feature: add double token support for seata netty communication authentication

Author: Muluo-cyan

common/src/main/java/org/apache/seata/common/ConfigurationKeys.java

@@ -68,6 +68,11 @@ public interface ConfigurationKeys {
      */
     String SEATA_PREFIX = SEATA_FILE_ROOT_CONFIG + ".";
 
+    /**
+     * The constant SECURITY_PREFIX
+     */
+    String SECURITY_PREFIX = "security.";
+
     /**
      * The constant SERVICE_PREFIX.
      */
@@ -1014,6 +1019,31 @@ public interface ConfigurationKeys {
      */
     String SERVER_APPLICATION_DATA_SIZE_CHECK = SERVER_PREFIX + "applicationDataLimitCheck";
 
+    /**
+     * The constant SECURITY_USERNAME;
+     */
+    String SECURITY_USERNME = SECURITY_PREFIX + "username";
+
+    /**
+     * The constant SECURITY_PASSWORD;
+     */
+    String SECURITY_PASSWORD = SECURITY_PREFIX + "password";
+
+    /**
+     * The constant SECURITY_SECRET_KEY;
+     */
+    String SECURITY_SECRET_KEY = SECURITY_PREFIX + "secretKey";
+
+    /**
+     * The constant SECURITY_ACCESS_TOKEN_VALID_TIME;
+     */
+    String SECURITY_ACCESS_TOKEN_VALID_TIME = SECURITY_PREFIX + "accessTokenValidityInMilliseconds";
+
+    /**
+     * The constant SECURITY_REFRESH_TOKEN_VALID_TIME;
+     */
+    String SECURITY_REFRESH_TOKEN_VALID_TIME = SECURITY_PREFIX + "refreshTokenValidityInMilliseconds";
+
     /**
      * The constant ROCKET_MQ_MSG_TIMEOUT
      */

common/src/main/java/org/apache/seata/common/util/StringUtils.java

@@ -16,24 +16,24 @@
  */
 package org.apache.seata.common.util;
 
+import org.apache.seata.common.Constants;
+import org.apache.seata.common.exception.ShouldNeverHappenException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
 import java.nio.charset.StandardCharsets;
 import java.text.SimpleDateFormat;
-import java.util.Collection;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.Map;
+import java.util.*;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import org.apache.seata.common.Constants;
-import org.apache.seata.common.exception.ShouldNeverHappenException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import static org.apache.seata.common.ConfigurationKeys.EXTRA_DATA_KV_CHAR;
+import static org.apache.seata.common.ConfigurationKeys.EXTRA_DATA_SPLIT_CHAR;
 
 /**
  * The type String utils.
@@ -331,7 +331,7 @@ public static boolean isNotEmpty(final CharSequence cs) {
 
     /**
      * hump to Line or line to hump, only spring environment use
-     * 
+     *
      * @param str str
      * @return string string
      */
@@ -446,4 +446,35 @@ public static boolean hasText(CharSequence str) {
         return false;
     }
 
+    public static HashMap<String, String> string2Map(String inputString) {
+        HashMap<String, String> resultMap = new HashMap<>();
+        if (StringUtils.isBlank(inputString)) {
+            return resultMap;
+        }
+        String[] keyValuePairs = inputString.split(EXTRA_DATA_SPLIT_CHAR);
+        for (String pair : keyValuePairs) {
+            String[] keyValue = pair.trim().split(EXTRA_DATA_KV_CHAR);
+            if (keyValue.length == 2) {
+                resultMap.put(keyValue[0].trim(), keyValue[1].trim());
+            }
+        }
+        return resultMap;
+    }
+
+    public static String map2String(HashMap<String, String> inputMap) {
+        if (inputMap == null || inputMap.isEmpty()) {
+            return "";
+        }
+        StringBuilder resultString = new StringBuilder();
+        for (Map.Entry<String, String> entry : inputMap.entrySet()) {
+            String key = entry.getKey();
+            String value = entry.getValue();
+            String pair = key + EXTRA_DATA_KV_CHAR + value + EXTRA_DATA_SPLIT_CHAR;
+            resultString.append(pair);
+        }
+        if (resultString.length() > 0) {
+            resultString.deleteCharAt(resultString.length() - 1);
+        }
+        return resultString.toString();
+    }
 }

console/src/main/java/org/apache/seata/console/controller/AuthController.java

@@ -16,11 +16,9 @@
  */
 package org.apache.seata.console.controller;
 
-import javax.servlet.http.HttpServletResponse;
-
 import org.apache.seata.common.result.Code;
-import org.apache.seata.console.config.WebSecurityConfig;
 import org.apache.seata.common.result.SingleResult;
+import org.apache.seata.console.config.WebSecurityConfig;
 import org.apache.seata.console.security.User;
 import org.apache.seata.console.utils.JwtTokenUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -34,6 +32,8 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import javax.servlet.http.HttpServletResponse;
+
 /**
  * auth user
  *
@@ -58,7 +58,6 @@ public class AuthController {
     public SingleResult<String> login(HttpServletResponse response, @RequestBody User user) {
         UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
             user.getUsername(), user.getPassword());
-
         try {
             //AuthenticationManager(default ProviderManager) #authenticate check Authentication
             Authentication authentication = authenticationManager.authenticate(authenticationToken);

core/src/main/java/org/apache/seata/core/auth/AuthResult.java

@@ -0,0 +1,45 @@
+package org.apache.seata.core.auth;
+
+import org.apache.seata.core.protocol.ResultCode;
+
+public class AuthResult {
+    private ResultCode resultCode;
+
+    private String accessToken;
+
+    private String refreshToken;
+
+    public AuthResult() {
+    }
+
+    public AuthResult(AuthResultBuilder builder) {
+        this.resultCode = builder.getResultCode();
+        this.accessToken = builder.getAccessToken();
+        this.refreshToken = builder.getRefreshToken();
+    }
+
+    public ResultCode getResultCode() {
+        return resultCode;
+    }
+
+    public void setResultCode(ResultCode resultCode) {
+        this.resultCode = resultCode;
+    }
+
+    public String getAccessToken() {
+        return accessToken;
+    }
+
+    public void setAccessToken(String accessToken) {
+        this.accessToken = accessToken;
+    }
+
+    public String getRefreshToken() {
+        return refreshToken;
+    }
+
+    public void setRefreshToken(String refreshToken) {
+        this.refreshToken = refreshToken;
+    }
+
+}

core/src/main/java/org/apache/seata/core/auth/AuthResultBuilder.java

@@ -0,0 +1,44 @@
+package org.apache.seata.core.auth;
+
+import org.apache.seata.core.protocol.ResultCode;
+
+public class AuthResultBuilder {
+    private ResultCode resultCode;
+    private String accessToken;
+    private String refreshToken;
+
+    public ResultCode getResultCode() {
+        return resultCode;
+    }
+
+    public String getAccessToken() {
+        return accessToken;
+    }
+
+    public String getRefreshToken() {
+        return refreshToken;
+    }
+
+    // 设置 resultCode
+    public AuthResultBuilder setResultCode(ResultCode resultCode) {
+        this.resultCode = resultCode;
+        return this;
+    }
+
+    // 设置 accessToken
+    public AuthResultBuilder setAccessToken(String accessToken) {
+        this.accessToken = accessToken;
+        return this;
+    }
+
+    // 设置 refreshToken
+    public AuthResultBuilder setRefreshToken(String refreshToken) {
+        this.refreshToken = refreshToken;
+        return this;
+    }
+
+    // 构建最终的 AuthResult 对象
+    public AuthResult build() {
+        return new AuthResult(this);
+    }
+}

core/src/main/java/org/apache/seata/core/auth/JwtAuthManager.java

@@ -0,0 +1,131 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.seata.core.auth;
+
+
+import org.apache.seata.common.ConfigurationKeys;
+import org.apache.seata.common.util.StringUtils;
+import org.apache.seata.config.ConfigurationFactory;
+
+import java.util.HashMap;
+
+public class JwtAuthManager {
+    private String refreshToken;
+
+    private String accessToken;
+
+    private boolean isAccessTokenNearExpiration;
+
+    private String username;
+
+    private String password;
+
+    public final static String PRO_USERNAME = "username";
+
+    public final static String PRO_PASSWORD = "password";
+
+    public final static String PRO_TOKEN = "token";
+
+    public final static String PRO_REFRESH_TOKEN = "refresh_token";
+
+    private static volatile JwtAuthManager instance;
+
+    private JwtAuthManager() {
+    }
+
+    public static JwtAuthManager getInstance() {
+        if (instance == null) {
+            synchronized (JwtAuthManager.class) {
+                if (instance == null) {
+                    instance = new JwtAuthManager();
+                    instance.username = ConfigurationFactory.CURRENT_FILE_INSTANCE.getConfig(ConfigurationKeys.SECURITY_USERNME);
+                    instance.password = ConfigurationFactory.CURRENT_FILE_INSTANCE.getConfig(ConfigurationKeys.SECURITY_PASSWORD);
+                    instance.isAccessTokenNearExpiration = false;
+                }
+            }
+        }
+        return instance;
+    }
+
+    public void init() {
+        }
+
+    public boolean isAccessTokenNearExpiration() {
+        return isAccessTokenNearExpiration;
+    }
+
+    public void setAccessTokenNearExpiration(boolean accessTokenNearExpiration) {
+        isAccessTokenNearExpiration = accessTokenNearExpiration;
+    }
+
+    public String getAccessToken() {
+        return accessToken;
+    }
+
+    public String getRefreshToken() {
+        return refreshToken;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public void refreshToken(String newAccessToken, String newRefreshToken) {
+        if (newAccessToken != null) {
+            accessToken = newAccessToken;
+            isAccessTokenNearExpiration = false;
+        }
+        if (newRefreshToken != null) {
+            refreshToken = newRefreshToken;
+        }
+    }
+
+    public void setAccessToken(String token) {
+        accessToken = token;
+    }
+
+    public void setRefreshToken(String token) {
+        refreshToken = token;
+    }
+
+    public String getAuthData() {
+        HashMap<String, String> extraDataMap = new HashMap<>();
+        extraDataMap.remove(PRO_TOKEN);
+        if (accessToken != null && !isAccessTokenNearExpiration) {
+            extraDataMap.put(PRO_TOKEN, accessToken);
+        } else if (refreshToken != null) {
+            extraDataMap.put(PRO_REFRESH_TOKEN, refreshToken);
+        } else if (username != null && password != null) {
+            extraDataMap.put(PRO_USERNAME, username);
+            extraDataMap.put(PRO_PASSWORD, password);
+        }
+        return StringUtils.map2String(extraDataMap);
+    }
+
+}

core/src/main/java/org/apache/seata/core/auth/RegisterHandler.java

@@ -0,0 +1,14 @@
+package org.apache.seata.core.auth;
+
+import io.netty.channel.Channel;
+import org.apache.seata.core.protocol.RegisterRMResponse;
+
+public interface RegisterHandler {
+    /**
+     * On a register response received.
+     *
+     * @param response received response message
+     * @param channel  channel of the response
+     */
+    void onRegisterResponse(RegisterRMResponse response, Channel channel, Integer rpcId);
+}