Merge remote-tracking branch 'origin/dev-ltx' into dev/3.1_release_merge

src/main/java/com/ai/da/common/security/filter/AuthenticationFilter.java

@@ -6,6 +6,7 @@ import com.ai.da.common.context.UserContext;
 import com.ai.da.common.security.config.SecurityProperties;
 import com.ai.da.common.security.jwt.JWTTokenHelper;
 import com.ai.da.common.utils.LocalCacheUtils;
+import com.ai.da.common.utils.RedisUtil;
 import com.ai.da.common.utils.MultiReadHttpServletRequest;
 import com.ai.da.common.utils.MultiReadHttpServletResponse;
 import com.ai.da.common.utils.RequestInfoUtil;
@@ -40,6 +41,8 @@ public class AuthenticationFilter extends OncePerRequestFilter {
     private JWTTokenHelper jwtTokenHelper;
     @Resource
     private SecurityProperties properties;
+    @Resource
+    private RedisUtil redisUtil;
 
     private static final List<String> FILTER_URL =
             Arrays.asList("/favicon.ico", "/doc.html", "/swagger-ui.html",
@@ -132,12 +135,19 @@ public class AuthenticationFilter extends OncePerRequestFilter {
             UserContext.delete();
             //存取用户信息到缓存
             UserContext.setUserHolder(principal);
-            //校验token
-            String cacheToken = LocalCacheUtils.getTokenCache(String.valueOf(principal.getId()));
+            // 校验 token：先查本地缓存，再查 Redis，保证服务重启后仍然有效
+            String userIdStr = String.valueOf(principal.getId());
+            String cacheToken = LocalCacheUtils.getTokenCache(userIdStr);
 
-            if(StringUtils.isEmpty(cacheToken)){
-//                throw new RuntimeException("TOKEN已过期，请重新登录！");
-                throw new TokenMissingOrExpiredException("TOKEN已过期，请重新登录！(local cache empty)");
+            if (StringUtils.isEmpty(cacheToken)) {
+                // 本地缓存为空时，尝试从 Redis 读取
+                cacheToken = redisUtil.getLoginToken(principal.getId());
+                if (StringUtils.isEmpty(cacheToken)) {
+//                    throw new RuntimeException("TOKEN已过期，请重新登录！");
+                    throw new TokenMissingOrExpiredException("TOKEN已过期，请重新登录！(cache & redis empty)");
+                }
+                // 将 Redis 中的 token 回填到本地缓存，减少后续 Redis 访问
+                LocalCacheUtils.setTokenCache(userIdStr, cacheToken);
             }
             if(!cacheToken.equals(jwtToken) ){
 //                throw new RuntimeException("TOKEN已过期，请重新登录！");

src/main/java/com/ai/da/common/utils/RedisUtil.java

@@ -34,6 +34,11 @@ public class RedisUtil {
     private RedisTemplate<String, String> redisTemplate;
 
     public final static String FLUX_POLLING_URL = "Flux:";
+    /**
+     * 登录 token 在 Redis 中的前缀：
+     * 最终 key 结构为 login:token:{userId}
+     */
+    public final static String LOGIN_TOKEN_KEY = "login:token:";
 
     public Boolean hasKey(String key){
         return redisTemplate.hasKey(key);
@@ -186,6 +191,40 @@ public class RedisUtil {
         redisTemplate.delete(key);
     }
 
+    /**
+     * 保存登录 token
+     *
+     * @param userId 用户 ID
+     * @param token  token 字符串
+     * @param expireMillis 过期时间（毫秒，通常与 JWT 保持一致）
+     */
+    public void setLoginToken(Long userId, String token, long expireMillis) {
+        if (expireMillis <= 0) {
+            // 不设置过期时间，直到手动删除（不推荐）
+            addToString(LOGIN_TOKEN_KEY + userId, token);
+            return;
+        }
+        long expireSeconds = expireMillis / 1000;
+        if (expireSeconds <= 0) {
+            expireSeconds = 1;
+        }
+        addToString(LOGIN_TOKEN_KEY + userId, token, expireSeconds);
+    }
+
+    /**
+     * 获取登录 token
+     */
+    public String getLoginToken(Long userId) {
+        return getFromString(LOGIN_TOKEN_KEY + userId);
+    }
+
+    /**
+     * 删除登录 token
+     */
+    public void deleteLoginToken(Long userId) {
+        removeFromString(LOGIN_TOKEN_KEY + userId);
+    }
+
     public final static String PORTFOLIO_LIKE_KEY = "portfolio:like:";
 
     public void likePost(Long portfolioId, Long userId) {