双Token(数据库待修改)

ClearAzure · ClearAzure · commit 3e6a5ca98192 · 2025-12-10T18:25:11.000+08:00
diff --git a/drawbluecup-common/pom.xml b/drawbluecup-common/pom.xml
@@ -18,25 +18,53 @@
             <groupId>org.springframework</groupId>
             <artifactId>spring-context</artifactId>
         </dependency>
-        <!-- Spring Web（用于 HTTP 状态码、Controller 等） -->
+
+        <!-- Spring Web（适配Spring Boot 3，包含Jakarta EE） -->
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
-        <!-- Bean Validation API，供自定义注解使用 -->
+
+        <!-- 校验框架（包含Validator实现，避免自定义注解无法生效） -->
         <dependency>
-            <groupId>jakarta.validation</groupId>
-            <artifactId>jakarta.validation-api</artifactId>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
         </dependency>
+
+        <!-- Lombok -->
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
             <scope>provided</scope>
         </dependency>
+
+        <!-- JWT核心依赖（指定版本，适配Spring Boot 3） -->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+
+        </dependency>
         <dependency>
-            <groupId>com.mysql</groupId>
-            <artifactId>mysql-connector-j</artifactId>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+
+            <scope>runtime</scope>
         </dependency>
+
+        <!-- 密码加密（BCrypt） -->
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-crypto</artifactId>
+            <version>6.2.0</version>
+        </dependency>
+
+        <!-- Swagger注解（Jakarta版） -->
         <dependency>
             <groupId>io.swagger.core.v3</groupId>
             <artifactId>swagger-annotations-jakarta</artifactId>
diff --git a/drawbluecup-common/src/main/java/com/drawbluecup/JWT/JwtUtils.java b/drawbluecup-common/src/main/java/com/drawbluecup/JWT/JwtUtils.java
@@ -0,0 +1,62 @@
+package com.drawbluecup.JWT;
+
+
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import javax.crypto.SecretKey; // 临时兼容（JDK 17仍保留javax.crypto）
+import java.util.Date;
+import java.util.Map;
+
+/**
+ * JWT工具类：新增双Token过期时间常量
+ */
+public class JwtUtils {
+    // 密钥（生产环境建议用32位随机字符串，且保密）
+    private static final String SECRET = "12345678901234567890123456789012";
+
+    // ========== 新增：双Token过期时间 ==========
+    public static final long ACCESS_TOKEN_EXPIRE = 2 * 60 * 60 * 1000; // Access Token：2小时
+    public static final long REFRESH_TOKEN_EXPIRE = 7 * 24 * 60 * 60 * 1000; // Refresh Token：7天
+
+
+    //==============================方法==================================//
+
+    /**
+     * 生成加密密钥
+     */
+    private static SecretKey getKey() {
+        return Keys.hmacShaKeyFor(SECRET.getBytes());
+    }
+
+    /**
+     * 生成Token（通用方法，支持Access/Refresh Token）
+     * @param userInfo 存入Token的用户信息（如userId、phone）
+     * @param expireTime 过期时间（毫秒）
+     * @return JWT Token字符串
+     */
+    public static String generateToken(Map<String, Object> userInfo, long expireTime) {
+        return Jwts.builder()
+                .setClaims(userInfo) // 存入用户信息（Payload）
+                .setExpiration(new Date(System.currentTimeMillis() + expireTime)) // 过期时间
+                .signWith(getKey()) // 签名（防篡改）
+                .compact();
+    }
+
+    /**
+     * 解析Token
+     * @param token 前端传入的Token字符串
+     * @return Token中的用户信息（如userId）
+     * @throws RuntimeException Token无效/过期时抛出异常
+     */
+    public static Map<String, Object> parseToken(String token) {
+        try {
+            return Jwts.parserBuilder()
+                    .setSigningKey(getKey()) // 用相同密钥验证
+                    .build()
+                    .parseClaimsJws(token) // 解析Token
+                    .getBody(); // 获取Payload中的用户信息
+        } catch (Exception e) {
+            throw new RuntimeException("Token无效或已过期：" + e.getMessage());
+        }
+    }
+}
diff --git a/drawbluecup-common/src/main/java/com/drawbluecup/JWT/TokenInterceptor.java b/drawbluecup-common/src/main/java/com/drawbluecup/JWT/TokenInterceptor.java
@@ -0,0 +1,43 @@
+package com.drawbluecup.JWT;
+
+import org.springframework.web.servlet.HandlerInterceptor;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;//修正拦截器的包导入（把javax换成jakarta）
+import java.util.Map;
+
+/**
+ * Token拦截器：仅校验Access Token（Refresh Token接口不拦截）
+ */
+public class TokenInterceptor implements HandlerInterceptor {
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        // 1. 排除登录接口、刷新Token接口（无需校验Access Token）
+        String requestUrl = request.getRequestURI();
+        if (requestUrl.contains("/login") || requestUrl.contains("/refreshToken")) {
+            return true; // 放行
+        }
+
+        // 2. 从请求头获取Access Token（约定前端字段名：Access-Token）
+        String accessToken = request.getHeader("Access-Token");
+        if (accessToken == null || accessToken.isEmpty()) {
+            // 手动返回错误响应
+            response.setCharacterEncoding("UTF-8");
+            response.setContentType("application/json");
+            response.getWriter().write("{\"code\":401,\"message\":\"Access Token为空，请先登录\"}");
+            return false; // 拒绝放行
+        }
+
+        // 3. 排除静态资源（仅拦截Controller接口）
+        if (!(handler instanceof org.springframework.web.method.HandlerMethod)) {
+            return true;
+        }
+
+        // 4. 解析Access Token（验证有效性），并提取用户信息
+        Map<String, Object> userInfo = JwtUtils.parseToken(accessToken);
+        Integer userId = (Integer) userInfo.get("userId");
+        // 将用户ID存入request，供后续接口使用！！
+        request.setAttribute("loginUserId", userId);
+
+        return true; // 校验通过，放行
+    }
+}
diff --git a/drawbluecup-common/src/main/java/com/drawbluecup/dto/product/ProductRespDTOWithout.java b/drawbluecup-common/src/main/java/com/drawbluecup/dto/product/ProductRespDTOWithout.java
@@ -10,7 +10,7 @@
 @Data
 @Schema(name = "ProductRespDTO", description = "商品信息出参")// Swagger注解：文档里说明这个DTO的作用
 
-public class ProductRespDTO {
+public class ProductRespDTOWithout {
 
     @Schema(description = "商品ID")// 文档里标注字段说明
     private Integer id; // 前端需要看的id
diff --git a/drawbluecup-common/src/main/java/com/drawbluecup/dto/user/LoginAndToken/UserLoginDTO.java b/drawbluecup-common/src/main/java/com/drawbluecup/dto/user/LoginAndToken/UserLoginDTO.java
@@ -0,0 +1,13 @@
+package com.drawbluecup.dto.user.LoginAndToken;
+
+import lombok.Data;
+
+    /**
+     * 登录入参DTO
+     */
+    @Data
+    public class UserLoginDTO {
+        private String phone;
+        private String password;
+    }
+
diff --git a/drawbluecup-common/src/main/java/com/drawbluecup/dto/user/LoginAndToken/UserLoginRespDTO.java b/drawbluecup-common/src/main/java/com/drawbluecup/dto/user/LoginAndToken/UserLoginRespDTO.java
@@ -0,0 +1,13 @@
+package com.drawbluecup.dto.user.LoginAndToken;
+
+import lombok.Data;
+
+/**
+ * 登录出参DTO（返回双Token）
+ */
+@Data
+public class UserLoginRespDTO {
+    private String accessToken;
+    private String refreshToken;
+    private String userName;
+}
diff --git a/drawbluecup-common/src/main/java/com/drawbluecup/dto/user/LoginAndToken/UserRefreshTokenDTO.java b/drawbluecup-common/src/main/java/com/drawbluecup/dto/user/LoginAndToken/UserRefreshTokenDTO.java
@@ -0,0 +1,11 @@
+package com.drawbluecup.dto.user.LoginAndToken;
+
+import lombok.Data;
+
+/**
+ * 刷新Token入参DTO
+ */
+@Data
+public class UserRefreshTokenDTO {
+    private String refreshToken;
+}
diff --git a/drawbluecup-common/src/main/java/com/drawbluecup/dto/user/LoginAndToken/UserRefreshTokenRespDTO.java b/drawbluecup-common/src/main/java/com/drawbluecup/dto/user/LoginAndToken/UserRefreshTokenRespDTO.java
@@ -0,0 +1,12 @@
+package com.drawbluecup.dto.user.LoginAndToken;
+
+import lombok.Data;
+
+/**
+ * 刷新Token出参DTO
+ */
+@Data
+public class UserRefreshTokenRespDTO {
+    private String newAccessToken;
+
+}
diff --git a/drawbluecup-common/src/main/java/com/drawbluecup/dto/user/UserRespDTO.java b/drawbluecup-common/src/main/java/com/drawbluecup/dto/user/UserRespDTO.java
diff --git a/drawbluecup-common/src/main/java/com/drawbluecup/dto/user/UserRespDTOWithout.java b/drawbluecup-common/src/main/java/com/drawbluecup/dto/user/UserRespDTOWithout.java
@@ -0,0 +1,25 @@
+package com.drawbluecup.dto.user;
+
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+import java.time.LocalDateTime;
+
+
+@Data
+@Schema(name = "UserRespDTOWithout", description = "用户信息出参(仅用户)")// Swagger注解：文档里说明这个DTO的作用
+
+public class UserRespDTOWithout {
+    @Schema(description = "用户主键id")
+    private Integer id;
+    @Schema(description = "用户名称")
+    private String name;
+    @Schema(description = "用户电话")
+    private String phone;
+    @Schema(description = "用户创建时间")
+    private LocalDateTime createTime;
+    @Schema(description = "用户更新时间")
+    private LocalDateTime updateTime;
+
+}
diff --git a/drawbluecup-user/src/main/java/com/drawbluecup/service/UserService.java b/drawbluecup-user/src/main/java/com/drawbluecup/service/UserService.java
@@ -34,4 +34,8 @@ public interface UserService {
      * @return 分页结果（包含用户列表、总条数、总页数等）
      */
     PageInfo<User> queryUserByCondition(String name, String phone, LocalDateTime createTime, LocalDateTime updateTime, Integer pageNum, Integer pageSize);
+
+    User login(String phone, String password);//登录验证方法
+
+
 }
diff --git a/drawbluecup-user/src/main/java/com/drawbluecup/service/impl/UserServiceImpl.java b/drawbluecup-user/src/main/java/com/drawbluecup/service/impl/UserServiceImpl.java
@@ -250,8 +250,31 @@ public PageInfo<User> queryUserByCondition(String name, String phone, LocalDateT
         return new PageInfo<>(userList);
     }
 
+    //登录验证逻辑
+    @Override
+    public User login(String phone, String password) {
+        // 1. 校验参数
+        if (phone == null || phone.trim().isEmpty()) {
+            throw new BusinessException(400, "登录失败：手机号不能为空");
+        }
+        if (password == null || password.trim().isEmpty()) {
+            throw new BusinessException(400, "登录失败：密码不能为空");
+        }
+
+        // 2. 查询用户（假设你的User表有password字段，实际需加密存储）
+        User user = userMapper.findByPhone(phone);
+        if (user == null) {
+            throw new BusinessException(401, "登录失败：手机号或密码错误");
+        }
 
+        // 3. 校验密码（生产环境需用BCrypt加密对比，这里模拟明文）
+        // 注意：实际项目中密码要加密存储，不能存明文！
+        if (!"123456".equals(password)) { // 临时模拟，需替换为真实密码校验
+            throw new BusinessException(401, "登录失败：手机号或密码错误");
+        }
 
+        return user;
+    }
 
 
 
diff --git a/drawbluecup-web/src/main/java/com/drawbluecup/web/config/WebConfig.java b/drawbluecup-web/src/main/java/com/drawbluecup/web/config/WebConfig.java
@@ -0,0 +1,21 @@
+package com.drawbluecup.web.config;
+
+
+import com.drawbluecup.JWT.TokenInterceptor;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ * Web配置类（注册拦截器）
+ */
+@Configuration
+public class WebConfig implements WebMvcConfigurer {
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        // 注册Token拦截器
+        registry.addInterceptor(new TokenInterceptor())
+                .addPathPatterns("/**");//拦截所有请求
+    }
+}
diff --git a/drawbluecup-web/src/main/java/com/drawbluecup/web/controller/ProductController.java b/drawbluecup-web/src/main/java/com/drawbluecup/web/controller/ProductController.java
@@ -1,7 +1,7 @@
 package com.drawbluecup.web.controller;
 
 import com.drawbluecup.dto.product.ProductAddDTO;
-import com.drawbluecup.dto.product.ProductRespDTO;
+import com.drawbluecup.dto.product.ProductRespDTOWithout;
 import com.drawbluecup.dto.product.ProductUpdateDTO;
 import com.drawbluecup.entity.Product;
 import com.drawbluecup.result.Result;
@@ -45,15 +45,15 @@ public class ProductController {
     @GetMapping("/findAll")
     @Operation(summary = "查询所有商品")
 
-    public Result<List<ProductRespDTO>> findAll(){//实体转DTO
+    public Result<List<ProductRespDTOWithout>> findAll(){//实体转DTO
 
         // 1. 调用Service获取所有Product实体类
         List<Product> productList = productService.findAll();
 
         // 2. 遍历转换：每个Product → ProductRespDTO
-        List<ProductRespDTO> respDTOList = new ArrayList<>();
+        List<ProductRespDTOWithout> respDTOList = new ArrayList<>();
         for (Product product : productList) {
-            ProductRespDTO respDTO = new ProductRespDTO();
+            ProductRespDTOWithout respDTO = new ProductRespDTOWithout();
             respDTO.setId(product.getId());
             respDTO.setName(product.getName());
             respDTOList.add(respDTO);
@@ -72,13 +72,13 @@ public Result<List<ProductRespDTO>> findAll(){//实体转DTO
     @GetMapping("/findById/{id}")
     @Operation(summary = "根据id查询商品", description = "根据商品ID查询商品信息")
 
-    public Result<ProductRespDTO> findById(@PathVariable Integer id){
+    public Result<ProductRespDTOWithout> findById(@PathVariable Integer id){
 
         // 1. 调用Service获取实体类（还是原来的逻辑，Service返回Product）
         Product product = productService.findById(id);
 
         // 2. 实体类转DTO（只赋值前端需要的id和name）
-        ProductRespDTO respDTO = new ProductRespDTO();
+        ProductRespDTOWithout respDTO = new ProductRespDTOWithout();
         respDTO.setId(product.getId());
         respDTO.setName(product.getName());
 
diff --git a/drawbluecup-web/src/main/java/com/drawbluecup/web/controller/UserController.java b/drawbluecup-web/src/main/java/com/drawbluecup/web/controller/UserController.java
diff --git a/pom.xml b/pom.xml
