feat(auth): 优化管理员登录和信息获取功能

- 在 LoginDto 和 WxLoginDTO 中添加了验证注解，提高了数据输入的准确性 - 新增 getUserInfo 方法，用于获取管理员信息 - 修改了 login 方法，使用 @Validated 注解进行参数校验 - 调整了 SecurityConfig，允许所有请求通过 Spring Security 的权限拦截 - 修改了 AuthConst 中的 ADMIN_AUTHORIZATION_HEADER 值
2025-05-25 16:59:52 +08:00 · 2025-05-25 16:59:52 +08:00 · 8b72b98856
parent 3caf9e468b
commit 8b72b98856
5 changed files with 34 additions and 24 deletions
--- a/src/main/java/com/example/admin_server/config/SecurityConfig.java
+++ b/src/main/java/com/example/admin_server/config/SecurityConfig.java
@ -35,24 +35,12 @@ public class SecurityConfig {
        http
                .cors().and()
                .csrf().disable()
-                .sessionManagement()
-                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
-                .antMatchers(
-                        "/swagger-ui.html",
-                        "/swagger-ui/**",
-                        "/v3/api-docs/**",
-                        "/api/public/**",
-                        "/api/admin/auth/login",
-                        "/api/client/wx/login"
-                ).permitAll()
-                .antMatchers("/api/admin/**").authenticated()
-                .antMatchers("/api/client/**").authenticated()
-                .anyRequest().permitAll()
+                .anyRequest().permitAll() // 所有接口 Spring Security 不再做权限拦截
                .and()
                .addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
-
        return http.build();
    }

--- a/src/main/java/com/example/admin_server/constant/AuthConst.java
+++ b/src/main/java/com/example/admin_server/constant/AuthConst.java
@ -5,7 +5,7 @@ package com.example.admin_server.constant;
 */
 public class AuthConst {
    // 管理端
-    public static final String ADMIN_AUTHORIZATION_HEADER = "adminAuthToken";
+    public static final String ADMIN_AUTHORIZATION_HEADER = "authorization";
    // 客户端
    public static final String FRONT_AUTHORIZATION_HEADER = "assessToken";
 }
--- a/src/main/java/com/example/admin_server/controller/admin/AdminAuthController.java
+++ b/src/main/java/com/example/admin_server/controller/admin/AdminAuthController.java
@ -13,10 +13,8 @@ import io.swagger.annotations.ApiOperation;
 import lombok.RequiredArgsConstructor;
 import org.springframework.util.DigestUtils;
 import org.springframework.util.StringUtils;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;

 import java.util.HashMap;
 import java.util.Map;
@ -33,7 +31,7 @@ public class AdminAuthController {

    @PostMapping("/login")
    @ApiOperation("管理员登录")
-    public Result<?> login(@RequestBody LoginDto request) {
+    public Result<?> login(@Validated @RequestBody LoginDto request) {
        Admin admin = adminMapper.selectOne(
                new QueryWrapper<Admin>().eq("username", request.getUsername())
        );
@ -84,6 +82,30 @@ public class AdminAuthController {
        return getResult(data);
    }

+    @GetMapping("/getUserInfo")
+    @ApiOperation("获取管理员信息")
+    public Result<?> getUserInfo(@RequestHeader("authorization") String token) {
+        if (!StringUtils.hasText(token)) {
+            return Result.of(ResultCode.UNAUTHORIZED, "缺少 token");
+        }
+
+        Optional<Claims> claimsOpt = jwtUtil.parseToken(token);
+        if (!claimsOpt.isPresent() || jwtUtil.isTokenExpired(token)) {
+            return Result.of(ResultCode.UNAUTHORIZED, "token 无效或已过期");
+        }
+
+        Claims claims = claimsOpt.get();
+
+        Map<String, Object> userInfo = new HashMap<>();
+        userInfo.put("userId", String.valueOf(claims.get("id")));
+        userInfo.put("userName", claims.get("username"));
+        userInfo.put("roles", new String[]{"R_SUPER"});
+        userInfo.put("buttons", new String[]{"B_CODE1", "B_CODE2", "B_CODE3"});
+
+        return Result.ok(userInfo);
+    }
+
+
    private Result<?> getResult(Map<String, Object> data) {
        String newToken = jwtUtil.generateToken(data);
        String newRefreshToken = jwtUtil.generateRefreshToken(data);
@ -92,6 +114,6 @@ public class AdminAuthController {
        tokenMap.put("token", newToken);
        tokenMap.put("refreshToken", newRefreshToken);

-        return Result.ok("请求成功", tokenMap);
+        return Result.ok(tokenMap);
    }
 }
--- a/src/main/java/com/example/admin_server/model/dto/LoginDto.java
+++ b/src/main/java/com/example/admin_server/model/dto/LoginDto.java
@ -6,9 +6,9 @@ import javax.validation.constraints.NotBlank;

@Data
 public class LoginDto {
-    @NotBlank
+    @NotBlank(message = "用户名不能为空")
    private String username;

-    @NotBlank
+    @NotBlank(message = "密码不能为空")
    private String password;
 }
--- a/src/main/java/com/example/admin_server/model/dto/WxLoginDTO.java
+++ b/src/main/java/com/example/admin_server/model/dto/WxLoginDTO.java
@ -7,6 +7,6 @@ import javax.validation.constraints.NotBlank;
@Data
 public class WxLoginDTO {

-    @NotBlank
+    @NotBlank(message = "CODE不能为空")
    private String code;
 }