refactor: 拆分出认证服务

aioj-backend-auth/pom.xml

@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>cn.meowrain</groupId>
+        <artifactId>ai-oj</artifactId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>aioj-backend-auth</artifactId>
+
+    <properties>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <dependencies>
+
+        <!--        spring cloud发现服务-->
+        <dependency>
+            <groupId>com.alibaba.cloud</groupId>
+            <artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
+        </dependency>
+        <!-- OAuth2 Client -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-client</artifactId>
+        </dependency>
+        <!-- Spring Security -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-devtools</artifactId>
+            <scope>runtime</scope>
+            <optional>true</optional>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <!--JWT-->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>0.13.0</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>0.13.0</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>0.13.0</version>
+            <scope>runtime</scope>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/com.github.xiaoymin/knife4j-openapi3-jakarta-spring-boot-starter -->
+        <dependency>
+            <groupId>com.github.xiaoymin</groupId>
+            <artifactId>knife4j-openapi3-jakarta-spring-boot-starter</artifactId>
+        </dependency>
+        <!--
+        引用通用模块
+        -->
+        <dependency>
+            <groupId>cn.meowrain</groupId>
+            <artifactId>aioj-backend-common</artifactId>
+            <version>1.0-SNAPSHOT</version>
+            <scope>compile</scope>
+        </dependency>
+        <!--引入openfeign-->
+        <!-- https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-starter-openfeign -->
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-openfeign</artifactId>
+            <version>4.3.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-loadbalancer</artifactId>
+            <version>4.3.0</version>
+        </dependency>
+    </dependencies>
+</project>

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/AIOJAuthApplication.java

@@ -0,0 +1,13 @@
+package cn.meowrain.aioj.backend.auth;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.openfeign.EnableFeignClients;
+
+@EnableFeignClients(basePackages = "cn.meowrain.aioj.backend.auth.clients")
+@SpringBootApplication
+public class AIOJAuthApplication {
+    public static void main(String[] args) {
+        SpringApplication.run(AIOJAuthApplication.class, args);
+    }
+}

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/clients/UserClient.java

@@ -0,0 +1,13 @@
+package cn.meowrain.aioj.backend.auth.clients;
+
+import cn.meowrain.aioj.backend.auth.dto.resp.UserAuthRespDTO;
+import cn.meowrain.aioj.backend.framework.web.Result;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+@FeignClient(name = "user-service", path = "/api/v1/user")
+public interface UserClient {
+    @GetMapping("/inner/get-by-username")
+    Result<UserAuthRespDTO> getUserByUserName(@RequestParam("userAccount") String userAccount);
+}

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/common/enums/ChainMarkEnums.java

@@ -0,0 +1,20 @@
+package cn.meowrain.aioj.backend.auth.common.enums;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+
+@RequiredArgsConstructor
+public enum ChainMarkEnums {
+    /**
+     * 用户登录请求验证
+     */
+    USER_LOGIN_REQ_PARAM_VERIFY("USER_LOGIN_REQ_PARAM_VERIFY");
+
+    @Getter
+    private final String markName;
+
+    @Override
+    public String toString() {
+        return markName;
+    }
+}

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/config/JwtPropertiesConfiguration.java

@@ -0,0 +1,21 @@
+package cn.meowrain.aioj.backend.auth.config;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+@Component
+@Data
+@ConfigurationProperties(value = JwtPropertiesConfiguration.PREFIX)
+public class JwtPropertiesConfiguration {
+    public static final String PREFIX = "jwt";
+    /**
+     * JWT 密钥（必须 32 字节以上）
+     */
+    private String secret;
+
+    /**
+     * 过期时间（单位：毫秒）
+     */
+    private Long expire;
+}

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/config/SecurityConfiguration.java

@@ -0,0 +1,47 @@
+package cn.meowrain.aioj.backend.auth.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfiguration {
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+                .csrf(csrf -> csrf.disable())
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests(auth -> auth
+                        .requestMatchers(
+                                "/v1/auth/**",
+                                "/doc.html",
+                                "/swagger-ui/**",
+                                "/swagger-resources/**",
+                                "/webjars/**",
+                                "/v3/api-docs/**",
+                                "/favicon.ico"
+                        )
+                        .permitAll()
+                        .anyRequest().authenticated());
+        return http.build();
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
+        return configuration.getAuthenticationManager();
+    }
+}

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/config/SwaggerConfiguration.java

@@ -0,0 +1,38 @@
+package cn.meowrain.aioj.backend.auth.config;
+
+import com.github.xiaoymin.knife4j.spring.annotations.EnableKnife4j;
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Contact;
+import io.swagger.v3.oas.models.info.Info;
+import io.swagger.v3.oas.models.info.License;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.ApplicationArguments;
+import org.springframework.boot.ApplicationRunner;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Slf4j
+@Configuration
+@EnableKnife4j
+public class SwaggerConfiguration implements ApplicationRunner {
+    @Value("${server.port:8080}")
+    private String serverPort;
+    @Value("${server.servlet.context-path:}")
+    private String contextPath;
+
+    @Bean
+    public OpenAPI customerOpenAPI() {
+        return new OpenAPI()
+                .info(new Info()
+                        .title("AIOJ-renz微服务✨")
+                        .description("用户认证功能")
+                        .version("v1.0.0")
+                        .contact(new Contact().name("meowrain").email("meowrain@126.com"))
+                        .license(new License().name("MeowRain").url("https://meowrain.cn")));
+    }
+    @Override
+    public void run(ApplicationArguments args) throws Exception {
+        log.info("✨API Document: http://127.0.0.1:{}{}/doc.html", serverPort, contextPath);
+    }
+}

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/controller/AuthController.java

@@ -0,0 +1,35 @@
+package cn.meowrain.aioj.backend.auth.controller;
+
+import cn.meowrain.aioj.backend.auth.dto.req.UserLoginRequestDTO;
+import cn.meowrain.aioj.backend.auth.dto.resp.UserLoginResponseDTO;
+import cn.meowrain.aioj.backend.auth.service.AuthService;
+import cn.meowrain.aioj.backend.framework.web.Results;
+import cn.meowrain.aioj.backend.framework.web.Result;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/v1/auth")
+public class AuthController {
+
+    private final AuthService authService;
+
+    public AuthController(AuthService authService) {
+        this.authService = authService;
+    }
+
+    @PostMapping("/login")
+    public Result<UserLoginResponseDTO> login(@RequestBody UserLoginRequestDTO userLoginRequest) {
+        UserLoginResponseDTO userLoginResponse = authService.userLogin(userLoginRequest);
+        return Results.success(userLoginResponse);
+
+    }
+
+    @PostMapping("/auth")
+    public Result<String> auth(@RequestBody UserLoginRequestDTO userLoginRequest) {
+        UserLoginResponseDTO userLoginResponseDTO = authService.userLogin(userLoginRequest);
+        return Results.success(userLoginResponseDTO.getToken());
+    }
+}

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/dto/chains/UserLoginRequestParamVerifyChain.java

@@ -0,0 +1,37 @@
+package cn.meowrain.aioj.backend.auth.dto.chains;
+
+import cn.meowrain.aioj.backend.auth.common.enums.ChainMarkEnums;
+import cn.meowrain.aioj.backend.auth.dto.req.UserLoginRequestDTO;
+import cn.meowrain.aioj.backend.framework.designpattern.chains.AbstractChianHandler;
+import cn.meowrain.aioj.backend.framework.errorcode.ErrorCode;
+import cn.meowrain.aioj.backend.framework.exception.ClientException;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.stereotype.Component;
+
+@Component
+@Slf4j
+public class UserLoginRequestParamVerifyChain implements AbstractChianHandler<UserLoginRequestDTO> {
+    @Override
+    public void handle(UserLoginRequestDTO requestParam) {
+        if (StringUtils.isAnyBlank(requestParam.getUserAccount(), requestParam.getUserPassword())) {
+            throw new ClientException("参数为空", ErrorCode.PARAMS_ERROR);
+        }
+        if (requestParam.getUserAccount().length() < 4) {
+            throw new ClientException("账号长度不小于4位", ErrorCode.PARAMS_ERROR);
+        }
+        if (requestParam.getUserPassword().length() < 8) {
+            throw new ClientException("密码长度不小于8位", ErrorCode.PARAMS_ERROR);
+        }
+    }
+
+    @Override
+    public String mark() {
+        return ChainMarkEnums.USER_LOGIN_REQ_PARAM_VERIFY.getMarkName();
+    }
+
+    @Override
+    public int getOrder() {
+        return 10;
+    }
+}

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/dto/chains/context/UserLoginRequestParamVerifyContext.java

@@ -0,0 +1,9 @@
+package cn.meowrain.aioj.backend.auth.dto.chains.context;
+
+import cn.meowrain.aioj.backend.auth.dto.req.UserLoginRequestDTO;
+import cn.meowrain.aioj.backend.framework.designpattern.chains.CommonChainContext;
+import org.springframework.stereotype.Component;
+
+@Component
+public class UserLoginRequestParamVerifyContext extends CommonChainContext<UserLoginRequestDTO> {
+}

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/dto/req/UserLoginRequestDTO.java

@@ -0,0 +1,9 @@
+package cn.meowrain.aioj.backend.auth.dto.req;
+
+import lombok.Data;
+
+@Data
+public class UserLoginRequestDTO {
+    private String userAccount;
+    private String userPassword;
+}

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/dto/resp/UserAuthRespDTO.java

@@ -0,0 +1,68 @@
+package cn.meowrain.aioj.backend.auth.dto.resp;
+
+import lombok.Data;
+
+import java.util.Date;
+
+/**
+ * 用户认证响应体
+ */
+@Data
+public class UserAuthRespDTO {
+
+    /**
+     * id
+     */
+    private Long id;
+
+    /**
+     * 用户账号
+     */
+    private String userAccount;
+    /**
+     * 用户密码
+     */
+    private String userPassword;
+
+    /**
+     * 开放平台id
+     */
+    private String unionId;
+
+    /**
+     * 公众号openId
+     */
+    private String mpOpenId;
+
+    /**
+     * 用户昵称
+     */
+    private String userName;
+
+    /**
+     * 用户头像
+     */
+    private String userAvatar;
+
+    /**
+     * 用户简介
+     */
+    private String userProfile;
+
+    /**
+     * 用户角色：user/admin/ban
+     */
+    private String userRole;
+
+    /**
+     * 创建时间
+     */
+    private Date createTime;
+
+    /**
+     * 更新时间
+     */
+    private Date updateTime;
+
+
+}

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/dto/resp/UserLoginResponseDTO.java

@@ -0,0 +1,73 @@
+package cn.meowrain.aioj.backend.auth.dto.resp;
+
+import lombok.Data;
+
+import java.io.Serializable;
+import java.util.Date;
+
+@Data
+public class UserLoginResponseDTO implements Serializable {
+    /**
+     * id
+     */
+    private Long id;
+
+    /**
+     * 用户账号
+     */
+    private String userAccount;
+
+    /**
+     * 开放平台id
+     */
+    private String unionId;
+
+    /**
+     * 公众号openId
+     */
+    private String mpOpenId;
+
+    /**
+     * 用户昵称
+     */
+    private String userName;
+
+    /**
+     * 用户头像
+     */
+    private String userAvatar;
+
+    /**
+     * 用户简介
+     */
+    private String userProfile;
+
+    /**
+     * 用户角色：user/admin/ban
+     */
+    private String userRole;
+
+    /**
+     * 创建时间
+     */
+    private Date createTime;
+
+    /**
+     * 更新时间
+     */
+    private Date updateTime;
+
+    /**
+     * 是否删除
+     */
+
+    private Integer isDelete;
+
+
+    /**
+     * JWT令牌（登录成功返回）
+     */
+    private String token;
+
+    private static final long serialVersionUID = 1L;
+}

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/service/AuthService.java

@@ -0,0 +1,14 @@
+package cn.meowrain.aioj.backend.auth.service;
+
+import cn.meowrain.aioj.backend.auth.dto.req.UserLoginRequestDTO;
+import cn.meowrain.aioj.backend.auth.dto.resp.UserLoginResponseDTO;
+
+public interface AuthService {
+    /**
+     * 用户登录
+     * @param request {@link UserLoginRequestDTO}
+     * @return {@link UserLoginResponseDTO}
+     */
+    UserLoginResponseDTO userLogin(UserLoginRequestDTO request);
+
+}

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/service/impl/AuthServiceImpl.java

@@ -0,0 +1,58 @@
+package cn.meowrain.aioj.backend.auth.service.impl;
+
+import cn.hutool.core.util.ObjectUtil;
+import cn.hutool.crypto.digest.BCrypt;
+import cn.meowrain.aioj.backend.auth.clients.UserClient;
+import cn.meowrain.aioj.backend.auth.common.enums.ChainMarkEnums;
+import cn.meowrain.aioj.backend.auth.dto.chains.context.UserLoginRequestParamVerifyContext;
+import cn.meowrain.aioj.backend.auth.dto.req.UserLoginRequestDTO;
+import cn.meowrain.aioj.backend.auth.dto.resp.UserAuthRespDTO;
+import cn.meowrain.aioj.backend.auth.dto.resp.UserLoginResponseDTO;
+import cn.meowrain.aioj.backend.auth.service.AuthService;
+import cn.meowrain.aioj.backend.auth.utils.JwtUtil;
+import cn.meowrain.aioj.backend.framework.errorcode.ErrorCode;
+import cn.meowrain.aioj.backend.framework.exception.ServiceException;
+import cn.meowrain.aioj.backend.framework.web.Result;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+@Slf4j
+public class AuthServiceImpl implements AuthService {
+    private final JwtUtil jwtUtil;
+    private final UserLoginRequestParamVerifyContext userLoginRequestParamVerifyContext;
+    private final UserClient userClient;
+
+    @Override
+    public UserLoginResponseDTO userLogin(UserLoginRequestDTO requestParam) {
+        // 1.校验
+        userLoginRequestParamVerifyContext.handler(ChainMarkEnums.USER_LOGIN_REQ_PARAM_VERIFY.getMarkName(),
+                requestParam);
+        // 如果调用user-service失败，那么就说明是系统内部错误
+        Result<UserAuthRespDTO> userResp = userClient.getUserByUserName(requestParam.getUserAccount());
+        if (userResp.isFail()) {
+            log.error("调用user-service返回失败：{}", userResp.getMessage());
+            throw new ServiceException(ErrorCode.SYSTEM_ERROR);
+        }
+        UserAuthRespDTO user = userResp.getData();
+
+        if (ObjectUtil.isNull(user)
+                || !BCrypt.checkpw(requestParam.getUserPassword(), user.getUserPassword())) {
+            throw new ServiceException("用户不存在或者密码错误", ErrorCode.NOT_LOGIN_ERROR);
+        }
+        // 生成 JWT
+        String token = jwtUtil.generateToken(user);
+        UserLoginResponseDTO resp = new UserLoginResponseDTO();
+        resp.setId(user.getId());
+        resp.setUserAccount(user.getUserAccount());
+        resp.setUserAvatar(user.getUserAvatar());
+        resp.setUserProfile(user.getUserProfile());
+        resp.setUserRole(user.getUserRole());
+        resp.setCreateTime(user.getCreateTime());
+        resp.setUpdateTime(user.getUpdateTime());
+        resp.setToken(token);
+        return resp;
+    }
+}

aioj-backend-auth/src/main/java/cn/meowrain/aioj/backend/auth/utils/JwtUtil.java

@@ -0,0 +1,59 @@
+package cn.meowrain.aioj.backend.auth.utils;
+
+import cn.meowrain.aioj.backend.auth.config.JwtPropertiesConfiguration;
+import cn.meowrain.aioj.backend.auth.dto.resp.UserAuthRespDTO;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.SecretKey;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * JWT工具类
+ */
+@RequiredArgsConstructor
+@Component
+public class JwtUtil {
+    private final JwtPropertiesConfiguration jwtConfig;
+
+    private SecretKey getSigningKey() {
+        return Keys.hmacShaKeyFor(jwtConfig.getSecret().getBytes());
+    }
+
+    public String generateToken(UserAuthRespDTO user) {
+        long now = System.currentTimeMillis();
+        Map<String, Object> claims = new HashMap<>();
+        claims.put("userId", user.getId());
+        claims.put("role", user.getUserRole());
+        return Jwts.builder()
+                .subject(user.getUserAccount())
+                .issuedAt(new Date(now))
+                .expiration(new Date(now + jwtConfig.getExpire()))
+                .claims(claims)
+                .signWith(getSigningKey(), Jwts.SIG.HS256)
+                .compact();
+    }
+
+    public Claims parseClaims(String token) {
+        return Jwts.parser()
+                .verifyWith(getSigningKey())
+                .build()
+                .parseSignedClaims(token)
+                .getPayload();
+    }
+
+    public boolean isTokenValid(String token) {
+        try {
+            Claims claims = parseClaims(token);
+            Date expiration = claims.getExpiration();
+            return expiration != null && expiration.after(new Date());
+        } catch (Exception e) {
+            return false;
+        }
+    }
+}

aioj-backend-auth/src/main/resources/application-dev.yml

@@ -0,0 +1,9 @@
+spring:
+  cloud:
+    nacos:
+      discovery:
+        enabled: true
+        register-enabled: true
+        server-addr: 10.0.0.10:8848
+        username: nacos
+        password: nacos

aioj-backend-auth/src/main/resources/application.yml

@@ -0,0 +1,37 @@
+spring:
+  application:
+    name: auth-service
+  profiles:
+    active: @env@
+  devtools:
+    livereload:
+      enabled: true
+server:
+  port: 10011
+  servlet:
+    context-path: /api
+springdoc:
+  api-docs:
+    enabled: true
+    path: /v3/api-docs
+  default-flat-param-object: true
+  swagger-ui:
+    path: /swagger-ui.html
+    tags-sorter: alpha
+    operations-sorter: alpha
+  group-configs:
+    - group: 'default'
+      paths-to-match: '/**'
+      packages-to-scan: cn.meowrain.aioj.backend.userservice.controller
+knife4j:
+  basic:
+    enable: true
+  setting:
+    language: zh_cn
+mybatis-plus:
+  configuration:
+    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
+  mapper-locations: classpath*:/mapper/**/*.xml
+jwt:
+  secret: "12345678901234567890123456789012"  # 至少32字节！！
+  expire: 86400000   # 24小时（单位：毫秒）