Added| 新增migration設定

security-core/src/main/java/org/fycd/bigdata/advice/AuthControllerAdvice.java

@@ -0,0 +1,24 @@
+package org.fycd.bigdata.advice;
+
+import org.fycd.bigdata.exception.TokenRefreshException;
+import org.fycd.bigdata.pojo.ErrorMessage;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+import org.springframework.web.context.request.WebRequest;
+
+import java.time.LocalDateTime;
+
+@RestControllerAdvice
+public class AuthControllerAdvice {
+  @ExceptionHandler(value = TokenRefreshException.class)
+  @ResponseStatus(HttpStatus.FORBIDDEN)
+  public ErrorMessage handleTokenRefreshException(TokenRefreshException ex, WebRequest request) {
+    return new ErrorMessage(
+            HttpStatus.FORBIDDEN.value(),
+            LocalDateTime.now(),
+            ex.getMessage(),
+            request.getDescription(false));
+  }
+}

security-core/src/main/java/org/fycd/bigdata/pojo/ErrorMessage.java

@@ -0,0 +1,19 @@
+package org.fycd.bigdata.pojo;
+
+import lombok.Data;
+
+import java.time.LocalDateTime;
+
+@Data
+public class ErrorMessage {
+  private int statusCode;
+  private LocalDateTime timestamp;
+  private String message;
+  private String description;
+  public ErrorMessage (int statusCode, LocalDateTime timestamp, String message, String description) {
+    this.statusCode = statusCode;
+    this.timestamp = timestamp;
+    this.message = message;
+    this.description = description;
+  }
+}

security-core/src/main/java/org/fycd/bigdata/service/RefreshTokenService.java

@@ -16,7 +16,7 @@ import java.util.UUID;
 @Service
 @RequiredArgsConstructor
 public class RefreshTokenService {
-  @Value("${app.security.jwtExpiration")
+  @Value("${app.security.jwtExpiration}")
   private Long refreshTokenDuration;
 
   private final UserDaoSub userDao;

security-core/src/main/java/org/fycd/bigdata/utils/JwtUtils.java

@@ -3,11 +3,9 @@ package org.fycd.bigdata.utils;
 import io.jsonwebtoken.*;
 import io.jsonwebtoken.security.Keys;
 import io.jsonwebtoken.security.SignatureException;
-import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.fycd.bigdata.service.UserDetailsImpl;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 
 import javax.xml.bind.DatatypeConverter;
@@ -19,8 +17,8 @@ public class JwtUtils {
   @Value("${app.security.jwtSecret}")
   private String jwtSecret;
 
-  @Value("${app.security.jwtExpirationMs}")
-  private int jwtExpirationMs;
+  @Value("${app.security.jwtExpiration}")
+  private Long jwtExpiration;
 
 
   public String generateJwtToken(UserDetailsImpl userPrincipal) {
@@ -29,13 +27,14 @@ public class JwtUtils {
 
   public String generateTokenFromUsername(String username) {
     return Jwts.builder().setSubject(username).setIssuedAt(new Date())
-            .setExpiration(new Date((new Date()).getTime() + jwtExpirationMs)).signWith(SignatureAlgorithm.HS512, jwtSecret)
+            .setExpiration(new Date((new Date()).getTime() + jwtExpiration))
+            .signWith(Keys.hmacShaKeyFor(DatatypeConverter.parseBase64Binary(jwtSecret)))
             .compact();
   }
 
   public boolean validateJwtToken(String authToken) {
     try {
-      Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(authToken);
+      getUserNameFromJwtToken(authToken);
       return true;
     } catch (SignatureException e) {
       log.error("Invalid JWT signature: {}", e.getMessage());