[improve] use post request refresh token (#2720)

Signed-off-by: tomsun28 <[email protected]>
Co-authored-by: shown <[email protected]>

manager/src/main/java/org/apache/hertzbeat/manager/controller/AccountController.java

@@ -21,22 +21,19 @@
 import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
 import io.jsonwebtoken.ExpiredJwtException;
 import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.validation.Valid;
-import jakarta.validation.constraints.NotNull;
 import java.util.Map;
 import javax.naming.AuthenticationException;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.hertzbeat.common.entity.dto.Message;
 import org.apache.hertzbeat.common.util.ResponseUtil;
 import org.apache.hertzbeat.manager.pojo.dto.LoginDto;
 import org.apache.hertzbeat.manager.pojo.dto.RefreshTokenResponse;
+import org.apache.hertzbeat.manager.pojo.dto.TokenDto;
 import org.apache.hertzbeat.manager.service.AccountService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -60,13 +57,11 @@ public ResponseEntity<Message<Map<String, String>>> authGetToken(@Valid @Request
         return ResponseUtil.handle(() -> accountService.authGetToken(loginDto));
     }
 
-    @GetMapping("/refresh/{refreshToken}")
+    @PostMapping("/refresh")
     @Operation(summary = "Use refresh TOKEN to re-acquire TOKEN", description = "Use refresh TOKEN to re-acquire TOKEN")
-    public ResponseEntity<Message<RefreshTokenResponse>> refreshToken(
-            @Parameter(description = "Refresh TOKEN", example = "xxx")
-            @PathVariable("refreshToken") @NotNull final String refreshToken) {
+    public ResponseEntity<Message<RefreshTokenResponse>> refreshToken(@Valid @RequestBody TokenDto tokenDto) {
         try {
-            return ResponseEntity.ok(Message.success(accountService.refreshToken(refreshToken)));
+            return ResponseEntity.ok(Message.success(accountService.refreshToken(tokenDto.getToken())));
         } catch (AuthenticationException e) {
             return ResponseEntity.ok(Message.fail(LOGIN_FAILED_CODE, e.getMessage()));
         } catch (ExpiredJwtException expiredJwtException) {

manager/src/main/java/org/apache/hertzbeat/manager/pojo/dto/TokenDto.java

@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hertzbeat.manager.pojo.dto;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotBlank;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * Refresh token dto
+ */
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+@Schema(description = "Request refresh token transfer body")
+public class TokenDto {
+
+    @Schema(description = "token")
+    @NotBlank(message = "token can not null")
+    private String token;
+
+}

manager/src/test/java/org/apache/hertzbeat/manager/controller/AccountControllerTest.java

@@ -26,6 +26,7 @@
 import org.apache.hertzbeat.common.constants.CommonConstants;
 import org.apache.hertzbeat.common.util.JsonUtil;
 import org.apache.hertzbeat.manager.pojo.dto.LoginDto;
+import org.apache.hertzbeat.manager.pojo.dto.TokenDto;
 import org.apache.hertzbeat.manager.service.AccountService;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -93,8 +94,9 @@ void authGetToken() throws Exception {
     void refreshToken() throws Exception {
         String refreshToken = "123456";
         Mockito.when(accountService.refreshToken(refreshToken)).thenThrow(new AuthenticationException());
-        this.mockMvc.perform(MockMvcRequestBuilders.get("/api/account/auth/refresh/{refreshToken}",
-                        refreshToken))
+        this.mockMvc.perform(MockMvcRequestBuilders.post("/api/account/auth/refresh")
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .content(JsonUtil.toJson(new TokenDto(refreshToken))))
                 .andExpect(jsonPath("$.code").value((int) CommonConstants.LOGIN_FAILED_CODE))
                 .andReturn();
     }

web-app/src/app/service/auth.service.ts

@@ -17,7 +17,7 @@
  * under the License.
  */
 
-import { HttpClient, HttpParams } from '@angular/common/http';
+import { HttpClient } from '@angular/common/http';
 import { Injectable } from '@angular/core';
 import { Observable } from 'rxjs';
 
@@ -32,6 +32,9 @@ export class AuthService {
   constructor(private http: HttpClient) {}
 
   public refreshToken(refreshToken: string): Observable<Message<any>> {
-    return this.http.get<Message<any>>(`${account_auth_refresh_uri}/${refreshToken}`);
+    let body = {
+      token: refreshToken
+    };
+    return this.http.post<Message<any>>(`${account_auth_refresh_uri}`, body);
   }
 }