
                .setIssuedAt(new Date(System.currentTimeMillis()))
                .setExpiration(new Date(System.currentTimeMillis() + expiration))
                .signWith(getSignInKey(), SignatureAlgorithm.HS256)
                .compact();
    }

    public Boolean isTokenValid(String token, UserDetails userDetails) {
        final String username = extractUsername(token);
        return (username.equals(userDetails.getUsername())) && !isTokenExpired(token) && !isTokenBlacklisted(token);
    }

    @Transactional(isolation = Isolation.SERIALIZABLE)
    public void invalidateToken(String token) {
        Date expirationDate = extractExpiration(token);

        TokenBlacklisted blacklistedToken = new TokenBlacklisted();
        blacklistedToken.setToken(token);
        blacklistedToken.setExpirationDate(expirationDate);

        tokenBlacklistedRepository.save(blacklistedToken);
    }

    private Boolean isTokenBlacklisted(String token) {
        return tokenBlacklistedRepository.findByToken(token).isPresent();
    }

    private Boolean isTokenExpired(String token) {
        return extractExpiration(token).before(new Date());
    }

    private Date extractExpiration(String token) {
        return extractClaim(token, Claims::getExpiration);
    }

    private Claims extractAllClaims(String token) {
        return Jwts
                .parserBuilder()
                .setSigningKey(getSignInKey())
                .build()
                .parseClaimsJws(token)
                .getBody();
    }

    private Key getSignInKey() {
        byte[] keyBytes = Decoders.BASE64.decode(secretKey);
        return Keys.hmacShaKeyFor(keyBytes);
    }
}