upgrade login token (#38)

* upgrade login token

Co-authored-by: guoyonggang <guoyonggang@baidu.com>

hugegraph-api/src/main/java/com/baidu/hugegraph/api/auth/LoginAPI.java

@@ -29,7 +29,6 @@
 import javax.ws.rs.NotAuthorizedException;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.HttpHeaders;
@@ -71,8 +70,9 @@ public String login(@Context GraphManager manager,
         checkCreatingBody(jsonLogin);
 
         try {
-            String token = manager.authManager()
-                                  .loginUser(jsonLogin.name, jsonLogin.password);
+            String token = manager.authManager().loginUser(jsonLogin.name,
+                                                           jsonLogin.password,
+                                                           jsonLogin.expire);
             HugeGraph g = graph(manager, SYSTEM_GRAPH);
             return manager.serializer(g)
                           .writeMap(ImmutableMap.of("token", token));
@@ -140,6 +140,8 @@ private static class JsonLogin implements Checkable {
         private String name;
         @JsonProperty("user_password")
         private String password;
+        @JsonProperty("token_expire")
+        private long expire;
 
         @Override
         public void checkCreate(boolean isBatch) {
@@ -153,6 +155,10 @@ public void checkCreate(boolean isBatch) {
                             "The password is 5-16 characters, " +
                             "which can be letters, numbers or " +
                             "special symbols");
+            E.checkArgument(this.expire >= 0 &&
+                            this.expire <= Long.MAX_VALUE,
+                            "The token_expire should be in " +
+                            "[0, Long.MAX_VALUE]");
         }
 
         @Override

hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeGraphAuthProxy.java

@@ -119,7 +119,7 @@ public final class HugeGraphAuthProxy implements HugeGraph {
     public HugeGraphAuthProxy(HugeGraph hugegraph) {
         LOG.info("Wrap graph '{}' with HugeGraphAuthProxy", hugegraph.name());
         HugeConfig config = (HugeConfig) hugegraph.configuration();
-        long expired = config.get(AuthOptions.AUTH_CACHE_EXPIRE);
+        long expired = config.get(AuthOptions.AUTH_PROXY_CACHE_EXPIRE);
         long capacity = config.get(AuthOptions.AUTH_CACHE_CAPACITY);
 
         this.hugegraph = hugegraph;
@@ -1503,9 +1503,10 @@ public UserWithRole validateUser(String token) {
         }
 
         @Override
-        public String loginUser(String username, String password) {
+        public String loginUser(String username, String password,
+                                long expire) {
             try {
-                return this.authManager.loginUser(username, password);
+                return this.authManager.loginUser(username, password, expire);
             } catch (AuthenticationException e) {
                 throw new NotAuthorizedException(e.getMessage(), e);
             }

hugegraph-core/src/main/java/com/baidu/hugegraph/auth/AuthManager.java

@@ -82,7 +82,8 @@ public interface AuthManager {
     public HugeUser matchUser(String name, String password);
     public RolePermission rolePermission(AuthElement element);
 
-    public String loginUser(String username, String password)
+    public String loginUser(String username, String password,
+                            long expire)
                             throws AuthenticationException;
     public void logoutUser(String token);
 

hugegraph-core/src/main/java/com/baidu/hugegraph/auth/StandardAuthManager.java

@@ -655,7 +655,8 @@ private RolePermission rolePermission(HugeTarget target) {
     }
 
     @Override
-    public String loginUser(String username, String password)
+    public String loginUser(String username, String password,
+                            long expire)
                             throws AuthenticationException {
         HugeUser user = this.matchUser(username, password);
         if (user == null) {
@@ -667,8 +668,8 @@ public String loginUser(String username, String password)
                                                  username,
                                                  AuthConstant.TOKEN_USER_ID,
                                                  user.id.asString());
-        String token = this.tokenGenerator.create(payload, this.tokenExpire);
-
+        expire = expire == 0L ? this.tokenExpire : expire;
+        String token = this.tokenGenerator.create(payload, expire * 1000);
         this.tokenCache.update(IdGenerator.of(token), username);
         return token;
     }
@@ -691,10 +692,9 @@ public UserWithRole validateUser(String username, String password) {
     public UserWithRole validateUser(String token) {
         String username = this.tokenCache.get(IdGenerator.of(token));
 
-        Claims payload = null;
+        Claims payload = this.tokenGenerator.verify(token);
         boolean needBuildCache = false;
         if (username == null) {
-            payload = this.tokenGenerator.verify(token);
             username = (String) payload.get(AuthConstant.TOKEN_USER_NAME);
             needBuildCache = true;
         }

hugegraph-core/src/main/java/com/baidu/hugegraph/config/AuthOptions.java

@@ -108,9 +108,18 @@ public static synchronized AuthOptions instance() {
             new ConfigOption<>(
                     "auth.cache_expire",
                     "The expiration time in seconds of auth cache in " +
-                    "auth client and auth server.",
+                    "auth server.",
                     rangeInt(0L, Long.MAX_VALUE),
-                    (60 * 10L)
+                    (10 * 60L)
+            );
+
+    public static final ConfigOption<Long> AUTH_PROXY_CACHE_EXPIRE =
+            new ConfigOption<>(
+                    "auth.proxy_cache_expire",
+                    "The expiration time in seconds of auth cache in " +
+                    "auth client.",
+                    rangeInt(0L, Long.MAX_VALUE),
+                    (1 * 60L)
             );
 
     public static final ConfigOption<Long> AUTH_CACHE_CAPACITY =

hugegraph-test/src/main/java/com/baidu/hugegraph/core/AuthTest.java

@@ -1292,11 +1292,11 @@ public void testLogin() throws AuthenticationException {
         authManager.createUser(user);
 
         // Login
-        authManager.loginUser("test", "pass");
+        authManager.loginUser("test", "pass", 0);
 
         // Invalid username or password
         Assert.assertThrows(AuthenticationException.class, () -> {
-            authManager.loginUser("huge", "graph");
+            authManager.loginUser("huge", "graph", 0);
         }, e -> {
             Assert.assertContains("Incorrect username or password", e.getMessage());
         });
@@ -1309,7 +1309,7 @@ public void testValidateUserByToken() throws AuthenticationException {
         HugeUser user = makeUser("test", StringEncoding.hashPassword("pass"));
         Id userId = authManager.createUser(user);
 
-        String token = authManager.loginUser("test", "pass");
+        String token = authManager.loginUser("test", "pass", 0);
 
         UserWithRole userWithRole;
         userWithRole = authManager.validateUser(token);
@@ -1345,7 +1345,7 @@ public void testLogout() throws AuthenticationException {
         Id userId = authManager.createUser(user);
 
         // Login
-        String token = authManager.loginUser("test", "pass");
+        String token = authManager.loginUser("test", "pass", 0);
 
         // Logout
         Cache<Id, String> tokenCache = Whitebox.getInternalState(authManager,