(improvement)(common|headless|chat|auth) 鉴权优化与召回优化

1 修复生成的用户token 一生成就失效的问题
2 如果用户设置的token ，需校验是否数据库存在，因为用户可设置一年的token 有泄露风险
3 结果解析优化， 去除不可以解析的情况，解析问题需要改写后的问，
4 召回样例，用相似度，保住至少有一个样例是高相似度的
5 数据集召回，填加完全匹配格式筛选逻辑

auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/adaptor/DefaultUserAdaptor.java

@@ -222,8 +222,9 @@ public class DefaultUserAdaptor implements UserAdaptor {
                 new UserWithPassword(userDO.getId(), userDO.getName(), userDO.getDisplayName(),
                         userDO.getEmail(), userDO.getPassword(), userDO.getIsAdmin());
 
+        // 使用令牌名称作为生成key ，这样可以区分正常请求和api 请求，api 的令牌失效时间很长，需考虑令牌泄露的情况
         String token =
-                tokenService.generateToken(UserWithPassword.convert(userWithPassword), expireTime);
+                tokenService.generateToken(UserWithPassword.convert(userWithPassword),"SysDbToken:"+name, (new Date().getTime() + expireTime));
         UserTokenDO userTokenDO = saveUserToken(name, userName, token, expireTime);
         return convertUserToken(userTokenDO);
     }

auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/utils/TokenService.java

@@ -6,7 +6,10 @@ import javax.crypto.spec.SecretKeySpec;
 
 import com.tencent.supersonic.auth.api.authentication.config.AuthenticationConfig;
 import com.tencent.supersonic.auth.api.authentication.pojo.UserWithPassword;
+import com.tencent.supersonic.auth.authentication.persistence.dataobject.UserTokenDO;
+import com.tencent.supersonic.auth.authentication.persistence.repository.UserRepository;
 import com.tencent.supersonic.common.pojo.exception.AccessException;
+import com.tencent.supersonic.common.util.ContextUtils;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
@@ -71,6 +74,7 @@ public class TokenService {
         return generateToken(UserWithPassword.convert(appUser), request);
     }
 
+
     public Optional<Claims> getClaims(HttpServletRequest request) {
         String token = request.getHeader(authenticationConfig.getTokenHttpHeaderKey());
         String appKey = getAppKey(request);
@@ -90,6 +94,13 @@ public class TokenService {
 
     public Optional<Claims> getClaims(String token, String appKey) {
         try {
+            if(StringUtils.isNotBlank(appKey)&&appKey.startsWith("SysDbToken:")) {// 如果是配置的长期令牌，需校验数据库是否存在该配置
+                UserRepository userRepository = ContextUtils.getBean(UserRepository.class);
+                UserTokenDO dbToken= userRepository.getUserTokenByName(appKey.substring("SysDbToken:".length()));
+                if(dbToken==null||!dbToken.getToken().equals(token.replace("Bearer ",""))) {
+                    throw new AccessException("Token does not exist :" + appKey);
+                }
+            }
             String tokenSecret = getTokenSecret(appKey);
             Claims claims =
                     Jwts.parser().setSigningKey(tokenSecret.getBytes(StandardCharsets.UTF_8))
@@ -122,6 +133,16 @@ public class TokenService {
         Map<String, String> appKeyToSecretMap = authenticationConfig.getAppKeyToSecretMap();
         String secret = appKeyToSecretMap.get(appKey);
         if (StringUtils.isBlank(secret)) {
+            if(StringUtils.isNotBlank(appKey)&&appKey.startsWith("SysDbToken:")) { // 是配置的长期令牌
+                String realAppKey=appKey.substring("SysDbToken:".length());
+                String tmp = "WIaO9YRRVt+7QtpPvyWsARFngnEcbaKBk783uGFwMrbJBaochsqCH62L4Kijcb0sZCYoSsiKGV/zPml5MnZ3uQ==";
+                if(tmp.length()<=realAppKey.length()) {
+                    return realAppKey;
+                }
+                else{
+                    return realAppKey+tmp.substring(realAppKey.length());
+                }
+            }
             throw new AccessException("get secret from appKey failed :" + appKey);
         }
         return secret;