feat(security): 实现JWT认证与授权功能

重构用户登录服务，引入Spring Security和JWT认证机制 - 新增JwtUtils工具类处理JWT生成与验证 - 添加JwtAuthenticationFilter拦截请求验证token - 实现UserDetailsService从数据库加载用户信息 - 创建AuthController处理登录请求返回JWT - 重构用户角色权限相关接口，支持基于角色的访问控制 - 移除旧的安全配置，启用新的SecurityConfig - 新增LoginResponse DTO替代旧的LoginUser - 优化用户密码加密存储，使用BCryptPasswordEncoder
2025-12-04 14:03:29 +08:00
parent d99580f0c9
commit 20f8a9d132
20 changed files with 970 additions and 320 deletions
--- a/src/main/java/com/qf/backend/config/UserInitializer.java
+++ b/src/main/java/com/qf/backend/config/UserInitializer.java
@@ -0,0 +1,69 @@
+package com.qf.backend.config;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.qf.backend.entity.Users;
+import com.qf.backend.service.UsersService;
+import com.qf.backend.util.ValidateUtil;
+
+import jakarta.annotation.PostConstruct;
+
+/**
+ * 用户初始化配置类，用于在系统启动时创建内置用户
+ * @author 30803
+ */
+@Component
+public class UserInitializer {
+    private static final Logger logger = LoggerFactory.getLogger(UserInitializer.class);
+    
+    @Autowired
+    private UsersService usersService;
+    
+    /**
+     * 系统启动时初始化内置用户
+     */
+    // @PostConstruct
+    public void initUsers() {
+        logger.info("开始初始化内置用户...");
+        
+        // 定义内置用户信息
+        String[][] userInfos = {
+            // 用户名,密码,手机号,邮箱,状态
+            {"admin", "admin123", "13800000000", "admin@qq.com", "1"},  // 管理员用户
+            {"shopkeeper", "123456", "13800000001", "shopkeeper@qq.com", "1"},  // 店主用户
+            {"user", "123456", "13800000002", "user@qq.com", "1"}  // 普通用户
+        };
+        
+        for (String[] userInfo : userInfos) {
+            String username = userInfo[0];
+            String password = userInfo[1];
+            String phone = userInfo[2];
+            String email = userInfo[3];
+            Integer status = Integer.parseInt(userInfo[4]);
+            
+            // 检查用户是否已存在
+            Users existingUser = usersService.getOne(new QueryWrapper<Users>().eq("username", username));
+            if (existingUser == null) {
+                // 创建新用户
+                Users user = new Users();
+                user.setUsername(username);
+                user.setPassword(password);
+                user.setPhone(phone);
+                user.setEmail(email);
+                user.setStatus(status);
+                // 注意：不设置last_login_time字段，因为数据库中可能不存在该字段
+                
+                usersService.createUser(user);
+                logger.info("成功创建内置用户: {}", username);
+            } else {
+                logger.info("内置用户 {} 已存在，跳过创建", username);
+            }
+        }
+        
+        logger.info("内置用户初始化完成");
+    }
+}