增加令牌刷新逻辑

common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityAutoConfiguration.java

@@ -49,10 +49,12 @@ public class AdminSecurityAutoConfiguration implements WebMvcConfigurer {
                 .excludePathPatterns(properties.getDefaultIgnorePaths());
         logger.info("[addInterceptors][加载 AdminSecurityInterceptor 拦截器完成]");
         // AdminDemoInterceptor 拦截器
-        registry.addInterceptor(this.adminDemoInterceptor())
-                .excludePathPatterns(properties.getIgnorePaths())
-                .excludePathPatterns(properties.getDefaultIgnorePaths());
-        logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]");
+        if (Boolean.TRUE.equals(properties.getDemo())) {
+            registry.addInterceptor(this.adminDemoInterceptor())
+                    .excludePathPatterns(properties.getIgnorePaths())
+                    .excludePathPatterns(properties.getDefaultIgnorePaths());
+            logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]");
+        }
     }
 
 }

common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityProperties.java

@@ -11,6 +11,11 @@ public class AdminSecurityProperties {
             // Actuator 相关
     };
 
+    /**
+     * 演示模式 - 默认值（关闭）
+     */
+    private static final Boolean DEFAULT_DEMO = false;
+
     /**
      * 自定义忽略 Path
      */
@@ -19,6 +24,10 @@ public class AdminSecurityProperties {
      * 默认忽略 Path
      */
     private String[] defaultIgnorePaths = DEFAULT_IGNORE_PATHS;
+    /**
+     * 是否开启演示模式
+     */
+    private Boolean demo = DEFAULT_DEMO;
 
     public String[] getIgnorePaths() {
         return ignorePaths;
@@ -38,4 +47,13 @@ public class AdminSecurityProperties {
         return this;
     }
 
+    public Boolean getDemo() {
+        return demo;
+    }
+
+    public AdminSecurityProperties setDemo(Boolean demo) {
+        this.demo = demo;
+        return this;
+    }
+
 }

common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/interceptor/AdminDemoInterceptor.java

@@ -19,8 +19,9 @@ public class AdminDemoInterceptor extends HandlerInterceptorAdapter {
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
-        // 当 Admin 编号等于 0 时，约定为演示账号
-        if (Objects.equals(AdminSecurityContextHolder.getAdminId(), 0)
+        // 当 Admin 编号等于 1 时，约定为演示账号
+        // TODO 芋艿，后续去优化
+        if (Objects.equals(AdminSecurityContextHolder.getAdminId(), 1)
             && request.getMethod().equalsIgnoreCase(HttpMethod.POST.toString())) {
             throw ServiceExceptionUtil.exception(SystemErrorCodeConstants.PERMISSION_DEMO_PERMISSION_DENY);
         }

management-web-app/src/main/java/cn/iocoder/mall/managementweb/controller/passport/PassportController.java

@@ -12,13 +12,9 @@ import cn.iocoder.security.annotations.RequiresNone;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletRequest;
-
 import java.util.List;
 import java.util.Set;
 
@@ -46,6 +42,14 @@ public class PassportController {
         return success(passportManager.getAdmin(AdminSecurityContextHolder.getAdminId()));
     }
 
+    @PostMapping("/refresh-token")
+    @ApiOperation("刷新令牌")
+    @RequiresNone
+    public CommonResult<PassportAccessTokenVO> refreshToken(@RequestParam("refreshToken") String refreshToken,
+                                                            HttpServletRequest request) {
+        return success(passportManager.refreshToken(refreshToken, HttpUtil.getIp(request)));
+    }
+
     // TODO 优化点：迁移到 PermissionController
     @GetMapping("/tree-admin-menu")
     @ApiOperation("获得当前管理员的菜单树")

management-web-app/src/main/java/cn/iocoder/mall/managementweb/manager/passport/PassportManager.java

@@ -15,12 +15,13 @@ import cn.iocoder.mall.systemservice.enums.permission.ResourceTypeEnum;
 import cn.iocoder.mall.systemservice.rpc.admin.AdminRpc;
 import cn.iocoder.mall.systemservice.rpc.admin.vo.AdminVO;
 import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
-import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO;
 import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2AccessTokenRespDTO;
+import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO;
+import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2RefreshAccessTokenReqDTO;
 import cn.iocoder.mall.systemservice.rpc.permission.ResourceRpc;
 import cn.iocoder.mall.systemservice.rpc.permission.RoleRpc;
 import cn.iocoder.mall.systemservice.rpc.permission.vo.ResourceVO;
-import org.apache.dubbo.config.annotation.Reference;
+import org.apache.dubbo.config.annotation.DubboReference;
 import org.springframework.stereotype.Service;
 
 import java.util.Collections;
@@ -30,13 +31,13 @@ import java.util.Set;
 @Service
 public class PassportManager {
 
-    @Reference(version = "${dubbo.consumer.AdminRpc.version}")
+    @DubboReference(version = "${dubbo.consumer.AdminRpc.version}")
     private AdminRpc adminRpc;
-    @Reference(version = "${dubbo.consumer.OAuth2Rpc.version}")
+    @DubboReference(version = "${dubbo.consumer.OAuth2Rpc.version}")
     private OAuth2Rpc oauth2Rpc;
-    @Reference(version = "${dubbo.consumer.RoleRpc.version}")
+    @DubboReference(version = "${dubbo.consumer.RoleRpc.version}")
     private RoleRpc roleRpc;
-    @Reference(version = "${dubbo.consumer.ResourceRpc.version}")
+    @DubboReference(version = "${dubbo.consumer.ResourceRpc.version}")
     private ResourceRpc resourceRpc;
 
     public PassportAccessTokenVO login(PassportLoginDTO loginDTO, String ip) {
@@ -59,6 +60,13 @@ public class PassportManager {
         return AdminPassportConvert.INSTANCE.convert(getAdminResult.getData());
     }
 
+    public PassportAccessTokenVO refreshToken(String refreshToken, String ip) {
+        CommonResult<OAuth2AccessTokenRespDTO> refreshAccessTokenResult = oauth2Rpc.refreshAccessToken(
+                new OAuth2RefreshAccessTokenReqDTO().setRefreshToken(refreshToken).setCreateIp(ip));
+        refreshAccessTokenResult.checkError();
+        return AdminPassportConvert.INSTANCE.convert(refreshAccessTokenResult.getData());
+    }
+
     /**
      * 获得指定管理员的权限列表
      *

management-web-app/src/main/resources/application-dev.yml

@@ -13,3 +13,6 @@ dubbo:
   registry:
     #    address: spring-cloud://400-infra.server.iocoder.cn:8848 # 指定 Dubbo 服务注册中心的地址
     address: nacos://400-infra.server.iocoder.cn:8848?namespace=dev # 指定 Dubbo 服务注册中心的地址
+
+# Mall 认证安全配置
+mall.security.admin.demo: true # 是否开启演示模式

user-web-app/src/main/java/cn/iocoder/mall/userweb/controller/passport/PassportController.http

@@ -10,4 +10,10 @@ Content-Type: application/x-www-form-urlencoded
 
 mobile=15601691300&scene=1
 
+### /passport/refresh-token
+POST {{user-api-base-url}}/passport/refresh-token
+Content-Type: application/x-www-form-urlencoded
+
+refreshToken=77abd74e84e34cfc8aba9625317a14a3
+
 ###

user-web-app/src/main/java/cn/iocoder/mall/userweb/controller/passport/PassportController.java

@@ -12,6 +12,7 @@ import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 import javax.servlet.http.HttpServletRequest;
@@ -44,4 +45,12 @@ public class PassportController {
         return success(true);
     }
 
+    @PostMapping("/refresh-token")
+    @ApiOperation("刷新令牌")
+    @RequiresNone
+    public CommonResult<PassportAccessTokenRespVO> refreshToken(@RequestParam("refreshToken") String refreshToken,
+                                                            HttpServletRequest request) {
+        return success(passportManager.refreshToken(refreshToken, HttpUtil.getIp(request)));
+    }
+
 }

user-web-app/src/main/java/cn/iocoder/mall/userweb/manager/passport/PassportManager.java

@@ -5,6 +5,7 @@ import cn.iocoder.common.framework.vo.CommonResult;
 import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
 import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2AccessTokenRespDTO;
 import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO;
+import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2RefreshAccessTokenReqDTO;
 import cn.iocoder.mall.userservice.enums.sms.UserSmsSceneEnum;
 import cn.iocoder.mall.userservice.rpc.sms.UserSmsCodeRpc;
 import cn.iocoder.mall.userservice.rpc.user.UserRpc;
@@ -50,4 +51,11 @@ public class PassportManager {
         sendSmsCodeResult.checkError();
     }
 
+    public PassportAccessTokenRespVO refreshToken(String refreshToken, String ip) {
+        CommonResult<OAuth2AccessTokenRespDTO> refreshAccessTokenResult = oauth2Rpc.refreshAccessToken(
+                new OAuth2RefreshAccessTokenReqDTO().setRefreshToken(refreshToken).setCreateIp(ip));
+        refreshAccessTokenResult.checkError();
+        return PassportConvert.INSTANCE.convert(refreshAccessTokenResult.getData());
+    }
+
 }

user-web-app/src/main/resources/application.yml

@@ -25,6 +25,7 @@ dubbo:
   consumer:
     timeout: 10000
     validation: true # 开启 Consumer 的参数校验
+    check: false # 本地启动，不进行校验，不一定会使用到未启动的服务，嘿嘿~
     UserSmsCodeRpc:
       version: 1.0.0
     UserRpc: