(feat)Support for managing large models with Dify #1830;2、add user access token; #1829; 3、support change password #1824 (#1839)

2025-12-16 06:56:57 +00:00 · 2024-10-22 13:58:58 +08:00
parent bdb20ca462
commit 0ddcdf93ec
34 changed files with 1341 additions and 45 deletions
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/adaptor/DefaultUserAdaptor.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/adaptor/DefaultUserAdaptor.java
@@ -1,12 +1,16 @@
 package com.tencent.supersonic.auth.authentication.adaptor;

+import javax.servlet.http.HttpServletRequest;
+
 import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
 import com.tencent.supersonic.auth.api.authentication.adaptor.UserAdaptor;
 import com.tencent.supersonic.auth.api.authentication.pojo.Organization;
+import com.tencent.supersonic.auth.api.authentication.pojo.UserToken;
 import com.tencent.supersonic.auth.api.authentication.pojo.UserWithPassword;
 import com.tencent.supersonic.auth.api.authentication.request.UserReq;
 import com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO;
+import com.tencent.supersonic.auth.authentication.persistence.dataobject.UserTokenDO;
 import com.tencent.supersonic.auth.authentication.persistence.repository.UserRepository;
 import com.tencent.supersonic.auth.authentication.utils.TokenService;
 import com.tencent.supersonic.common.pojo.User;
@@ -15,8 +19,8 @@ import com.tencent.supersonic.common.util.ContextUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.BeanUtils;

-import javax.servlet.http.HttpServletRequest;
 import java.util.List;
+import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;

@@ -106,6 +110,68 @@ public class DefaultUserAdaptor implements UserAdaptor {
        }
    }

+    @Override
+    public String getPassword(String userName) {
+        UserDO userDO = getUser(userName);
+        if (userDO == null) {
+            throw new RuntimeException("user not exist,please register");
+        }
+        return userDO.getPassword();
+    }
+
+    @Override
+    public void resetPassword(String userName, String password, String newPassword) {
+        UserRepository userRepository = ContextUtils.getBean(UserRepository.class);
+        Optional<UserDO> userDOOptional = Optional.ofNullable(getUser(userName));
+
+        UserDO userDO = userDOOptional
+                .orElseThrow(() -> new RuntimeException("User does not exist, please register"));
+
+        try {
+            validateOldPassword(userDO, password);
+            updatePassword(userDO, newPassword, userRepository);
+        } catch (PasswordEncryptionException e) {
+            throw new RuntimeException("Password encryption error, please try again", e);
+        }
+    }
+
+
+    private void validateOldPassword(UserDO userDO, String password)
+            throws PasswordEncryptionException {
+        String oldPassword = encryptPassword(password, userDO.getSalt());
+        if (!userDO.getPassword().equals(oldPassword)) {
+            throw new RuntimeException("Old password is not correct, please try again");
+        }
+    }
+
+    private void updatePassword(UserDO userDO, String newPassword, UserRepository userRepository)
+            throws PasswordEncryptionException {
+        try {
+            byte[] salt = AESEncryptionUtil.generateSalt(userDO.getName());
+            userDO.setSalt(AESEncryptionUtil.getStringFromBytes(salt));
+            userDO.setPassword(AESEncryptionUtil.encrypt(newPassword, salt));
+            userRepository.updateUser(userDO);
+        } catch (Exception e) {
+            throw new PasswordEncryptionException("Error encrypting password", e);
+        }
+
+    }
+
+    private String encryptPassword(String password, String salt)
+            throws PasswordEncryptionException {
+        try {
+            return AESEncryptionUtil.encrypt(password, AESEncryptionUtil.getBytesFromString(salt));
+        } catch (Exception e) {
+            throw new PasswordEncryptionException("Error encrypting password", e);
+        }
+    }
+
+    public static class PasswordEncryptionException extends Exception {
+        public PasswordEncryptionException(String message, Throwable cause) {
+            super(message, cause);
+        }
+    }
+
    private UserWithPassword getUserWithPassword(UserReq userReq) {
        UserDO userDO = getUser(userReq.getName());
        if (userDO == null) {
@@ -136,4 +202,70 @@ public class DefaultUserAdaptor implements UserAdaptor {
    public Set<String> getUserAllOrgId(String userName) {
        return Sets.newHashSet();
    }
+
+    @Override
+    public UserToken generateToken(String name, String userName, long expireTime) {
+        TokenService tokenService = ContextUtils.getBean(TokenService.class);
+        UserDO userDO = getUser(userName);
+        if (userDO == null) {
+            throw new RuntimeException("user not exist,please register");
+        }
+        UserWithPassword userWithPassword =
+                new UserWithPassword(userDO.getId(), userDO.getName(), userDO.getDisplayName(),
+                        userDO.getEmail(), userDO.getPassword(), userDO.getIsAdmin());
+
+        String token =
+                tokenService.generateToken(UserWithPassword.convert(userWithPassword), expireTime);
+        UserTokenDO userTokenDO = saveUserToken(name, userName, token, expireTime);
+        return convertUserToken(userTokenDO);
+    }
+
+    @Override
+    public void deleteUserToken(Long id) {
+        UserRepository userRepository = ContextUtils.getBean(UserRepository.class);
+        userRepository.deleteUserToken(id);
+    }
+
+    @Override
+    public UserToken getUserToken(Long id) {
+        UserRepository userRepository = ContextUtils.getBean(UserRepository.class);
+        return convertUserToken(userRepository.getUserToken(id));
+    }
+
+    @Override
+    public List<UserToken> getUserTokens(String userName) {
+        UserRepository userRepository = ContextUtils.getBean(UserRepository.class);
+        List<UserToken> userTokens = userRepository.getUserTokenListByName(userName).stream()
+                .map(this::convertUserToken).collect(Collectors.toList());
+        return userTokens;
+    }
+
+    private UserTokenDO saveUserToken(String tokenName, String userName, String token,
+            long expireTime) {
+        UserTokenDO userTokenDO = new UserTokenDO();
+        userTokenDO.setName(tokenName);
+        userTokenDO.setUserName(userName);
+        userTokenDO.setToken(token);
+        userTokenDO.setExpireTime(expireTime);
+        userTokenDO.setCreateTime(new java.util.Date());
+        userTokenDO.setCreateBy(userName);
+        userTokenDO.setUpdateBy(userName);
+        userTokenDO.setExpireDateTime(new java.util.Date(System.currentTimeMillis() + expireTime));
+        UserRepository userRepository = ContextUtils.getBean(UserRepository.class);
+        userRepository.addUserToken(userTokenDO);
+
+        return userTokenDO;
+    }
+
+    private UserToken convertUserToken(UserTokenDO userTokenDO) {
+        UserToken userToken = new UserToken();
+        userToken.setId(userTokenDO.getId());
+        userToken.setName(userTokenDO.getName());
+        userToken.setUserName(userTokenDO.getUserName());
+        userToken.setToken(userTokenDO.getToken());
+        userToken.setExpireTime(userTokenDO.getExpireTime());
+        userToken.setCreateDate(userTokenDO.getCreateTime());
+        userToken.setExpireDate(userTokenDO.getExpireDateTime());
+        return userToken;
+    }
 }
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/interceptor/AuthenticationInterceptor.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/interceptor/AuthenticationInterceptor.java
@@ -1,5 +1,7 @@
 package com.tencent.supersonic.auth.authentication.interceptor;

+import javax.servlet.http.HttpServletRequest;
+
 import com.tencent.supersonic.auth.api.authentication.config.AuthenticationConfig;
 import com.tencent.supersonic.auth.api.authentication.constant.UserConstants;
 import com.tencent.supersonic.auth.authentication.service.UserServiceImpl;
@@ -13,7 +15,6 @@ import org.springframework.util.CollectionUtils;
 import org.springframework.web.multipart.support.StandardMultipartHttpServletRequest;
 import org.springframework.web.servlet.HandlerInterceptor;

-import javax.servlet.http.HttpServletRequest;
 import java.lang.reflect.Field;
 import java.util.Arrays;
 import java.util.List;
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/interceptor/DefaultAuthenticationInterceptor.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/interceptor/DefaultAuthenticationInterceptor.java
@@ -1,5 +1,8 @@
 package com.tencent.supersonic.auth.authentication.interceptor;

+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import com.tencent.supersonic.auth.api.authentication.annotation.AuthenticationIgnore;
 import com.tencent.supersonic.auth.api.authentication.config.AuthenticationConfig;
 import com.tencent.supersonic.auth.api.authentication.pojo.UserWithPassword;
@@ -14,8 +17,6 @@ import io.jsonwebtoken.Claims;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.web.method.HandlerMethod;

-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import java.lang.reflect.Method;
 import java.util.Optional;

--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/dataobject/UserTokenDO.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/dataobject/UserTokenDO.java
@@ -0,0 +1,25 @@
+package com.tencent.supersonic.auth.authentication.persistence.dataobject;
+
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+import lombok.Data;
+
+import java.util.Date;
+
+@Data
+@TableName("s2_user_token")
+public class UserTokenDO {
+    @TableId(type = IdType.AUTO)
+    Integer id;
+    String name;
+    String userName;
+    Long expireTime;
+    String token;
+    String salt;
+    Date createTime;
+    Date updateTime;
+    String createBy;
+    String updateBy;
+    Date expireDateTime;
+}
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/mapper/UserDOMapper.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/mapper/UserDOMapper.java
@@ -14,4 +14,6 @@ public interface UserDOMapper {

    /** @mbg.generated */
    List<UserDO> selectByExample(UserDOExample example);
+
+    void updateByPrimaryKey(UserDO userDO);
 }
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/mapper/UserTokenDOMapper.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/mapper/UserTokenDOMapper.java
@@ -0,0 +1,11 @@
+package com.tencent.supersonic.auth.authentication.persistence.mapper;
+
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.tencent.supersonic.auth.authentication.persistence.dataobject.UserTokenDO;
+import org.apache.ibatis.annotations.Mapper;
+
+@Mapper
+public interface UserTokenDOMapper extends BaseMapper<UserTokenDO> {
+
+}
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/repository/UserRepository.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/repository/UserRepository.java
@@ -1,6 +1,7 @@
 package com.tencent.supersonic.auth.authentication.persistence.repository;

 import com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO;
+import com.tencent.supersonic.auth.authentication.persistence.dataobject.UserTokenDO;

 import java.util.List;

@@ -10,5 +11,17 @@ public interface UserRepository {

    void addUser(UserDO userDO);

+    List<UserTokenDO> getUserTokenListByName(String userName);
+
    UserDO getUser(String name);
+
+    void updateUser(UserDO userDO);
+
+    void addUserToken(UserTokenDO userTokenDO);
+
+    UserTokenDO getUserToken(Long tokenId);
+
+    void deleteUserTokenByName(String userName);
+
+    void deleteUserToken(Long tokenId);
 }
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/repository/impl/UserRepositoryImpl.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/repository/impl/UserRepositoryImpl.java
@@ -1,8 +1,11 @@
 package com.tencent.supersonic.auth.authentication.persistence.repository.impl;

+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO;
 import com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDOExample;
+import com.tencent.supersonic.auth.authentication.persistence.dataobject.UserTokenDO;
 import com.tencent.supersonic.auth.authentication.persistence.mapper.UserDOMapper;
+import com.tencent.supersonic.auth.authentication.persistence.mapper.UserTokenDOMapper;
 import com.tencent.supersonic.auth.authentication.persistence.repository.UserRepository;
 import org.springframework.stereotype.Component;

@@ -14,8 +17,11 @@ public class UserRepositoryImpl implements UserRepository {

    private UserDOMapper userDOMapper;

-    public UserRepositoryImpl(UserDOMapper userDOMapper) {
+    private UserTokenDOMapper userTokenDOMapper;
+
+    public UserRepositoryImpl(UserDOMapper userDOMapper, UserTokenDOMapper userTokenDOMapper) {
        this.userDOMapper = userDOMapper;
+        this.userTokenDOMapper = userTokenDOMapper;
    }

    @Override
@@ -23,6 +29,11 @@ public class UserRepositoryImpl implements UserRepository {
        return userDOMapper.selectByExample(new UserDOExample());
    }

+    @Override
+    public void updateUser(UserDO userDO) {
+        userDOMapper.updateByPrimaryKey(userDO);
+    }
+
    @Override
    public void addUser(UserDO userDO) {
        userDOMapper.insert(userDO);
@@ -36,4 +47,33 @@ public class UserRepositoryImpl implements UserRepository {
        Optional<UserDO> userDOOptional = userDOS.stream().findFirst();
        return userDOOptional.orElse(null);
    }
+
+    @Override
+    public List<UserTokenDO> getUserTokenListByName(String userName) {
+        QueryWrapper<UserTokenDO> queryWrapper = new QueryWrapper<>();
+        queryWrapper.eq("user_name", userName);
+        return userTokenDOMapper.selectList(queryWrapper);
+    }
+
+    @Override
+    public void addUserToken(UserTokenDO userTokenDO) {
+        userTokenDOMapper.insert(userTokenDO);
+    }
+
+    @Override
+    public UserTokenDO getUserToken(Long tokenId) {
+        return userTokenDOMapper.selectById(tokenId);
+    }
+
+    @Override
+    public void deleteUserTokenByName(String userName) {
+        QueryWrapper<UserTokenDO> queryWrapper = new QueryWrapper<>();
+        queryWrapper.eq("user_name", userName);
+        userTokenDOMapper.delete(queryWrapper);
+    }
+
+    @Override
+    public void deleteUserToken(Long tokenId) {
+        userTokenDOMapper.deleteById(tokenId);
+    }
 }
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/rest/UserController.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/rest/UserController.java
@@ -4,7 +4,9 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import com.tencent.supersonic.auth.api.authentication.pojo.Organization;
+import com.tencent.supersonic.auth.api.authentication.pojo.UserToken;
 import com.tencent.supersonic.auth.api.authentication.request.UserReq;
+import com.tencent.supersonic.auth.api.authentication.request.UserTokenReq;
 import com.tencent.supersonic.auth.api.authentication.service.UserService;
 import com.tencent.supersonic.common.pojo.User;
 import lombok.extern.slf4j.Slf4j;
@@ -13,6 +15,7 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;

 import java.util.List;
@@ -69,4 +72,28 @@ public class UserController {
    public String login(@RequestBody UserReq userCmd, HttpServletRequest request) {
        return userService.login(userCmd, request);
    }
+
+    @PostMapping("/generateToken")
+    public UserToken generateToken(@RequestBody UserTokenReq userTokenReq,
+            HttpServletRequest request, HttpServletResponse response) {
+        User user = userService.getCurrentUser(request, response);
+        return userService.generateToken(userTokenReq.getName(), user.getName(),
+                userTokenReq.getExpireTime());
+    }
+
+    @GetMapping("/getUserTokens")
+    public List<UserToken> getUserTokens(HttpServletRequest request, HttpServletResponse response) {
+        User user = userService.getCurrentUser(request, response);
+        return userService.getUserTokens(user.getName());
+    }
+
+    @GetMapping("/getUserToken")
+    public UserToken getUserToken(@RequestParam(name = "tokenId") Long tokenId) {
+        return userService.getUserToken(tokenId);
+    }
+
+    @PostMapping("/deleteUserToken")
+    public void deleteUserToken(@RequestParam(name = "tokenId") Long tokenId) {
+        userService.deleteUserToken(tokenId);
+    }
 }
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/service/UserServiceImpl.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/service/UserServiceImpl.java
@@ -4,6 +4,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import com.tencent.supersonic.auth.api.authentication.pojo.Organization;
+import com.tencent.supersonic.auth.api.authentication.pojo.UserToken;
 import com.tencent.supersonic.auth.api.authentication.request.UserReq;
 import com.tencent.supersonic.auth.api.authentication.service.UserService;
 import com.tencent.supersonic.auth.api.authentication.utils.UserHolder;
@@ -79,4 +80,34 @@ public class UserServiceImpl implements UserService {
    public String login(UserReq userReq, String appKey) {
        return ComponentFactory.getUserAdaptor().login(userReq, appKey);
    }
+
+    @Override
+    public String getPassword(String userName) {
+        return ComponentFactory.getUserAdaptor().getPassword(userName);
+    }
+
+    @Override
+    public void resetPassword(String userName, String password, String newPassword) {
+        ComponentFactory.getUserAdaptor().resetPassword(userName, password, newPassword);
+    }
+
+    @Override
+    public UserToken generateToken(String name, String userName, long expireTime) {
+        return ComponentFactory.getUserAdaptor().generateToken(name, userName, expireTime);
+    }
+
+    @Override
+    public List<UserToken> getUserTokens(String userName) {
+        return ComponentFactory.getUserAdaptor().getUserTokens(userName);
+    }
+
+    @Override
+    public UserToken getUserToken(Long id) {
+        return ComponentFactory.getUserAdaptor().getUserToken(id);
+    }
+
+    @Override
+    public void deleteUserToken(Long id) {
+        ComponentFactory.getUserAdaptor().deleteUserToken(id);
+    }
 }
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/strategy/HttpHeaderUserStrategy.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/strategy/HttpHeaderUserStrategy.java
@@ -1,5 +1,8 @@
 package com.tencent.supersonic.auth.authentication.strategy;

+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import com.tencent.supersonic.auth.api.authentication.constant.UserConstants;
 import com.tencent.supersonic.auth.api.authentication.service.UserStrategy;
 import com.tencent.supersonic.auth.authentication.utils.TokenService;
@@ -7,8 +10,6 @@ import com.tencent.supersonic.common.pojo.User;
 import io.jsonwebtoken.Claims;
 import org.springframework.stereotype.Service;

-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import java.util.Optional;

@Service
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/utils/TokenService.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/utils/TokenService.java
@@ -1,6 +1,10 @@
 package com.tencent.supersonic.auth.authentication.utils;

+import javax.crypto.spec.SecretKeySpec;
+import javax.servlet.http.HttpServletRequest;
+
 import com.tencent.supersonic.auth.api.authentication.config.AuthenticationConfig;
+import com.tencent.supersonic.auth.api.authentication.pojo.UserWithPassword;
 import com.tencent.supersonic.common.pojo.exception.AccessException;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
@@ -9,14 +13,11 @@ import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Component;

-import javax.crypto.spec.SecretKeySpec;
-import javax.servlet.http.HttpServletRequest;
 import java.nio.charset.StandardCharsets;
 import java.util.Date;
 import java.util.Map;
 import java.util.Optional;

-import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_CREATE_TIME;
 import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_PREFIX;
 import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_USER_NAME;

@@ -32,33 +33,40 @@ public class TokenService {

    public String generateToken(Map<String, Object> claims, HttpServletRequest request) {
        String appKey = getAppKey(request);
-        return generateToken(claims, appKey);
+        long expiration = System.currentTimeMillis() + authenticationConfig.getTokenTimeout();
+        return generateToken(claims, appKey, expiration);
+    }
+
+    public String generateToken(Map<String, Object> claims, long expiration) {
+        String appKey = authenticationConfig.getTokenDefaultAppKey();
+        long exp = System.currentTimeMillis() + expiration;
+        return generateToken(claims, appKey, exp);
    }

    public String generateToken(Map<String, Object> claims, String appKey) {
-        return toTokenString(claims, appKey);
+        long expiration = System.currentTimeMillis() + authenticationConfig.getTokenTimeout();
+        return toTokenString(claims, appKey, expiration);
    }

-    private String toTokenString(Map<String, Object> claims, String appKey) {
-        Long tokenTimeout = authenticationConfig.getTokenTimeout();
-        long expiration = Long.parseLong(claims.get(TOKEN_CREATE_TIME) + "") + tokenTimeout;
-        Date expirationDate = new Date(expiration);
-        String tokenSecret = getTokenSecret(appKey);
-
-        return Jwts.builder().setClaims(claims).setSubject(claims.get(TOKEN_USER_NAME).toString())
-                .setExpiration(expirationDate)
-                .signWith(new SecretKeySpec(tokenSecret.getBytes(StandardCharsets.UTF_8),
-                        SignatureAlgorithm.HS512.getJcaName()), SignatureAlgorithm.HS512)
-                .compact();
+    public String generateToken(Map<String, Object> claims, String appKey, long expiration) {
+        return toTokenString(claims, appKey, expiration);
    }

-    private String getTokenSecret(String appKey) {
-        Map<String, String> appKeyToSecretMap = authenticationConfig.getAppKeyToSecretMap();
-        String secret = appKeyToSecretMap.get(appKey);
-        if (StringUtils.isBlank(secret)) {
-            throw new AccessException("get secret from appKey failed :" + appKey);
+    public String generateAppUserToken(HttpServletRequest request) {
+        String appName = request.getHeader("AppId");
+        if (StringUtils.isBlank(appName)) {
+            String message = "AppId is blank, get app_user failed";
+            log.warn("{}, uri: {}", message, request.getServletPath());
+            throw new AccessException(message);
        }
-        return secret;
+
+        UserWithPassword appUser = new UserWithPassword(appName);
+        appUser.setId(1L);
+        appUser.setName(appName);
+        appUser.setPassword("c3VwZXJzb25pY0BiaWNvbdktJJYWw6A3rEmBUPzbn/6DNeYnD+y3mAwDKEMS3KVT");
+        appUser.setDisplayName(appName);
+        appUser.setIsAdmin(0);
+        return generateToken(UserWithPassword.convert(appUser), request);
    }

    public Optional<Claims> getClaims(HttpServletRequest request) {
@@ -67,6 +75,17 @@ public class TokenService {
        return getClaims(token, appKey);
    }

+    private Optional<Claims> getClaims(String token, HttpServletRequest request) {
+        Optional<Claims> claims;
+        try {
+            String appKey = getAppKey(request);
+            claims = getClaims(token, appKey);
+        } catch (Exception e) {
+            throw new AccessException("parse user info from token failed :" + token);
+        }
+        return claims;
+    }
+
    public Optional<Claims> getClaims(String token, String appKey) {
        try {
            String tokenSecret = getTokenSecret(appKey);
@@ -86,6 +105,26 @@ public class TokenService {
                : token.trim();
    }

+    private String toTokenString(Map<String, Object> claims, String appKey, long expiration) {
+        Date expirationDate = new Date(expiration);
+        String tokenSecret = getTokenSecret(appKey);
+
+        return Jwts.builder().setClaims(claims).setSubject(claims.get(TOKEN_USER_NAME).toString())
+                .setExpiration(expirationDate)
+                .signWith(new SecretKeySpec(tokenSecret.getBytes(StandardCharsets.UTF_8),
+                        SignatureAlgorithm.HS512.getJcaName()), SignatureAlgorithm.HS512)
+                .compact();
+    }
+
+    private String getTokenSecret(String appKey) {
+        Map<String, String> appKeyToSecretMap = authenticationConfig.getAppKeyToSecretMap();
+        String secret = appKeyToSecretMap.get(appKey);
+        if (StringUtils.isBlank(secret)) {
+            throw new AccessException("get secret from appKey failed :" + appKey);
+        }
+        return secret;
+    }
+
    public String getAppKey(HttpServletRequest request) {
        String appKey = request.getHeader(authenticationConfig.getTokenHttpHeaderAppKey());
        if (StringUtils.isBlank(appKey)) {
@@ -93,4 +132,8 @@ public class TokenService {
        }
        return appKey;
    }
+
+    public String getDefaultAppKey() {
+        return authenticationConfig.getTokenDefaultAppKey();
+    }
 }
--- a/auth/authentication/src/main/resources/mapper/UserDOMapper.xml
+++ b/auth/authentication/src/main/resources/mapper/UserDOMapper.xml
@@ -122,4 +122,29 @@
      <include refid="Example_Where_Clause" />
    </if>
  </select>
+
+  <update id="updateByPrimaryKey" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO">
+    update s2_user
+    <set>
+      <if test="name != null">
+        name = #{name,jdbcType=VARCHAR},
+      </if>
+      <if test="password != null">
+        password = #{password,jdbcType=VARCHAR},
+      </if>
+      <if test="salt != null">
+        salt = #{salt,jdbcType=VARCHAR},
+      </if>
+      <if test="displayName != null">
+        display_name = #{displayName,jdbcType=VARCHAR},
+      </if>
+      <if test="email != null">
+        email = #{email,jdbcType=VARCHAR},
+      </if>
+      <if test="isAdmin != null">
+        is_admin = #{isAdmin,jdbcType=INTEGER},
+      </if>
+    </set>
+    where id = #{id,jdbcType=BIGINT}
+  </update>
 </mapper>
--- a/auth/authentication/src/main/resources/mapper/UserTokenDOMapper.xml
+++ b/auth/authentication/src/main/resources/mapper/UserTokenDOMapper.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.tencent.supersonic.auth.authentication.persistence.mapper.UserTokenDOMapper">
+  <resultMap id="BaseResultMap" type="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserTokenDO">
+    <result column="id" jdbcType="BIGINT" property="id" />
+    <result column="name" jdbcType="VARCHAR" property="name" />
+    <result column="token" jdbcType="VARCHAR" property="token" />
+    <result column="expire_time" jdbcType="TIMESTAMP" property="expireTime" />
+    <result column="create_time" jdbcType="TIMESTAMP" property="createTime" />
+  </resultMap>
+
+
+
+</mapper>