(improvement)(common|headless|chat|auth) 鉴权优化与召回优化

1 修复生成的用户token 一生成就失效的问题 2 如果用户设置的token ，需校验是否数据库存在，因为用户可设置一年的token 有泄露风险 3 结果解析优化，去除不可以解析的情况，解析问题需要改写后的问， 4 召回样例，用相似度，保住至少有一个样例是高相似度的 5 数据集召回，填加完全匹配格式筛选逻辑
2025-12-10 19:51:00 +00:00 · 2025-06-23 10:03:17 +08:00
parent 7e6639df83
commit 1faf84e372
10 changed files with 36 additions and 23 deletions
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/adaptor/DefaultUserAdaptor.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/adaptor/DefaultUserAdaptor.java
@@ -19,6 +19,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.BeanUtils;

 import java.sql.Timestamp;
+import java.util.Date;
 import java.util.List;
 import java.util.Optional;
 import java.util.Set;
@@ -223,8 +224,8 @@ public class DefaultUserAdaptor implements UserAdaptor {
                        userDO.getEmail(), userDO.getPassword(), userDO.getIsAdmin());

        // 使用令牌名称作为生成key ，这样可以区分正常请求和api 请求，api 的令牌失效时间很长，需考虑令牌泄露的情况
-        String token =
-                tokenService.generateToken(UserWithPassword.convert(userWithPassword),"SysDbToken:"+name, (new Date().getTime() + expireTime));
+        String token = tokenService.generateToken(UserWithPassword.convert(userWithPassword),
+                "SysDbToken:" + name, (new Date().getTime() + expireTime));
        UserTokenDO userTokenDO = saveUserToken(name, userName, token, expireTime);
        return convertUserToken(userTokenDO);
    }
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/repository/UserRepository.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/repository/UserRepository.java
@@ -21,6 +21,8 @@ public interface UserRepository {

    UserTokenDO getUserToken(Long tokenId);

+    UserTokenDO getUserTokenByName(String tokenName);
+
    void deleteUserTokenByName(String userName);

    void deleteUserToken(Long tokenId);
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/repository/impl/UserRepositoryImpl.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/repository/impl/UserRepositoryImpl.java
@@ -65,6 +65,13 @@ public class UserRepositoryImpl implements UserRepository {
        return userTokenDOMapper.selectById(tokenId);
    }

+    @Override
+    public UserTokenDO getUserTokenByName(String tokenName) {
+        QueryWrapper<UserTokenDO> queryWrapper = new QueryWrapper<>();
+        queryWrapper.lambda().eq(UserTokenDO::getName, tokenName);
+        return userTokenDOMapper.selectOne(queryWrapper);
+    }
+
    @Override
    public void deleteUserTokenByName(String userName) {
        QueryWrapper<UserTokenDO> queryWrapper = new QueryWrapper<>();
--- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/utils/TokenService.java
+++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/utils/TokenService.java
@@ -94,10 +94,11 @@ public class TokenService {

    public Optional<Claims> getClaims(String token, String appKey) {
        try {
-            if(StringUtils.isNotBlank(appKey)&&appKey.startsWith("SysDbToken:")) {// 如果是配置的长期令牌，需校验数据库是否存在该配置
+            if (StringUtils.isNotBlank(appKey) && appKey.startsWith("SysDbToken:")) {// 如果是配置的长期令牌，需校验数据库是否存在该配置
                UserRepository userRepository = ContextUtils.getBean(UserRepository.class);
-                UserTokenDO dbToken= userRepository.getUserTokenByName(appKey.substring("SysDbToken:".length()));
-                if(dbToken==null||!dbToken.getToken().equals(token.replace("Bearer ",""))) {
+                UserTokenDO dbToken =
+                        userRepository.getUserTokenByName(appKey.substring("SysDbToken:".length()));
+                if (dbToken == null || !dbToken.getToken().equals(token.replace("Bearer ", ""))) {
                    throw new AccessException("Token does not exist :" + appKey);
                }
            }
@@ -133,14 +134,14 @@ public class TokenService {
        Map<String, String> appKeyToSecretMap = authenticationConfig.getAppKeyToSecretMap();
        String secret = appKeyToSecretMap.get(appKey);
        if (StringUtils.isBlank(secret)) {
-            if(StringUtils.isNotBlank(appKey)&&appKey.startsWith("SysDbToken:")) { // 是配置的长期令牌
-                String realAppKey=appKey.substring("SysDbToken:".length());
-                String tmp = "WIaO9YRRVt+7QtpPvyWsARFngnEcbaKBk783uGFwMrbJBaochsqCH62L4Kijcb0sZCYoSsiKGV/zPml5MnZ3uQ==";
-                if(tmp.length()<=realAppKey.length()) {
+            if (StringUtils.isNotBlank(appKey) && appKey.startsWith("SysDbToken:")) { // 是配置的长期令牌
+                String realAppKey = appKey.substring("SysDbToken:".length());
+                String tmp =
+                        "WIaO9YRRVt+7QtpPvyWsARFngnEcbaKBk783uGFwMrbJBaochsqCH62L4Kijcb0sZCYoSsiKGV/zPml5MnZ3uQ==";
+                if (tmp.length() <= realAppKey.length()) {
                    return realAppKey;
-                }
-                else{
-                    return realAppKey+tmp.substring(realAppKey.length());
+                } else {
+                    return realAppKey + tmp.substring(realAppKey.length());
                }
            }
            throw new AccessException("get secret from appKey failed :" + appKey);