JwtUtil#getAuthentication1 方法中添加 ID 混淆还原

account/account-service/src/main/java/cn/reghao/tnb/account/app/rpc/AccountQueryImpl.java

@@ -42,7 +42,8 @@ public class AccountQueryImpl implements AccountQuery {
         AccountInfo accountInfo = accountTokenService.getAccountInfo(type, sessId);
         if (accountInfo != null) {
             String userIdStr = accountInfo.getUserId();
-            long userId = userIdObfuscation.restore(userIdStr);
+            //long userId = userIdObfuscation.restore(userIdStr);
+            long userId = Long.parseLong(userIdStr);
             UserAccount userAccount = accountRepository.getUserAccount(userId);
             String role = userAccount.getRole();
             return new AuthedAccount(userAccount.getUserId());

account/account-service/src/main/java/cn/reghao/tnb/account/app/service/impl/AccountTokenServiceImpl.java

@@ -114,7 +114,7 @@ public class AccountTokenServiceImpl implements AccountTokenService {
         String savedSignKey = redisString.get(RedisKeys.getJwtSignKey("pubkey"));
         RSAPublicKey rsaPublicKey = RsaCryptor.getRSAPublicKey(savedSignKey);
         try {
-            AccountAuthToken userAuthToken = JwtUtil.getAuthentication1(token, rsaPublicKey);
+            AccountAuthToken userAuthToken = JwtUtil.getAuthentication1(token, rsaPublicKey, userIdObfuscation);
             if (userAuthToken != null) {
                 return userAuthToken;
             }

account/account-service/src/main/java/cn/reghao/tnb/account/app/util/JwtUtil.java

@@ -1,5 +1,6 @@
 package cn.reghao.tnb.account.app.util;
 
+import cn.reghao.jutil.jdk.string.IDObfuscation;
 import cn.reghao.tnb.account.app.model.vo.RefreshPayload;
 import cn.reghao.tnb.account.app.security.form.AccountAuthToken;
 import io.jsonwebtoken.Claims;
@@ -97,21 +98,22 @@ public class JwtUtil {
         return new AccountAuthToken(plat, loginId, loginType, userId, authorities);
     }
 
-    public static AccountAuthToken getAuthentication1(String token, RSAPublicKey signKey) {
+    public static AccountAuthToken getAuthentication1(String token, RSAPublicKey signKey, IDObfuscation userIdObfuscation) {
         Claims claims = Jwts.parser().setSigningKey(signKey).parseClaimsJws(token).getBody();
         Integer plat = (Integer) claims.get("plat");
         String loginId = (String) claims.get("loginId");
         int loginType = (int) claims.get("loginType");
-        String userId = claims.getSubject();
+        String userIdStr = claims.getSubject();
         // TODO userId 是系统分配且固定的，但需要检查用户的 roles 是否发生变化
         String roles = (String) claims.get("authorities");
         long expireAt = claims.getExpiration().getTime();
-        if (plat == null || loginId == null || userId == null || roles == null) {
+        if (plat == null || loginId == null || userIdStr == null || roles == null) {
             return null;
         }
 
         List<GrantedAuthority> authorities = AuthorityUtils.commaSeparatedStringToAuthorityList(roles);
-        return new AccountAuthToken(plat, loginId, loginType, userId, authorities);
+        long userId = userIdObfuscation.restore(userIdStr);
+        return new AccountAuthToken(plat, loginId, loginType, userId+"", authorities);
     }
 
     /**