feat(security): 实现JWT认证与授权功能

重构用户登录服务，引入Spring Security和JWT认证机制 - 新增JwtUtils工具类处理JWT生成与验证 - 添加JwtAuthenticationFilter拦截请求验证token - 实现UserDetailsService从数据库加载用户信息 - 创建AuthController处理登录请求返回JWT - 重构用户角色权限相关接口，支持基于角色的访问控制 - 移除旧的安全配置，启用新的SecurityConfig - 新增LoginResponse DTO替代旧的LoginUser - 优化用户密码加密存储，使用BCryptPasswordEncoder
2025-12-04 14:03:29 +08:00
parent d99580f0c9
commit 20f8a9d132
20 changed files with 970 additions and 320 deletions
--- a/src/main/java/com/qf/backend/controller/PermissionsController.java
+++ b/src/main/java/com/qf/backend/controller/PermissionsController.java
@@ -0,0 +1,145 @@
+/*
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
+ */
+
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.common.Result;
+import com.qf.backend.entity.Permissions;
+import com.qf.backend.service.PermissionsService;
+import java.util.List;
+
+/**
+ * 权限管理控制器
+ * 处理权限相关的HTTP请求
+ * 遵循RESTful API设计规范
+ * @author 30803
+ */
+@RequestMapping("/api/permissions")
+@RestController
+public class PermissionsController {
+    private static final Logger logger = LoggerFactory.getLogger(PermissionsController.class);
+    
+    @Autowired
+    private PermissionsService permissionsService;
+    
+    /**
+     * 查询所有权限
+     * @return 权限列表
+     */
+    @GetMapping
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<List<Permissions>> listAllPermissions() {
+        logger.info("管理员查询所有权限");
+        return permissionsService.listAllPermissions();
+    }
+    
+    /**
+     * 根据权限ID查询权限
+     * @param id 权限ID
+     * @return 权限信息
+     */
+    @GetMapping("/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Permissions> getPermissionById(@PathVariable Long id) {
+        logger.info("管理员根据ID查询权限，ID：{}", id);
+        return permissionsService.getPermissionById(id);
+    }
+    
+    /**
+     * 根据权限编码查询权限
+     * @param permissionCode 权限编码
+     * @return 权限信息
+     */
+    @GetMapping("/code/{permissionCode}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Permissions> getPermissionByCode(@PathVariable String permissionCode) {
+        logger.info("管理员根据权限编码查询权限，权限编码：{}", permissionCode);
+        return permissionsService.getPermissionByCode(permissionCode);
+    }
+    
+    /**
+     * 创建权限
+     * @param permissions 权限信息
+     * @return 是否成功
+     */
+    @PostMapping
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> createPermission(@RequestBody Permissions permissions) {
+        logger.info("管理员创建权限：{}", permissions);
+        return permissionsService.createPermission(permissions);
+    }
+    
+    /**
+     * 更新权限信息
+     * @param permissions 权限信息
+     * @return 是否成功
+     */
+    @PutMapping
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updatePermission(@RequestBody Permissions permissions) {
+        logger.info("管理员更新权限：{}", permissions);
+        return permissionsService.updatePermission(permissions);
+    }
+    
+    /**
+     * 删除权限
+     * @param id 权限ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deletePermission(@PathVariable Long id) {
+        logger.info("管理员删除权限，ID：{}", id);
+        return permissionsService.deletePermission(id);
+    }
+    
+    /**
+     * 批量删除权限
+     * @param ids 权限ID列表
+     * @return 是否成功
+     */
+    @DeleteMapping("/batch")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> batchDeletePermissions(@RequestBody List<Long> ids) {
+        logger.info("管理员批量删除权限，IDs：{}", ids);
+        return permissionsService.batchDeletePermissions(ids);
+    }
+    
+    /**
+     * 根据菜单ID查询权限
+     * @param menuId 菜单ID
+     * @return 权限列表
+     */
+    @GetMapping("/menu/{menuId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<List<Permissions>> listPermissionsByMenuId(@PathVariable Long menuId) {
+        logger.info("管理员根据菜单ID查询权限，菜单ID：{}", menuId);
+        return permissionsService.listPermissionsByMenuId(menuId);
+    }
+    
+    /**
+     * 根据权限类型查询权限
+     * @param permissionType 权限类型
+     * @return 权限列表
+     */
+    @GetMapping("/type/{permissionType}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<List<Permissions>> listPermissionsByType(@PathVariable String permissionType) {
+        logger.info("管理员根据权限类型查询权限，权限类型：{}", permissionType);
+        return permissionsService.listPermissionsByType(permissionType);
+    }
+}