feat(auth): 优化管理员登录和信息获取功能

- 在 LoginDto 和 WxLoginDTO 中添加了验证注解，提高了数据输入的准确性 - 新增 getUserInfo 方法，用于获取管理员信息 - 修改了 login 方法，使用 @Validated 注解进行参数校验 - 调整了 SecurityConfig，允许所有请求通过 Spring Security 的权限拦截 - 修改了 AuthConst 中的 ADMIN_AUTHORIZATION_HEADER 值
2025-05-25 16:59:52 +08:00 · 2025-05-25 16:59:52 +08:00 · 8b72b98856
parent 3caf9e468b
commit 8b72b98856
5 changed files with 34 additions and 24 deletions
--- a/src/main/java/com/example/admin_server/config/SecurityConfig.java
+++ b/src/main/java/com/example/admin_server/config/SecurityConfig.java
@ -35,24 +35,12 @@ public class SecurityConfig {
        http
                .cors().and()
                .csrf().disable()
-                .sessionManagement()
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
-                .antMatchers(
+                .anyRequest().permitAll() // 所有接口 Spring Security 不再做权限拦截
                        "/swagger-ui.html",
                        "/swagger-ui/**",
                        "/v3/api-docs/**",
                        "/api/public/**",
                        "/api/admin/auth/login",
                        "/api/client/wx/login"
                ).permitAll()
                .antMatchers("/api/admin/**").authenticated()
                .antMatchers("/api/client/**").authenticated()
                .anyRequest().permitAll()
                .and()
                .addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }
--- a/src/main/java/com/example/admin_server/constant/AuthConst.java
+++ b/src/main/java/com/example/admin_server/constant/AuthConst.java
@ -5,7 +5,7 @@ package com.example.admin_server.constant;
 */
 public class AuthConst {
    // 管理端
-    public static final String ADMIN_AUTHORIZATION_HEADER = "adminAuthToken";
+    public static final String ADMIN_AUTHORIZATION_HEADER = "authorization";
    // 客户端
    public static final String FRONT_AUTHORIZATION_HEADER = "assessToken";
 }
--- a/src/main/java/com/example/admin_server/controller/admin/AdminAuthController.java
+++ b/src/main/java/com/example/admin_server/controller/admin/AdminAuthController.java
@ -13,10 +13,8 @@ import io.swagger.annotations.ApiOperation;
 import lombok.RequiredArgsConstructor;
 import org.springframework.util.DigestUtils;
 import org.springframework.util.StringUtils;
-import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.*;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import java.util.HashMap;
 import java.util.Map;
@ -33,7 +31,7 @@ public class AdminAuthController {
    @PostMapping("/login")
    @ApiOperation("管理员登录")
-    public Result<?> login(@RequestBody LoginDto request) {
+    public Result<?> login(@Validated @RequestBody LoginDto request) {
        Admin admin = adminMapper.selectOne(
                new QueryWrapper<Admin>().eq("username", request.getUsername())
        );
@ -84,6 +82,30 @@ public class AdminAuthController {
        return getResult(data);
    }
    @GetMapping("/getUserInfo")
    @ApiOperation("获取管理员信息")
    public Result<?> getUserInfo(@RequestHeader("authorization") String token) {
        if (!StringUtils.hasText(token)) {
            return Result.of(ResultCode.UNAUTHORIZED, "缺少 token");
        }
        Optional<Claims> claimsOpt = jwtUtil.parseToken(token);
        if (!claimsOpt.isPresent() || jwtUtil.isTokenExpired(token)) {
            return Result.of(ResultCode.UNAUTHORIZED, "token 无效或已过期");
        }
        Claims claims = claimsOpt.get();
        Map<String, Object> userInfo = new HashMap<>();
        userInfo.put("userId", String.valueOf(claims.get("id")));
        userInfo.put("userName", claims.get("username"));
        userInfo.put("roles", new String[]{"R_SUPER"});
        userInfo.put("buttons", new String[]{"B_CODE1", "B_CODE2", "B_CODE3"});
        return Result.ok(userInfo);
    }
    private Result<?> getResult(Map<String, Object> data) {
        String newToken = jwtUtil.generateToken(data);
        String newRefreshToken = jwtUtil.generateRefreshToken(data);
@ -92,6 +114,6 @@ public class AdminAuthController {
        tokenMap.put("token", newToken);
        tokenMap.put("refreshToken", newRefreshToken);
-        return Result.ok("请求成功", tokenMap);
+        return Result.ok(tokenMap);
    }
 }
--- a/src/main/java/com/example/admin_server/model/dto/LoginDto.java
+++ b/src/main/java/com/example/admin_server/model/dto/LoginDto.java
@ -6,9 +6,9 @@ import javax.validation.constraints.NotBlank;
@Data
 public class LoginDto {
-    @NotBlank
+    @NotBlank(message = "用户名不能为空")
    private String username;
-    @NotBlank
+    @NotBlank(message = "密码不能为空")
    private String password;
 }
--- a/src/main/java/com/example/admin_server/model/dto/WxLoginDTO.java
+++ b/src/main/java/com/example/admin_server/model/dto/WxLoginDTO.java
@ -7,6 +7,6 @@ import javax.validation.constraints.NotBlank;
@Data
 public class WxLoginDTO {
-    @NotBlank
+    @NotBlank(message = "CODE不能为空")
    private String code;
 }