token 支持有效期设置和续期

magic-api/src/main/java/org/ssssssss/magicapi/core/config/MessageType.java

@@ -15,6 +15,8 @@ public enum MessageType {
 	EXCEPTION,
 	/* 登录结果 */
 	LOGIN_RESPONSE,
+	/* 刷新token */
+	REFRESH_TOKEN,
 	/* 通知客户端，有用户上线 */
 	USER_LOGIN,
 	/* 通知客户端，有用户下线 */

magic-api/src/main/java/org/ssssssss/magicapi/core/context/MagicConsoleSession.java

@@ -20,6 +20,10 @@ public class MagicConsoleSession {
 
 	private long activateTime = System.currentTimeMillis();
 
+	private MagicUser user;
+
+	private long timeout;
+
 	public MagicConsoleSession(WebSocketSession webSocketSession) {
 		this.webSocketSession = webSocketSession;
 	}
@@ -85,4 +89,20 @@ public class MagicConsoleSession {
 			this.webSocketSession = null;
 		}
 	}
+
+	public MagicUser getUser() {
+		return user;
+	}
+
+	public void setUser(MagicUser user) {
+		this.user = user;
+	}
+
+	public long getTimeout() {
+		return timeout;
+	}
+
+	public void setTimeout(long timeout) {
+		this.timeout = timeout;
+	}
 }

magic-api/src/main/java/org/ssssssss/magicapi/core/context/MagicUser.java

@@ -13,6 +13,11 @@ public class MagicUser {
 
 	private String token;
 
+	/**
+	 * token 有效期，<=0 为永不过期
+	 */
+	private long timeout = -1;
+
 	public MagicUser() {
 	}
 
@@ -22,6 +27,13 @@ public class MagicUser {
 		this.token = token;
 	}
 
+	public MagicUser(String id, String username, String token, long timeout) {
+		this.id = id;
+		this.username = username;
+		this.token = token;
+		this.timeout = timeout;
+	}
+
 	public static MagicUser guest() {
 		return new MagicUser(null, "guest", null);
 	}
@@ -50,4 +62,11 @@ public class MagicUser {
 		this.token = token;
 	}
 
+	public long getTimeout() {
+		return timeout;
+	}
+
+	public void setTimeout(long timeout) {
+		this.timeout = timeout;
+	}
 }

magic-api/src/main/java/org/ssssssss/magicapi/core/handler/MagicWorkbenchHandler.java

@@ -1,6 +1,8 @@
 package org.ssssssss.magicapi.core.handler;
 
 import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpHeaders;
 import org.ssssssss.magicapi.core.annotation.Message;
 import org.ssssssss.magicapi.core.config.Constants;
@@ -13,6 +15,7 @@ import org.ssssssss.magicapi.utils.IpUtils;
 
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Optional;
 import java.util.stream.Collectors;
 
@@ -27,6 +30,8 @@ public class MagicWorkbenchHandler {
 
 	private final static MagicUser guest = new MagicUser("guest","游客", "unauthorization");
 
+	private final static Logger logger = LoggerFactory.getLogger(MagicWorkbenchHandler.class);
+
 	public MagicWorkbenchHandler(AuthorizationInterceptor authorizationInterceptor) {
 		this.authorizationInterceptor = authorizationInterceptor;
 	}
@@ -46,6 +51,10 @@ public class MagicWorkbenchHandler {
 			String ip = Optional.ofNullable(session.getWebSocketSession().getRemoteAddress()).map(it -> it.getAddress().getHostAddress()).orElse("unknown");
 			HttpHeaders headers = session.getWebSocketSession().getHandshakeHeaders();
 			ip = IpUtils.getRealIP(ip, headers::getFirst, null);
+			if (user.getTimeout() > 0) {
+				session.setUser(user);
+				session.setTimeout(user.getTimeout() * 1000 + System.currentTimeMillis());
+			}
 			session.setAttribute(Constants.WEBSOCKET_ATTRIBUTE_USER_ID, user.getId());
 			session.setAttribute(Constants.WEBSOCKET_ATTRIBUTE_USER_IP, StringUtils.defaultIfBlank(ip, "unknown"));
 			session.setAttribute(Constants.WEBSOCKET_ATTRIBUTE_USER_NAME, user.getUsername());
@@ -78,8 +87,19 @@ public class MagicWorkbenchHandler {
 	}
 
 	@Message(MessageType.PONG)
-	public void pong(MagicConsoleSession session){
+	public String pong(MagicConsoleSession session){
 		session.setActivateTime(System.currentTimeMillis());
+		MagicUser user = session.getUser();
+		if (user != null && session.getTimeout() - System.currentTimeMillis() < 60 * 1000){
+			String oldToken = user.getToken();
+			authorizationInterceptor.refreshToken(user);
+			String newToken = user.getToken();
+			session.setTimeout(System.currentTimeMillis() + user.getTimeout() * 1000);
+			if (!Objects.equals(newToken, oldToken)) {
+				WebSocketSessionManager.sendBySession(session, WebSocketSessionManager.buildMessage(MessageType.REFRESH_TOKEN, newToken));
+			}
+		}
+		return null;
 	}
 
 	private List<Map<String, Object>> getOnlineUsers(){

magic-api/src/main/java/org/ssssssss/magicapi/core/interceptor/AuthorizationInterceptor.java

@@ -94,4 +94,12 @@ public interface AuthorizationInterceptor {
 		return allowVisit(magicUser, request, authorization);
 	}
 
+	/**
+	 * 刷新 token, 重新赋值对象内的token和timeout
+	 * @param user
+	 * @return
+	 */
+	default void refreshToken(MagicUser user) {
+	}
+
 }