登录鉴权增加字段，放开登录接口不用鉴权，数据库密码加密

2025-05-30 14:59:18 +08:00 · 2025-05-30 14:59:18 +08:00 · fa23e953a9
commit fa23e953a9
parent a4f3f7510f
3 changed files with 27 additions and 27 deletions
--- a/backend/src/main/java/com/stdproject/config/SecurityConfig.java
+++ b/backend/src/main/java/com/stdproject/config/SecurityConfig.java
@ -43,16 +43,16 @@ public class SecurityConfig {
    @Value("${spring.security.jwt.enabled:true}")
    private boolean jwtEnabled;
-    
+
    @Value("${spring.security.cors.allowed-origins:http://localhost:3000,http://localhost:8080}")
    private List<String> allowedOrigins;
-    
+
    @Value("${spring.security.cors.max-age:3600}")
    private Long corsMaxAge;
-    
+
    // 公开路径配置
    private static final String[] PUBLIC_PATHS = {
-            "/api/auth/**",
+            "/auth/**",
            "/api/public/**",
            "/swagger-ui/**",
            "/v3/api-docs/**",
@ -80,31 +80,31 @@ public class SecurityConfig {
    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
-        
+
        // 设置允许的源，支持配置化
        configuration.setAllowedOrigins(allowedOrigins);
-        
+
        // 设置允许的HTTP方法
        configuration.setAllowedMethods(Arrays.asList(
                "GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"
        ));
-        
+
        // 设置允许的请求头
        configuration.setAllowedHeaders(Arrays.asList(
-                "Authorization", "Content-Type", "X-Requested-With", 
+                "Authorization", "Content-Type", "X-Requested-With",
-                "Accept", "Origin", "Access-Control-Request-Method", 
+                "Accept", "Origin", "Access-Control-Request-Method",
                "Access-Control-Request-Headers", "X-CSRF-TOKEN"
        ));
-        
+
        // 设置暴露的响应头
        configuration.setExposedHeaders(Arrays.asList(
                "Access-Control-Allow-Origin", "Access-Control-Allow-Credentials",
                "Authorization", "Content-Disposition"
        ));
-        
+
        configuration.setAllowCredentials(true);
        configuration.setMaxAge(corsMaxAge);
-        
+
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
@ -119,22 +119,22 @@ public class SecurityConfig {
        http
            // CORS配置
            .cors(cors -> cors.configurationSource(corsConfigurationSource()))
-            
+
            // 禁用CSRF（因为使用JWT，无状态）
            .csrf(csrf -> csrf.disable())
-            
+
            // 会话管理配置
            .sessionManagement(session -> session
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .maximumSessions(1)
                .maxSessionsPreventsLogin(false)
            )
-            
+
            // 异常处理配置
            .exceptionHandling(ex -> ex
                .authenticationEntryPoint(jwtAuthenticationEntryPoint)
            )
-            
+
            // 安全头配置
            .headers(headers -> headers
                // 禁用iframe嵌入,防止点击劫持攻击
@ -157,7 +157,7 @@ public class SecurityConfig {
                    // 其他所有请求都需要认证
                    .anyRequest().authenticated()
            );
-            
+
            // 添加JWT过滤器
            http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
        } else {
@ -169,4 +169,4 @@ public class SecurityConfig {
        return http.build();
    }
-}
+}
--- a/backend/src/main/java/com/stdproject/service/impl/AppUserServiceImpl.java
+++ b/backend/src/main/java/com/stdproject/service/impl/AppUserServiceImpl.java
@ -30,9 +30,9 @@ public class AppUserServiceImpl extends ServiceImpl<AppUserMapper, AppUser> impl
    @Override
    public AppUser findByUsername(String username) {
-        return getOne(new QueryWrapper<AppUser>().eq("username", username).select( "id", "username", "orgid", "usertype","nickname"));
+        return getOne(new QueryWrapper<AppUser>().eq("username", username).select( "id", "username","password","status", "orgid", "usertype","nickname"));
    }
-    
+
    @Override
    public String getCurrentUsername() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
@ -41,7 +41,7 @@ public class AppUserServiceImpl extends ServiceImpl<AppUserMapper, AppUser> impl
        }
        return null;
    }
-    
+
    @Override
    public AppUser getCurrentUser() {
        String username = getCurrentUsername();
@ -71,7 +71,7 @@ public class AppUserServiceImpl extends ServiceImpl<AppUserMapper, AppUser> impl
        // 更新新密码
        user.setPassword(passwordEncoder.encode(newPassword));
        user.setPwdresettime(LocalDateTime.now());
-        
+
        return updateById(user);
    }
-}
+}
--- a/backend/src/main/resources/application.yml
+++ b/backend/src/main/resources/application.yml
@ -44,7 +44,7 @@ spring:
 #      max-lifetime: 1800000
 #      connection-timeout: 30000
 #      connection-test-query: SELECT 1
- 
+
  cache:
    jcache:
      config: classpath:ehcache.xml # 指定Ehcache配置文件路径
@ -53,7 +53,7 @@ spring:
      allowed-origins: ${CORS_ALLOWED_ORIGINS:http://localhost:3000,http://localhost:8080}
      max-age: ${CORS_MAX_AGE:3600} # 预检请求的缓存时间（秒）
    jwt:
-      enabled: ${JWT_ENABLED:true} # 控制是否启用JWT认证  
+      enabled: ${JWT_ENABLED:true} # 控制是否启用JWT认证
      secret: ${JWT_SECRET:YourJWTSecretKeyForStdProjectBackendApplicationWhichIsVeryLongAndSecure2024!@#$%^&*()}
      expiration-ms: ${JWT_EXPIRATION:86400000} # Token 过期时间 (例如: 24小时)
      refresh-expiration-ms: ${JWT_REFRESH_EXPIRATION:604800000} # 刷新Token过期时间 (例如: 7天)
@ -147,7 +147,7 @@ spring:
      on-profile: dev
  security:
    jwt:
-      enabled: false
+      enabled: true
 logging:
  level:
    com.stdproject: DEBUG
@ -186,4 +186,4 @@ management:
  endpoints:
    web:
      exposure:
-        include: health,info
+        include: health,info