refactor: 重构项目结构，将Result类及相关工具类移动到dto和util包

将Result类从common包移动到dto包，ResultUtils类从common包移动到util包
调整所有相关文件的import语句以匹配新的包结构
新增CorsConfig配置类处理跨域请求
优化AuthController的登录接口返回统一响应格式

src/main/java/com/qf/backend/config/CorsConfig.java

@@ -0,0 +1,50 @@
+package com.qf.backend.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.filter.CorsFilter;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+@Configuration
+public class CorsConfig {
+    /**
+     * 跨域配置
+     */
+    @Bean
+    public CorsFilter corsFilter(){
+        // 创建跨域配置对象
+        CorsConfiguration configuration = new CorsConfiguration();
+        // 允许的来源使用通配符，允许所有来源
+        configuration.addAllowedOriginPattern("*");
+        // 允许携带cookie
+        configuration.setAllowCredentials(true);
+       
+        // 明确列出允许的HTTP方法，比使用通配符更安全
+        configuration.addAllowedMethod("GET");
+        configuration.addAllowedMethod("POST");
+        configuration.addAllowedMethod("PUT");
+        configuration.addAllowedMethod("DELETE");
+        configuration.addAllowedMethod("OPTIONS");
+        configuration.addAllowedMethod("PATCH");
+        // 允许所有请求头（新增）
+        configuration.addAllowedHeader("*");
+        
+        // 明确暴露的响应头，对于JWT认证很重要
+        configuration.addExposedHeader("Authorization");
+        configuration.addExposedHeader("Content-Type");
+        configuration.addExposedHeader("X-Requested-With");
+        configuration.addExposedHeader("Accept");
+        configuration.addExposedHeader("Access-Control-Allow-Origin");
+        // 设置最大缓存时间为1小时，减少预检请求次数
+        configuration.setMaxAge(3600L);
+        // 创建基于URL的CORS配置源
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        
+        // 为所有路径应用CORS配置
+        source.registerCorsConfiguration("/**", configuration);
+        
+        // 返回配置好的CORS过滤器
+        return new CorsFilter(source);
+    }
+}

src/main/java/com/qf/backend/config/JwtAuthenticationFilter.java

@@ -0,0 +1,80 @@
+package com.qf.backend.config;
+
+import java.io.IOException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import com.qf.backend.util.JwtUtils;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+/**
+ * JWT认证过滤器，用于解析和验证JWT
+ * 拦截所有请求，检查Authorization头中的Bearer token
+ */
+@Component
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+    
+    private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationFilter.class);
+    
+    @Autowired
+    private JwtUtils jwtUtils;
+    
+    @Autowired
+    private UserDetailsService userDetailsService;
+    /**
+     * 过滤请求，检查JWT并设置认证信息
+     */
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) 
+            throws ServletException, IOException {
+        
+        try {
+            // 1. 从请求头中获取Authorization
+            String authorizationHeader = request.getHeader("Authorization");
+            String token = null;
+            String username = null;
+            
+            // 2. 检查Authorization头格式
+            if (authorizationHeader != null && authorizationHeader.startsWith(jwtUtils.getTokenPrefix() + " ")) {
+                token = authorizationHeader.substring(jwtUtils.getTokenPrefix().length() + 1);
+                username = jwtUtils.getUsernameFromToken(token);
+            }
+            
+            // 3. 如果token有效且用户未认证，设置认证信息
+            if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+                UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
+                
+                // 4. 验证token
+                if (jwtUtils.validateToken(token, userDetails)) {
+                    // 5. 创建认证对象
+                    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
+                            userDetails, null, userDetails.getAuthorities());
+                    
+                    // 6. 设置认证细节
+                    authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                    
+                    // 7. 设置认证信息到SecurityContext
+                    SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+                }
+            }
+        } catch (Exception e) {
+            logger.error("JWT认证失败: {}", e.getMessage());
+        }
+        
+        // 8. 继续过滤链
+        filterChain.doFilter(request, response);
+    }
+}

src/main/java/com/qf/backend/config/SecurityConfig.java

@@ -1,57 +1,114 @@
-// /*
-//  * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
-//  * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
-//  */
-// package com.qf.backend.config;
+/*
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
+ */
+package com.qf.backend.config;
 
-// import org.springframework.context.annotation.Bean;
-// import org.springframework.context.annotation.Configuration;
-// import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-// import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-// import org.springframework.security.provisioning.InMemoryUserDetailsManager;
-// import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
-// /**
-//  * 安全配置类（仅开发 禁用安全认证）
-//  *
-//  * @author 30803
-//  */
-// @Configuration
-// @EnableWebSecurity
-// public class SecurityConfig {
+/**
+ * 安全配置类，使用JWT认证
+ * 该类是Spring Security的核心配置类，负责配置安全策略、认证机制和授权规则
+ * 与AuthController.java的关系：
+ * 1. AuthController处理登录请求，调用AuthenticationManager进行认证
+ * 2. SecurityConfig配置AuthenticationManager和相关组件
+ * 3. SecurityConfig配置JWT过滤器，用于拦截后续请求并验证JWT
+ * 4. 两者协同工作，完成完整的认证授权流程
+ */
+@Configuration
+@EnableWebSecurity // 启用Spring Security
+public class SecurityConfig {
 
-//     @Bean
-//     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-//         http
-//                 .authorizeHttpRequests(auth -> auth
-//                 .requestMatchers("/users/**").permitAll() // 公开路径
-//                 .requestMatchers("/admin/**").hasRole("ADMIN") // 需要 ADMIN 角色
-//                 .anyRequest().authenticated() // 其他请求需登录
-//                 )
-//                 .formLogin(form -> form
-//                 .loginPage("/login") // 自定义登录页（可选）
-//                 .permitAll()
-//                 )
-//                 .logout(logout -> logout
-//                 .permitAll()
-//                 );
-//         return http.build();
-//     }
+    /**
+     * 注入JWT认证过滤器
+     * 该过滤器会拦截所有请求，检查Authorization头中的Bearer token
+     */
+    @Autowired
+    private JwtAuthenticationFilter jwtAuthenticationFilter;
     
-//     @Bean
-//     public UserDetailsService userDetailsService() {
-//         UserDetails user = User.withDefaultPasswordEncoder()
-//                 .username("user")
-//                 .password("123456")
-//                 .roles("USER")
-//                 .build();
+    /**
+     * 配置SecurityFilterChain
+     * SecurityFilterChain是Spring Security 3.x的新特性，替代了旧版的WebSecurityConfigurerAdapter
+     * 该方法配置了安全策略，包括：
+     * 1. 禁用CSRF保护（适合API服务，因为API通常使用JWT而不是Session）
+     * 2. 配置会话管理为无状态（适合RESTful API，不使用Session）
+     * 3. 配置请求授权规则
+     * 4. 禁用默认的登录和注销功能（使用自定义的AuthController）
+     * 5. 添加JWT过滤器
+     * 
+     * @param http HttpSecurity对象，用于配置安全策略
+     * @return SecurityFilterChain对象
+     * @throws Exception 配置过程中可能抛出的异常
+     */
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+                // 1. 禁用CSRF保护
+                // CSRF（跨站请求伪造）保护主要用于Web应用，防止第三方网站伪造请求
+                // API服务通常使用JWT认证，不需要CSRF保护
+                .csrf(csrf -> csrf.disable())
                 
-//         UserDetails admin = User.withDefaultPasswordEncoder()
-//                 .username("admin")
-//                 .password("admin123")
-//                 .roles("USER", "ADMIN")
-//                 .build();
+                // 2. 配置会话管理：无状态
+                // 无状态意味着服务器不存储用户会话信息，每个请求都需要携带完整的认证信息
+                // 这是RESTful API的最佳实践，提高了系统的可扩展性和安全性
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 
-//         return new InMemoryUserDetailsManager(user, admin);
-//     }
-// }
+                // 3. 配置请求授权规则
+                // 使用Lambda DSL配置请求匹配规则和授权要求
+                .authorizeHttpRequests(auth -> auth
+                        // 登录接口公开访问，不需要认证
+                        .requestMatchers("/api/auth/login").permitAll()
+                        // 其他所有请求都需要认证
+                        .anyRequest().authenticated()
+                )
+                
+                // 4. 禁用默认的登录和注销功能
+                // 因为我们使用自定义的AuthController处理登录请求
+                .formLogin(form -> form.disable())
+                .logout(logout -> logout.disable());
+        
+        // 5. 添加JWT过滤器
+        // 在UsernamePasswordAuthenticationFilter之前添加JWT过滤器
+        // 这样所有请求都会先经过JWT过滤器，验证token的有效性
+        http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+        
+        return http.build();
+    }
+
+    /**
+     * 配置PasswordEncoder
+     * PasswordEncoder用于加密和验证密码
+     * BCryptPasswordEncoder是Spring Security推荐的密码编码器，使用随机盐值
+     * 
+     * @return PasswordEncoder对象
+     */
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+    
+    /**
+     * 配置AuthenticationManager
+     * AuthenticationManager是Spring Security的核心组件，负责处理认证请求
+     * 该方法从AuthenticationConfiguration中获取AuthenticationManager实例
+     * 
+     * @param authenticationConfiguration AuthenticationConfiguration对象
+     * @return AuthenticationManager对象
+     * @throws Exception 配置过程中可能抛出的异常
+     */
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
+        return authenticationConfiguration.getAuthenticationManager();
+    }
+}

src/main/java/com/qf/backend/config/UsersDetailsServiceConfig.java

@@ -1,43 +0,0 @@
-// /*
-//  * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
-//  * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
-//  */
-
-// package com.qf.backend.config;
-
-// import org.springframework.beans.factory.annotation.Autowired;
-// import org.springframework.security.core.userdetails.UserDetailsService;
-// import org.springframework.stereotype.Component;
-// import org.springframework.stereotype.Service;
-// import org.springframework.security.core.userdetails.UserDetails;
-// import org.springframework.security.core.userdetails.UsernameNotFoundException;
-// import org.springframework.security.core.authority.AuthorityUtils;
-// import com.qf.backend.mapper.UsersMapper;
-// import com.qf.backend.entity.Users;
-// import com.qf.backend.mapper.RolesMapper;
-
-
-
-// /**
-//  * 自定义UserDetailsService
-//  * 用于从数据库加载用户信息进行认证
-//  * @author 30803
-//  */
-// @Component
-// public class UsersDetailsServiceConfig implements UserDetailsService {
-//     @Autowired
-//     private UsersMapper usersMapper;
-//     @Autowired
-//     private RolesMapper rolesMapper;
-
-    
-//     @Override
-//     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-//         Users users = usersMapper.selectByUsername(username);
-//         if (users == null) {
-//             throw new UsernameNotFoundException("用户不存在"+username);
-//         }
-//         int roleType = rolesMapper.selectById(users.getId()).getRoleType();
-//     }
-
-// }

src/main/java/com/qf/backend/controller/AuthController.java

@@ -0,0 +1,92 @@
+package com.qf.backend.controller;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.qf.backend.dto.LoginRequest;
+import com.qf.backend.dto.LoginResponse;
+import com.qf.backend.dto.Result;
+import com.qf.backend.exception.ErrorCode;
+import com.qf.backend.util.JwtUtils;
+import com.qf.backend.util.ResultUtils;
+
+/**
+ * 认证控制器，用于处理用户登录请求
+ * 该控制器接收前端发送的用户名和密码，通过Spring Security进行认证，认证成功后生成JWT返回给前端
+ */
+@RestController
+@RequestMapping("/api/auth")
+public class AuthController {
+    
+    /**
+     * 注入AuthenticationManager，用于处理认证请求
+     * AuthenticationManager是Spring Security的核心组件，负责协调认证过程
+     */
+    @Autowired
+    private AuthenticationManager authenticationManager;
+    
+    /**
+     * 注入JWT工具类，用于生成和验证JWT
+     */
+    @Autowired
+    private JwtUtils jwtUtils;
+    
+    /**
+     * 用户登录接口
+     * @param loginRequest 登录请求体，包含用户名和密码
+     * @return ResponseEntity 包含JWT令牌的响应
+     * 
+     * 登录流程：
+     * 1. 前端发送POST请求到/api/auth/login，携带用户名和密码
+     * 2. 该方法被调用，创建UsernamePasswordAuthenticationToken对象
+     * 3. 调用AuthenticationManager.authenticate()方法进行认证
+     * 4. 认证成功后，从Authentication对象中获取UserDetails
+     * 5. 使用JwtUtils生成JWT令牌
+     * 6. 返回包含JWT令牌的响应
+     */
+    @PostMapping("/login")
+    public  Result<ResponseEntity<LoginResponse>> login(@RequestBody LoginRequest loginRequest) {
+        try {
+            // 1. 创建认证令牌，将用户名和密码封装到UsernamePasswordAuthenticationToken中
+            // 这里的令牌是未认证状态的，因为还没有验证密码是否正确
+            UsernamePasswordAuthenticationToken authenticationToken = 
+                    new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword());
+            
+            // 2. 调用AuthenticationManager.authenticate()方法进行认证
+            // 这个方法会触发以下流程：
+            // a. 调用UserDetailsService.loadUserByUsername()方法，从数据库加载用户信息
+            // b. 使用PasswordEncoder验证密码是否匹配
+            // c. 认证成功后，返回一个已认证的Authentication对象
+            Authentication authentication = authenticationManager.authenticate(authenticationToken);
+            
+            // 3. 从已认证的Authentication对象中获取UserDetails
+            // UserDetails包含了用户的基本信息和权限列表
+            UserDetails userDetails = (UserDetails) authentication.getPrincipal();
+            
+            // 4. 使用JwtUtils生成JWT令牌
+            // 令牌中包含了用户名、权限等信息，以及过期时间
+            String jwt = jwtUtils.generateToken(userDetails);
+
+            // 5. 创建LoginResponse对象，封装JWT令牌和令牌类型
+            LoginResponse loginResponse = new LoginResponse();
+            loginResponse.setToken(jwt);
+            loginResponse.setTokenType(jwtUtils.getTokenPrefix());
+            // 5. 返回包含JWT令牌的响应
+            // 响应格式为：{"token": "xxx", "tokenType": "Bearer"}
+            return ResultUtils.success(ResponseEntity.ok(loginResponse));
+        } catch (BadCredentialsException e) {
+            // 认证失败，通常是用户名不存在或密码错误
+            // 返回401 Unauthorized响应
+            return ResultUtils.fail(ErrorCode.PASSWORD_ERROR, "用户名或密码错误");
+        }
+    }
+}

src/main/java/com/qf/backend/controller/LoginController.java

@@ -1,33 +0,0 @@
-/*
- * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
- * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
- */
-
-package com.qf.backend.controller;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
-
-import com.qf.backend.common.Result;
-import com.qf.backend.dto.LoginRequest;
-import com.qf.backend.dto.LoginUser;
-import com.qf.backend.service.UserLoginService;
-/**
- *
- * @author 30803
- */
-@RestController
-@RequestMapping("/api/login")
-public class LoginController {
-    @Autowired
-    private UserLoginService userLoginService;
-    
-    @PostMapping("/login")
-    public Result<LoginUser> login(@RequestBody LoginRequest loginRequest) {
-        return userLoginService.login(loginRequest.getUsername(), loginRequest.getPassword());
-    }
-
-}

src/main/java/com/qf/backend/controller/OrderItemsController.java

@@ -0,0 +1,147 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.OrderItems;
+import com.qf.backend.service.OrderItemsService;
+import java.util.List;
+
+/**
+ * 订单项控制器
+ * 处理订单项相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/order-items")
+@RestController
+public class OrderItemsController {
+    private static final Logger logger = LoggerFactory.getLogger(OrderItemsController.class);
+    
+    @Autowired
+    private OrderItemsService orderItemsService;
+    
+    /**
+     * 根据订单ID查询订单项
+     * @param orderId 订单ID
+     * @return 订单项列表
+     */
+    @GetMapping("/order/{orderId}")
+    public Result<List<OrderItems>> getOrderItemsByOrderId(@PathVariable Long orderId) {
+        logger.info("根据订单ID查询订单项，订单ID：{}", orderId);
+        return orderItemsService.getOrderItemsByOrderId(orderId);
+    }
+    
+    /**
+     * 根据商品ID查询订单项
+     * @param productId 商品ID
+     * @return 订单项列表
+     */
+    @GetMapping("/product/{productId}")
+    public Result<List<OrderItems>> getOrderItemsByProductId(@PathVariable Long productId) {
+        logger.info("根据商品ID查询订单项，商品ID：{}", productId);
+        return orderItemsService.getOrderItemsByProductId(productId);
+    }
+    
+    /**
+     * 创建订单项
+     * @param orderItems 订单项信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')")
+    public Result<Boolean> createOrderItem(@RequestBody OrderItems orderItems) {
+        logger.info("创建订单项，订单项信息：{}", orderItems);
+        return orderItemsService.createOrderItem(orderItems);
+    }
+    
+    /**
+     * 更新订单项信息
+     * @param orderItems 订单项信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateOrderItem(@RequestBody OrderItems orderItems) {
+        logger.info("更新订单项信息，订单项信息：{}", orderItems);
+        return orderItemsService.updateOrderItem(orderItems);
+    }
+    
+    /**
+     * 删除订单项
+     * @param id 订单项ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteOrderItem(@PathVariable Long id) {
+        logger.info("删除订单项，订单项ID：{}", id);
+        return orderItemsService.deleteOrderItem(id);
+    }
+    
+    /**
+     * 根据订单项ID查询订单项
+     * @param id 订单项ID
+     * @return 订单项信息
+     */
+    @GetMapping("/{id}")
+    public Result<OrderItems> getOrderItemById(@PathVariable Long id) {
+        logger.info("根据订单项ID查询订单项，订单项ID：{}", id);
+        return orderItemsService.getOrderItemById(id);
+    }
+    
+    /**
+     * 批量创建订单项
+     * @param orderItemsList 订单项列表
+     * @return 是否成功
+     */
+    @PostMapping("/batch-create")
+    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')")
+    public Result<Boolean> batchCreateOrderItems(@RequestBody List<OrderItems> orderItemsList) {
+        logger.info("批量创建订单项，订单项数量：{}", orderItemsList.size());
+        return orderItemsService.batchCreateOrderItems(orderItemsList);
+    }
+    
+    /**
+     * 根据订单ID删除所有订单项
+     * @param orderId 订单ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete-by-order/{orderId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteOrderItemsByOrderId(@PathVariable Long orderId) {
+        logger.info("根据订单ID删除所有订单项，订单ID：{}", orderId);
+        return orderItemsService.deleteOrderItemsByOrderId(orderId);
+    }
+    
+    /**
+     * 计算订单总金额
+     * @param orderId 订单ID
+     * @return 订单总金额
+     */
+    @GetMapping("/calculate-total/{orderId}")
+    public Result<Double> calculateOrderTotal(@PathVariable Long orderId) {
+        logger.info("计算订单总金额，订单ID：{}", orderId);
+        return orderItemsService.calculateOrderTotal(orderId);
+    }
+    
+    /**
+     * 根据SKU ID查询订单项
+     * @param skuId SKU ID
+     * @return 订单项列表
+     */
+    @GetMapping("/sku/{skuId}")
+    public Result<List<OrderItems>> getOrderItemsBySkuId(@PathVariable Long skuId) {
+        logger.info("根据SKU ID查询订单项，SKU ID：{}", skuId);
+        return orderItemsService.getOrderItemsBySkuId(skuId);
+    }
+}

src/main/java/com/qf/backend/controller/OrderStatusHistoryController.java

@@ -0,0 +1,137 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.OrderStatusHistory;
+import com.qf.backend.service.OrderStatusHistoryService;
+import java.util.List;
+
+/**
+ * 订单状态历史控制器
+ * 处理订单状态历史相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/order-status-history")
+@RestController
+public class OrderStatusHistoryController {
+    private static final Logger logger = LoggerFactory.getLogger(OrderStatusHistoryController.class);
+    
+    @Autowired
+    private OrderStatusHistoryService orderStatusHistoryService;
+    
+    /**
+     * 根据订单ID查询状态历史
+     * @param orderId 订单ID
+     * @return 订单状态历史列表
+     */
+    @GetMapping("/order/{orderId}")
+    public Result<List<OrderStatusHistory>> getHistoryByOrderId(@PathVariable Long orderId) {
+        logger.info("根据订单ID查询状态历史，订单ID：{}", orderId);
+        return orderStatusHistoryService.getHistoryByOrderId(orderId);
+    }
+    
+    /**
+     * 创建订单状态历史记录
+     * @param orderStatusHistory 订单状态历史信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')")
+    public Result<Boolean> createStatusHistory(@RequestBody OrderStatusHistory orderStatusHistory) {
+        logger.info("创建订单状态历史记录，订单状态历史信息：{}", orderStatusHistory);
+        return orderStatusHistoryService.createStatusHistory(orderStatusHistory);
+    }
+    
+    /**
+     * 更新订单状态历史信息
+     * @param orderStatusHistory 订单状态历史信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateStatusHistory(@RequestBody OrderStatusHistory orderStatusHistory) {
+        logger.info("更新订单状态历史信息，订单状态历史信息：{}", orderStatusHistory);
+        return orderStatusHistoryService.updateStatusHistory(orderStatusHistory);
+    }
+    
+    /**
+     * 删除订单状态历史记录
+     * @param id 记录ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteStatusHistory(@PathVariable Long id) {
+        logger.info("删除订单状态历史记录，记录ID：{}", id);
+        return orderStatusHistoryService.deleteStatusHistory(id);
+    }
+    
+    /**
+     * 根据记录ID查询订单状态历史
+     * @param id 记录ID
+     * @return 订单状态历史信息
+     */
+    @GetMapping("/{id}")
+    public Result<OrderStatusHistory> getStatusHistoryById(@PathVariable Long id) {
+        logger.info("根据记录ID查询订单状态历史，记录ID：{}", id);
+        return orderStatusHistoryService.getStatusHistoryById(id);
+    }
+    
+    /**
+     * 批量创建订单状态历史记录
+     * @param historyList 订单状态历史列表
+     * @return 是否成功
+     */
+    @PostMapping("/batch-create")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> batchCreateStatusHistory(@RequestBody List<OrderStatusHistory> historyList) {
+        logger.info("批量创建订单状态历史记录，记录数量：{}", historyList.size());
+        return orderStatusHistoryService.batchCreateStatusHistory(historyList);
+    }
+    
+    /**
+     * 根据订单ID和状态查询历史记录
+     * @param orderId 订单ID
+     * @param status 订单状态
+     * @return 订单状态历史列表
+     */
+    @GetMapping("/order/{orderId}/status/{status}")
+    public Result<List<OrderStatusHistory>> getHistoryByOrderIdAndStatus(@PathVariable Long orderId, @PathVariable Integer status) {
+        logger.info("根据订单ID和状态查询历史记录，订单ID：{}，状态：{}", orderId, status);
+        return orderStatusHistoryService.getHistoryByOrderIdAndStatus(orderId, status);
+    }
+    
+    /**
+     * 获取订单最新状态
+     * @param orderId 订单ID
+     * @return 最新订单状态历史信息
+     */
+    @GetMapping("/order/{orderId}/latest")
+    public Result<OrderStatusHistory> getLatestStatusHistory(@PathVariable Long orderId) {
+        logger.info("获取订单最新状态，订单ID：{}", orderId);
+        return orderStatusHistoryService.getLatestStatusHistory(orderId);
+    }
+    
+    /**
+     * 根据订单ID删除所有状态历史
+     * @param orderId 订单ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete-by-order/{orderId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteHistoryByOrderId(@PathVariable Long orderId) {
+        logger.info("根据订单ID删除所有状态历史，订单ID：{}", orderId);
+        return orderStatusHistoryService.deleteHistoryByOrderId(orderId);
+    }
+}

src/main/java/com/qf/backend/controller/OrdersController.java

@@ -0,0 +1,149 @@
+package com.qf.backend.controller;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.Orders;
+import com.qf.backend.service.OrdersService;
+import java.util.List;
+
+/**
+ * 订单控制器
+ * 处理订单相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/orders")
+@RestController
+public class OrdersController {
+    private static final Logger logger = LoggerFactory.getLogger(OrdersController.class);
+    
+    @Autowired
+    private OrdersService ordersService;
+    
+    /**
+     * 根据订单号查询订单
+     * @param orderNumber 订单号
+     * @return 订单信息
+     */
+    @GetMapping("/number/{orderNumber}")
+    public Result<Orders> getOrderByNumber(@PathVariable String orderNumber) {
+        logger.info("根据订单号查询订单，订单号：{}", orderNumber);
+        return ordersService.getOrderByNumber(orderNumber);
+    }
+    
+    /**
+     * 根据用户ID查询订单列表
+     * @param userId 用户ID
+     * @return 订单列表
+     */
+    @GetMapping("/user/{userId}")
+    public Result<List<Orders>> getOrdersByUserId(@PathVariable Long userId) {
+        logger.info("根据用户ID查询订单列表，用户ID：{}", userId);
+        return ordersService.getOrdersByUserId(userId);
+    }
+    
+    /**
+     * 创建订单
+     * @param orders 订单信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')")
+    public Result<Boolean> createOrder(@RequestBody Orders orders) {
+        logger.info("创建订单，订单信息：{}", orders);
+        return ordersService.createOrder(orders);
+    }
+    
+    /**
+     * 更新订单信息
+     * @param orders 订单信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateOrder(@RequestBody Orders orders) {
+        logger.info("更新订单信息，订单信息：{}", orders);
+        return ordersService.updateOrder(orders);
+    }
+    
+    /**
+     * 删除订单
+     * @param id 订单ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteOrder(@PathVariable Long id) {
+        logger.info("删除订单，订单ID：{}", id);
+        return ordersService.deleteOrder(id);
+    }
+    
+    /**
+     * 根据订单ID查询订单
+     * @param id 订单ID
+     * @return 订单信息
+     */
+    @GetMapping("/{id}")
+    public Result<Orders> getOrderById(@PathVariable Long id) {
+        logger.info("根据订单ID查询订单，订单ID：{}", id);
+        return ordersService.getOrderById(id);
+    }
+    
+    /**
+     * 分页查询订单
+     * @param page 当前页码
+     * @param size 每页数量
+     * @return 订单列表
+     */
+    @GetMapping("/page/{page}/{size}")
+    public Result<List<Orders>> listOrdersByPage(@PathVariable int page, @PathVariable int size) {
+        logger.info("分页查询订单，页码：{}，每页数量：{}", page, size);
+        return ordersService.listOrdersByPage(page, size);
+    }
+    
+    /**
+     * 根据店铺ID查询订单
+     * @param shopId 店铺ID
+     * @return 订单列表
+     */
+    @GetMapping("/shop/{shopId}")
+    public Result<List<Orders>> getOrdersByShopId(@PathVariable Long shopId) {
+        logger.info("根据店铺ID查询订单，店铺ID：{}", shopId);
+        return ordersService.getOrdersByShopId(shopId);
+    }
+    
+    /**
+     * 更新订单状态
+     * @param orderId 订单ID
+     * @param status 订单状态
+     * @return 是否成功
+     */
+    @PutMapping("/update-status/{orderId}/{status}")
+    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')")
+    public Result<Boolean> updateOrderStatus(@PathVariable Long orderId, @PathVariable Integer status) {
+        logger.info("更新订单状态，订单ID：{}，状态：{}", orderId, status);
+        return ordersService.updateOrderStatus(orderId, status);
+    }
+    
+    /**
+     * 根据订单状态查询订单
+     * @param status 订单状态
+     * @return 订单列表
+     */
+    @GetMapping("/status/{status}")
+    public Result<List<Orders>> getOrdersByStatus(@PathVariable Integer status) {
+        logger.info("根据订单状态查询订单，状态：{}", status);
+        return ordersService.getOrdersByStatus(status);
+    }
+}

src/main/java/com/qf/backend/controller/PaymentsController.java

@@ -0,0 +1,158 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.Payments;
+import com.qf.backend.service.PaymentsService;
+import java.util.List;
+
+/**
+ * 支付控制器
+ * 处理支付相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/payments")
+@RestController
+public class PaymentsController {
+    private static final Logger logger = LoggerFactory.getLogger(PaymentsController.class);
+    
+    @Autowired
+    private PaymentsService paymentsService;
+    
+    /**
+     * 根据订单ID查询支付记录
+     * @param orderId 订单ID
+     * @return 支付记录
+     */
+    @GetMapping("/order/{orderId}")
+    public Result<Payments> getPaymentByOrderId(@PathVariable Long orderId) {
+        logger.info("根据订单ID查询支付记录，订单ID：{}", orderId);
+        Payments payment = paymentsService.getPaymentByOrderId(orderId);
+        return Result.success(payment);
+    }
+    
+    /**
+     * 根据支付流水号查询支付记录
+     * @param transactionId 支付流水号
+     * @return 支付记录
+     */
+    @GetMapping("/transaction/{transactionId}")
+    public Result<Payments> getPaymentByTransactionId(@PathVariable String transactionId) {
+        logger.info("根据支付流水号查询支付记录，支付流水号：{}", transactionId);
+        Payments payment = paymentsService.getPaymentByTransactionId(transactionId);
+        return Result.success(payment);
+    }
+    
+    /**
+     * 创建支付记录
+     * @param payments 支付信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')")
+    public Result<Boolean> createPayment(@RequestBody Payments payments) {
+        logger.info("创建支付记录，支付信息：{}", payments);
+        boolean result = paymentsService.createPayment(payments);
+        return Result.success(result);
+    }
+    
+    /**
+     * 更新支付信息
+     * @param payments 支付信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updatePayment(@RequestBody Payments payments) {
+        logger.info("更新支付信息，支付信息：{}", payments);
+        boolean result = paymentsService.updatePayment(payments);
+        return Result.success(result);
+    }
+    
+    /**
+     * 删除支付记录
+     * @param id 支付ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deletePayment(@PathVariable Long id) {
+        logger.info("删除支付记录，支付ID：{}", id);
+        boolean result = paymentsService.deletePayment(id);
+        return Result.success(result);
+    }
+    
+    /**
+     * 根据支付ID查询支付记录
+     * @param id 支付ID
+     * @return 支付记录
+     */
+    @GetMapping("/{id}")
+    public Result<Payments> getPaymentById(@PathVariable Long id) {
+        logger.info("根据支付ID查询支付记录，支付ID：{}", id);
+        Payments payment = paymentsService.getPaymentById(id);
+        return Result.success(payment);
+    }
+    
+    /**
+     * 根据用户ID查询支付记录
+     * @param userId 用户ID
+     * @return 支付记录列表
+     */
+    @GetMapping("/user/{userId}")
+    public Result<List<Payments>> getPaymentsByUserId(@PathVariable Long userId) {
+        logger.info("根据用户ID查询支付记录，用户ID：{}", userId);
+        List<Payments> payments = paymentsService.getPaymentsByUserId(userId);
+        return Result.success(payments);
+    }
+    
+    /**
+     * 根据支付状态查询支付记录
+     * @param status 支付状态
+     * @return 支付记录列表
+     */
+    @GetMapping("/status/{status}")
+    public Result<List<Payments>> getPaymentsByStatus(@PathVariable Integer status) {
+        logger.info("根据支付状态查询支付记录，状态：{}", status);
+        List<Payments> payments = paymentsService.getPaymentsByStatus(status);
+        return Result.success(payments);
+    }
+    
+    /**
+     * 更新支付状态
+     * @param paymentId 支付ID
+     * @param status 支付状态
+     * @return 是否成功
+     */
+    @PutMapping("/update-status/{paymentId}/{status}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updatePaymentStatus(@PathVariable Long paymentId, @PathVariable Integer status) {
+        logger.info("更新支付状态，支付ID：{}，状态：{}", paymentId, status);
+        boolean result = paymentsService.updatePaymentStatus(paymentId, status);
+        return Result.success(result);
+    }
+    
+    /**
+     * 分页查询支付记录
+     * @param page 当前页码
+     * @param size 每页数量
+     * @return 支付记录列表
+     */
+    @GetMapping("/page/{page}/{size}")
+    public Result<List<Payments>> listPaymentsByPage(@PathVariable int page, @PathVariable int size) {
+        logger.info("分页查询支付记录，页码：{}，每页数量：{}", page, size);
+        List<Payments> payments = paymentsService.listPaymentsByPage(page, size);
+        return Result.success(payments);
+    }
+}

src/main/java/com/qf/backend/controller/PermissionsController.java

@@ -0,0 +1,145 @@
+/*
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
+ */
+
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.Permissions;
+import com.qf.backend.service.PermissionsService;
+import java.util.List;
+
+/**
+ * 权限管理控制器
+ * 处理权限相关的HTTP请求
+ * 遵循RESTful API设计规范
+ * @author 30803
+ */
+@RequestMapping("/api/permissions")
+@RestController
+public class PermissionsController {
+    private static final Logger logger = LoggerFactory.getLogger(PermissionsController.class);
+    
+    @Autowired
+    private PermissionsService permissionsService;
+    
+    /**
+     * 查询所有权限
+     * @return 权限列表
+     */
+    @GetMapping
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<List<Permissions>> listAllPermissions() {
+        logger.info("管理员查询所有权限");
+        return permissionsService.listAllPermissions();
+    }
+    
+    /**
+     * 根据权限ID查询权限
+     * @param id 权限ID
+     * @return 权限信息
+     */
+    @GetMapping("/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Permissions> getPermissionById(@PathVariable Long id) {
+        logger.info("管理员根据ID查询权限，ID：{}", id);
+        return permissionsService.getPermissionById(id);
+    }
+    
+    /**
+     * 根据权限编码查询权限
+     * @param permissionCode 权限编码
+     * @return 权限信息
+     */
+    @GetMapping("/code/{permissionCode}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Permissions> getPermissionByCode(@PathVariable String permissionCode) {
+        logger.info("管理员根据权限编码查询权限，权限编码：{}", permissionCode);
+        return permissionsService.getPermissionByCode(permissionCode);
+    }
+    
+    /**
+     * 创建权限
+     * @param permissions 权限信息
+     * @return 是否成功
+     */
+    @PostMapping
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> createPermission(@RequestBody Permissions permissions) {
+        logger.info("管理员创建权限：{}", permissions);
+        return permissionsService.createPermission(permissions);
+    }
+    
+    /**
+     * 更新权限信息
+     * @param permissions 权限信息
+     * @return 是否成功
+     */
+    @PutMapping
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updatePermission(@RequestBody Permissions permissions) {
+        logger.info("管理员更新权限：{}", permissions);
+        return permissionsService.updatePermission(permissions);
+    }
+    
+    /**
+     * 删除权限
+     * @param id 权限ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deletePermission(@PathVariable Long id) {
+        logger.info("管理员删除权限，ID：{}", id);
+        return permissionsService.deletePermission(id);
+    }
+    
+    /**
+     * 批量删除权限
+     * @param ids 权限ID列表
+     * @return 是否成功
+     */
+    @DeleteMapping("/batch")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> batchDeletePermissions(@RequestBody List<Long> ids) {
+        logger.info("管理员批量删除权限，IDs：{}", ids);
+        return permissionsService.batchDeletePermissions(ids);
+    }
+    
+    /**
+     * 根据菜单ID查询权限
+     * @param menuId 菜单ID
+     * @return 权限列表
+     */
+    @GetMapping("/menu/{menuId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<List<Permissions>> listPermissionsByMenuId(@PathVariable Long menuId) {
+        logger.info("管理员根据菜单ID查询权限，菜单ID：{}", menuId);
+        return permissionsService.listPermissionsByMenuId(menuId);
+    }
+    
+    /**
+     * 根据权限类型查询权限
+     * @param permissionType 权限类型
+     * @return 权限列表
+     */
+    @GetMapping("/type/{permissionType}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<List<Permissions>> listPermissionsByType(@PathVariable String permissionType) {
+        logger.info("管理员根据权限类型查询权限，权限类型：{}", permissionType);
+        return permissionsService.listPermissionsByType(permissionType);
+    }
+}

src/main/java/com/qf/backend/controller/ProductAttributeValuesController.java

@@ -0,0 +1,137 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.ProductAttributeValues;
+import com.qf.backend.service.ProductAttributeValuesService;
+import java.util.List;
+
+/**
+ * 商品属性值控制器
+ * 处理商品属性值相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/product-attribute-values")
+@RestController
+public class ProductAttributeValuesController {
+    private static final Logger logger = LoggerFactory.getLogger(ProductAttributeValuesController.class);
+    
+    @Autowired
+    private ProductAttributeValuesService productAttributeValuesService;
+    
+    /**
+     * 根据商品ID查询属性值
+     * @param productId 商品ID
+     * @return 属性值列表
+     */
+    @GetMapping("/product/{productId}")
+    public Result<List<ProductAttributeValues>> getAttributeValuesByProductId(@PathVariable Long productId) {
+        logger.info("根据商品ID查询属性值，商品ID：{}", productId);
+        return productAttributeValuesService.getAttributeValuesByProductId(productId);
+    }
+    
+    /**
+     * 根据属性ID查询属性值
+     * @param attributeId 属性ID
+     * @return 属性值列表
+     */
+    @GetMapping("/attribute/{attributeId}")
+    public Result<List<ProductAttributeValues>> getAttributeValuesByAttributeId(@PathVariable Long attributeId) {
+        logger.info("根据属性ID查询属性值，属性ID：{}", attributeId);
+        return productAttributeValuesService.getAttributeValuesByAttributeId(attributeId);
+    }
+    
+    /**
+     * 创建属性值
+     * @param productAttributeValues 属性值信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> createAttributeValue(@RequestBody ProductAttributeValues productAttributeValues) {
+        logger.info("创建属性值，属性值信息：{}", productAttributeValues);
+        return productAttributeValuesService.createAttributeValue(productAttributeValues);
+    }
+    
+    /**
+     * 更新属性值信息
+     * @param productAttributeValues 属性值信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateAttributeValue(@RequestBody ProductAttributeValues productAttributeValues) {
+        logger.info("更新属性值信息，属性值信息：{}", productAttributeValues);
+        return productAttributeValuesService.updateAttributeValue(productAttributeValues);
+    }
+    
+    /**
+     * 删除属性值
+     * @param id 属性值ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteAttributeValue(@PathVariable Long id) {
+        logger.info("删除属性值，属性值ID：{}", id);
+        return productAttributeValuesService.deleteAttributeValue(id);
+    }
+    
+    /**
+     * 根据属性值ID查询属性值
+     * @param id 属性值ID
+     * @return 属性值信息
+     */
+    @GetMapping("/{id}")
+    public Result<ProductAttributeValues> getAttributeValueById(@PathVariable Long id) {
+        logger.info("根据属性值ID查询属性值，属性值ID：{}", id);
+        return productAttributeValuesService.getAttributeValueById(id);
+    }
+    
+    /**
+     * 批量创建商品属性值
+     * @param attributeValues 属性值列表
+     * @return 是否成功
+     */
+    @PostMapping("/batch-create")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> batchCreateAttributeValues(@RequestBody List<ProductAttributeValues> attributeValues) {
+        logger.info("批量创建商品属性值，属性值数量：{}", attributeValues.size());
+        return productAttributeValuesService.batchCreateAttributeValues(attributeValues);
+    }
+    
+    /**
+     * 根据商品ID和属性ID查询属性值
+     * @param productId 商品ID
+     * @param attributeId 属性ID
+     * @return 属性值信息
+     */
+    @GetMapping("/product/{productId}/attribute/{attributeId}")
+    public Result<ProductAttributeValues> getAttributeValueByProductAndAttribute(@PathVariable Long productId, @PathVariable Long attributeId) {
+        logger.info("根据商品ID和属性ID查询属性值，商品ID：{}，属性ID：{}", productId, attributeId);
+        return productAttributeValuesService.getAttributeValueByProductAndAttribute(productId, attributeId);
+    }
+    
+    /**
+     * 根据商品ID删除所有属性值
+     * @param productId 商品ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete-by-product/{productId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteAttributeValuesByProductId(@PathVariable Long productId) {
+        logger.info("根据商品ID删除所有属性值，商品ID：{}", productId);
+        return productAttributeValuesService.deleteAttributeValuesByProductId(productId);
+    }
+}

src/main/java/com/qf/backend/controller/ProductAttributesController.java

@@ -0,0 +1,136 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.ProductAttributes;
+import com.qf.backend.service.ProductAttributesService;
+import java.util.List;
+
+/**
+ * 商品属性控制器
+ * 处理商品属性相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/product-attributes")
+@RestController
+public class ProductAttributesController {
+    private static final Logger logger = LoggerFactory.getLogger(ProductAttributesController.class);
+    
+    @Autowired
+    private ProductAttributesService productAttributesService;
+    
+    /**
+     * 根据分类ID查询属性
+     * @param categoryId 分类ID
+     * @return 属性列表
+     */
+    @GetMapping("/category/{categoryId}")
+    public Result<List<ProductAttributes>> getAttributesByCategoryId(@PathVariable Long categoryId) {
+        logger.info("根据分类ID查询属性，分类ID：{}", categoryId);
+        return productAttributesService.getAttributesByCategoryId(categoryId);
+    }
+    
+    /**
+     * 根据属性名称查询属性
+     * @param attributeName 属性名称
+     * @return 属性列表
+     */
+    @GetMapping("/name/{attributeName}")
+    public Result<List<ProductAttributes>> getAttributesByName(@PathVariable String attributeName) {
+        logger.info("根据属性名称查询属性，属性名称：{}", attributeName);
+        return productAttributesService.getAttributesByName(attributeName);
+    }
+    
+    /**
+     * 创建属性
+     * @param productAttributes 属性信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> createAttribute(@RequestBody ProductAttributes productAttributes) {
+        logger.info("创建属性，属性信息：{}", productAttributes);
+        return productAttributesService.createAttribute(productAttributes);
+    }
+    
+    /**
+     * 更新属性信息
+     * @param productAttributes 属性信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateAttribute(@RequestBody ProductAttributes productAttributes) {
+        logger.info("更新属性信息，属性信息：{}", productAttributes);
+        return productAttributesService.updateAttribute(productAttributes);
+    }
+    
+    /**
+     * 删除属性
+     * @param id 属性ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteAttribute(@PathVariable Long id) {
+        logger.info("删除属性，属性ID：{}", id);
+        return productAttributesService.deleteAttribute(id);
+    }
+    
+    /**
+     * 根据属性ID查询属性
+     * @param id 属性ID
+     * @return 属性信息
+     */
+    @GetMapping("/{id}")
+    public Result<ProductAttributes> getAttributeById(@PathVariable Long id) {
+        logger.info("根据属性ID查询属性，属性ID：{}", id);
+        return productAttributesService.getAttributeById(id);
+    }
+    
+    /**
+     * 批量删除属性
+     * @param ids 属性ID列表
+     * @return 是否成功
+     */
+    @DeleteMapping("/batch-delete")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> batchDeleteAttributes(@RequestBody List<Long> ids) {
+        logger.info("批量删除属性，属性ID数量：{}", ids.size());
+        return productAttributesService.batchDeleteAttributes(ids);
+    }
+    
+    /**
+     * 根据属性类型查询属性
+     * @param attributeType 属性类型
+     * @return 属性列表
+     */
+    @GetMapping("/type/{attributeType}")
+    public Result<List<ProductAttributes>> getAttributesByType(@PathVariable String attributeType) {
+        logger.info("根据属性类型查询属性，属性类型：{}", attributeType);
+        return productAttributesService.getAttributesByType(attributeType);
+    }
+    
+    /**
+     * 查询是否可搜索的属性
+     * @param searchable 是否可搜索
+     * @return 属性列表
+     */
+    @GetMapping("/searchable")
+    public Result<List<ProductAttributes>> getAttributesBySearchable(@RequestParam Boolean searchable) {
+        logger.info("查询是否可搜索的属性，可搜索：{}", searchable);
+        return productAttributesService.getAttributesBySearchable(searchable);
+    }
+}

src/main/java/com/qf/backend/controller/ProductCategoriesController.java

@@ -0,0 +1,133 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.ProductCategories;
+import com.qf.backend.service.ProductCategoriesService;
+import java.util.List;
+
+/**
+ * 商品分类控制器
+ * 处理商品分类相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/product-categories")
+@RestController
+public class ProductCategoriesController {
+    private static final Logger logger = LoggerFactory.getLogger(ProductCategoriesController.class);
+    
+    @Autowired
+    private ProductCategoriesService productCategoriesService;
+    
+    /**
+     * 根据分类名称查询分类
+     * @param categoryName 分类名称
+     * @return 分类信息
+     */
+    @GetMapping("/name/{categoryName}")
+    public Result<ProductCategories> getCategoryByName(@PathVariable String categoryName) {
+        logger.info("根据分类名称查询分类，分类名称：{}", categoryName);
+        return productCategoriesService.getCategoryByName(categoryName);
+    }
+    
+    /**
+     * 根据父分类ID查询子分类
+     * @param parentId 父分类ID
+     * @return 子分类列表
+     */
+    @GetMapping("/parent/{parentId}")
+    public Result<List<ProductCategories>> getSubCategoriesByParentId(@PathVariable Long parentId) {
+        logger.info("根据父分类ID查询子分类，父分类ID：{}", parentId);
+        return productCategoriesService.getSubCategoriesByParentId(parentId);
+    }
+    
+    /**
+     * 创建分类
+     * @param productCategories 分类信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> createCategory(@RequestBody ProductCategories productCategories) {
+        logger.info("创建分类，分类信息：{}", productCategories);
+        return productCategoriesService.createCategory(productCategories);
+    }
+    
+    /**
+     * 更新分类信息
+     * @param productCategories 分类信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateCategory(@RequestBody ProductCategories productCategories) {
+        logger.info("更新分类信息，分类信息：{}", productCategories);
+        return productCategoriesService.updateCategory(productCategories);
+    }
+    
+    /**
+     * 删除分类
+     * @param id 分类ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteCategory(@PathVariable Long id) {
+        logger.info("删除分类，分类ID：{}", id);
+        return productCategoriesService.deleteCategory(id);
+    }
+    
+    /**
+     * 查询所有根分类（父分类ID为0或null的分类）
+     * @return 根分类列表
+     */
+    @GetMapping("/root")
+    public Result<List<ProductCategories>> listRootCategories() {
+        logger.info("查询所有根分类");
+        return productCategoriesService.listRootCategories();
+    }
+    
+    /**
+     * 根据分类ID查询分类
+     * @param id 分类ID
+     * @return 分类信息
+     */
+    @GetMapping("/{id}")
+    public Result<ProductCategories> getCategoryById(@PathVariable Long id) {
+        logger.info("根据分类ID查询分类，分类ID：{}", id);
+        return productCategoriesService.getCategoryById(id);
+    }
+    
+    /**
+     * 批量删除分类
+     * @param ids 分类ID列表
+     * @return 是否成功
+     */
+    @DeleteMapping("/batch-delete")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> batchDeleteCategories(@RequestBody List<Long> ids) {
+        logger.info("批量删除分类，分类ID数量：{}", ids.size());
+        return productCategoriesService.batchDeleteCategories(ids);
+    }
+    
+    /**
+     * 查询所有分类（树形结构）
+     * @return 分类树形列表
+     */
+    @GetMapping("/tree")
+    public Result<List<ProductCategories>> listAllCategoriesWithTree() {
+        logger.info("查询所有分类（树形结构）");
+        return productCategoriesService.listAllCategoriesWithTree();
+    }
+}

src/main/java/com/qf/backend/controller/ProductImagesController.java

@@ -0,0 +1,138 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.ProductImages;
+import com.qf.backend.service.ProductImagesService;
+import java.util.List;
+
+/**
+ * 商品图片控制器
+ * 处理商品图片相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/product-images")
+@RestController
+public class ProductImagesController {
+    private static final Logger logger = LoggerFactory.getLogger(ProductImagesController.class);
+    
+    @Autowired
+    private ProductImagesService productImagesService;
+    
+    /**
+     * 根据商品ID查询图片
+     * @param productId 商品ID
+     * @return 图片列表
+     */
+    @GetMapping("/product/{productId}")
+    public Result<List<ProductImages>> getImagesByProductId(@PathVariable Long productId) {
+        logger.info("根据商品ID查询图片，商品ID：{}", productId);
+        return productImagesService.getImagesByProductId(productId);
+    }
+    
+    /**
+     * 根据商品ID查询主图
+     * @param productId 商品ID
+     * @return 主图信息
+     */
+    @GetMapping("/product/{productId}/main")
+    public Result<ProductImages> getMainImageByProductId(@PathVariable Long productId) {
+        logger.info("根据商品ID查询主图，商品ID：{}", productId);
+        return productImagesService.getMainImageByProductId(productId);
+    }
+    
+    /**
+     * 创建商品图片
+     * @param productImages 图片信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> createImage(@RequestBody ProductImages productImages) {
+        logger.info("创建商品图片，图片信息：{}", productImages);
+        return productImagesService.createImage(productImages);
+    }
+    
+    /**
+     * 更新图片信息
+     * @param productImages 图片信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateImage(@RequestBody ProductImages productImages) {
+        logger.info("更新图片信息，图片信息：{}", productImages);
+        return productImagesService.updateImage(productImages);
+    }
+    
+    /**
+     * 删除图片
+     * @param id 图片ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteImage(@PathVariable Long id) {
+        logger.info("删除图片，图片ID：{}", id);
+        return productImagesService.deleteImage(id);
+    }
+    
+    /**
+     * 根据图片ID查询图片
+     * @param id 图片ID
+     * @return 图片信息
+     */
+    @GetMapping("/{id}")
+    public Result<ProductImages> getImageById(@PathVariable Long id) {
+        logger.info("根据图片ID查询图片，图片ID：{}", id);
+        return productImagesService.getImageById(id);
+    }
+    
+    /**
+     * 批量创建商品图片
+     * @param images 图片列表
+     * @return 是否成功
+     */
+    @PostMapping("/batch-create")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> batchCreateImages(@RequestBody List<ProductImages> images) {
+        logger.info("批量创建商品图片，图片数量：{}", images.size());
+        return productImagesService.batchCreateImages(images);
+    }
+    
+    /**
+     * 根据商品ID删除所有图片
+     * @param productId 商品ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete-by-product/{productId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteImagesByProductId(@PathVariable Long productId) {
+        logger.info("根据商品ID删除所有图片，商品ID：{}", productId);
+        return productImagesService.deleteImagesByProductId(productId);
+    }
+    
+    /**
+     * 设置主图
+     * @param productId 商品ID
+     * @param imageId 图片ID
+     * @return 是否成功
+     */
+    @PutMapping("/set-main/{productId}/{imageId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> setMainImage(@PathVariable Long productId, @PathVariable Long imageId) {
+        logger.info("设置主图，商品ID：{}，图片ID：{}", productId, imageId);
+        return productImagesService.setMainImage(productId, imageId);
+    }
+}

src/main/java/com/qf/backend/controller/ProductInventoriesController.java

@@ -0,0 +1,151 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.ProductInventories;
+import com.qf.backend.service.ProductInventoriesService;
+import java.util.List;
+
+/**
+ * 商品库存控制器
+ * 处理商品库存相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/product-inventories")
+@RestController
+public class ProductInventoriesController {
+    private static final Logger logger = LoggerFactory.getLogger(ProductInventoriesController.class);
+    
+    @Autowired
+    private ProductInventoriesService productInventoriesService;
+    
+    /**
+     * 根据商品ID查询库存
+     * @param productId 商品ID
+     * @return 库存列表
+     */
+    @GetMapping("/product/{productId}")
+    public Result<List<ProductInventories>> getInventoriesByProductId(@PathVariable Long productId) {
+        logger.info("根据商品ID查询库存，商品ID：{}", productId);
+        return productInventoriesService.getInventoriesByProductId(productId);
+    }
+    
+    /**
+     * 根据SKU ID查询库存
+     * @param skuId SKU ID
+     * @return 库存信息
+     */
+    @GetMapping("/sku/{skuId}")
+    public Result<ProductInventories> getInventoryBySkuId(@PathVariable Long skuId) {
+        logger.info("根据SKU ID查询库存，SKU ID：{}", skuId);
+        return productInventoriesService.getInventoryBySkuId(skuId);
+    }
+    
+    /**
+     * 创建库存记录
+     * @param productInventories 库存信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> createInventory(@RequestBody ProductInventories productInventories) {
+        logger.info("创建库存记录，库存信息：{}", productInventories);
+        return productInventoriesService.createInventory(productInventories);
+    }
+    
+    /**
+     * 更新库存信息
+     * @param productInventories 库存信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateInventory(@RequestBody ProductInventories productInventories) {
+        logger.info("更新库存信息，库存信息：{}", productInventories);
+        return productInventoriesService.updateInventory(productInventories);
+    }
+    
+    /**
+     * 删除库存记录
+     * @param id 库存ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteInventory(@PathVariable Long id) {
+        logger.info("删除库存记录，库存ID：{}", id);
+        return productInventoriesService.deleteInventory(id);
+    }
+    
+    /**
+     * 根据库存ID查询库存
+     * @param id 库存ID
+     * @return 库存信息
+     */
+    @GetMapping("/{id}")
+    public Result<ProductInventories> getInventoryById(@PathVariable Long id) {
+        logger.info("根据库存ID查询库存，库存ID：{}", id);
+        return productInventoriesService.getInventoryById(id);
+    }
+    
+    /**
+     * 增加库存
+     * @param skuId SKU ID
+     * @param quantity 增加数量
+     * @return 是否成功
+     */
+    @PutMapping("/increase/{skuId}/{quantity}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> increaseInventory(@PathVariable Long skuId, @PathVariable Integer quantity) {
+        logger.info("增加库存，SKU ID：{}，增加数量：{}", skuId, quantity);
+        return productInventoriesService.increaseInventory(skuId, quantity);
+    }
+    
+    /**
+     * 减少库存
+     * @param skuId SKU ID
+     * @param quantity 减少数量
+     * @return 是否成功
+     */
+    @PutMapping("/decrease/{skuId}/{quantity}")
+    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')")
+    public Result<Boolean> decreaseInventory(@PathVariable Long skuId, @PathVariable Integer quantity) {
+        logger.info("减少库存，SKU ID：{}，减少数量：{}", skuId, quantity);
+        return productInventoriesService.decreaseInventory(skuId, quantity);
+    }
+    
+    /**
+     * 检查库存是否充足
+     * @param skuId SKU ID
+     * @param quantity 需要的数量
+     * @return 是否充足
+     */
+    @GetMapping("/check/{skuId}/{quantity}")
+    public Result<Boolean> checkInventorySufficient(@PathVariable Long skuId, @PathVariable Integer quantity) {
+        logger.info("检查库存是否充足，SKU ID：{}，需要数量：{}", skuId, quantity);
+        return productInventoriesService.checkInventorySufficient(skuId, quantity);
+    }
+    
+    /**
+     * 批量更新库存
+     * @param inventoryUpdates 库存更新列表
+     * @return 是否成功
+     */
+    @PutMapping("/batch-update")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> batchUpdateInventory(@RequestBody List<ProductInventories> inventoryUpdates) {
+        logger.info("批量更新库存，更新数量：{}", inventoryUpdates.size());
+        return productInventoriesService.batchUpdateInventory(inventoryUpdates);
+    }
+}

src/main/java/com/qf/backend/controller/ProductSkusController.java

@@ -0,0 +1,149 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.ProductSkus;
+import com.qf.backend.service.ProductSkusService;
+import java.util.List;
+
+/**
+ * 商品SKU控制器
+ * 处理商品SKU相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/product-skus")
+@RestController
+public class ProductSkusController {
+    private static final Logger logger = LoggerFactory.getLogger(ProductSkusController.class);
+    
+    @Autowired
+    private ProductSkusService productSkusService;
+    
+    /**
+     * 根据商品ID查询SKU
+     * @param productId 商品ID
+     * @return SKU列表
+     */
+    @GetMapping("/product/{productId}")
+    public Result<List<ProductSkus>> getSkusByProductId(@PathVariable Long productId) {
+        logger.info("根据商品ID查询SKU，商品ID：{}", productId);
+        return productSkusService.getSkusByProductId(productId);
+    }
+    
+    /**
+     * 根据SKU编码查询SKU
+     * @param skuCode SKU编码
+     * @return SKU信息
+     */
+    @GetMapping("/code/{skuCode}")
+    public Result<ProductSkus> getSkuByCode(@PathVariable String skuCode) {
+        logger.info("根据SKU编码查询SKU，SKU编码：{}", skuCode);
+        return productSkusService.getSkuByCode(skuCode);
+    }
+    
+    /**
+     * 创建SKU
+     * @param productSkus SKU信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> createSku(@RequestBody ProductSkus productSkus) {
+        logger.info("创建SKU，SKU信息：{}", productSkus);
+        return productSkusService.createSku(productSkus);
+    }
+    
+    /**
+     * 更新SKU信息
+     * @param productSkus SKU信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateSku(@RequestBody ProductSkus productSkus) {
+        logger.info("更新SKU信息，SKU信息：{}", productSkus);
+        return productSkusService.updateSku(productSkus);
+    }
+    
+    /**
+     * 删除SKU
+     * @param id SKU ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteSku(@PathVariable Long id) {
+        logger.info("删除SKU，SKU ID：{}", id);
+        return productSkusService.deleteSku(id);
+    }
+    
+    /**
+     * 根据SKU ID查询SKU
+     * @param id SKU ID
+     * @return SKU信息
+     */
+    @GetMapping("/{id}")
+    public Result<ProductSkus> getSkuById(@PathVariable Long id) {
+        logger.info("根据SKU ID查询SKU，SKU ID：{}", id);
+        return productSkusService.getSkuById(id);
+    }
+    
+    /**
+     * 批量创建SKU
+     * @param skus SKU列表
+     * @return 是否成功
+     */
+    @PostMapping("/batch-create")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> batchCreateSkus(@RequestBody List<ProductSkus> skus) {
+        logger.info("批量创建SKU，SKU数量：{}", skus.size());
+        return productSkusService.batchCreateSkus(skus);
+    }
+    
+    /**
+     * 根据商品ID删除所有SKU
+     * @param productId 商品ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete-by-product/{productId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteSkusByProductId(@PathVariable Long productId) {
+        logger.info("根据商品ID删除所有SKU，商品ID：{}", productId);
+        return productSkusService.deleteSkusByProductId(productId);
+    }
+    
+    /**
+     * 更新SKU库存
+     * @param skuId SKU ID
+     * @param quantity 库存数量
+     * @return 是否成功
+     */
+    @PutMapping("/update-stock/{skuId}/{quantity}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateSkuStock(@PathVariable Long skuId, @PathVariable Integer quantity) {
+        logger.info("更新SKU库存，SKU ID：{}，库存数量：{}", skuId, quantity);
+        return productSkusService.updateSkuStock(skuId, quantity);
+    }
+    
+    /**
+     * 批量查询SKU
+     * @param skuIds SKU ID列表
+     * @return SKU列表
+     */
+    @PostMapping("/batch-get")
+    public Result<List<ProductSkus>> batchGetSkus(@RequestBody List<Long> skuIds) {
+        logger.info("批量查询SKU，SKU ID数量：{}", skuIds.size());
+        return productSkusService.batchGetSkus(skuIds);
+    }
+}

src/main/java/com/qf/backend/controller/ProductsController.java

@@ -0,0 +1,151 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.Products;
+import com.qf.backend.service.ProductsService;
+import java.util.List;
+
+/**
+ * 商品控制器
+ * 处理商品相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/products")
+@RestController
+public class ProductsController {
+    private static final Logger logger = LoggerFactory.getLogger(ProductsController.class);
+    
+    @Autowired
+    private ProductsService productsService;
+    
+    /**
+     * 根据商品名称查询商品
+     * @param productName 商品名称
+     * @return 商品列表
+     */
+    @GetMapping("/name/{productName}")
+    public Result<List<Products>> getProductsByName(@PathVariable String productName) {
+        logger.info("根据商品名称查询商品，商品名称：{}", productName);
+        return productsService.getProductsByName(productName);
+    }
+    
+    /**
+     * 根据分类ID查询商品
+     * @param categoryId 分类ID
+     * @return 商品列表
+     */
+    @GetMapping("/category/{categoryId}")
+    public Result<List<Products>> getProductsByCategoryId(@PathVariable Long categoryId) {
+        logger.info("根据分类ID查询商品，分类ID：{}", categoryId);
+        return productsService.getProductsByCategoryId(categoryId);
+    }
+    
+    /**
+     * 创建商品
+     * @param products 商品信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> createProduct(@RequestBody Products products) {
+        logger.info("创建商品，商品信息：{}", products);
+        return productsService.createProduct(products);
+    }
+    
+    /**
+     * 更新商品信息
+     * @param products 商品信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateProduct(@RequestBody Products products) {
+        logger.info("更新商品信息，商品信息：{}", products);
+        return productsService.updateProduct(products);
+    }
+    
+    /**
+     * 删除商品
+     * @param id 商品ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteProduct(@PathVariable Long id) {
+        logger.info("删除商品，商品ID：{}", id);
+        return productsService.deleteProduct(id);
+    }
+    
+    /**
+     * 根据商品ID查询商品
+     * @param id 商品ID
+     * @return 商品信息
+     */
+    @GetMapping("/{id}")
+    public Result<Products> getProductById(@PathVariable Long id) {
+        logger.info("根据商品ID查询商品，商品ID：{}", id);
+        return productsService.getProductById(id);
+    }
+    
+    /**
+     * 分页查询商品
+     * @param page 当前页码
+     * @param size 每页数量
+     * @return 商品列表
+     */
+    @GetMapping("/page/{page}/{size}")
+    public Result<List<Products>> listProductsByPage(@PathVariable int page, @PathVariable int size) {
+        logger.info("分页查询商品，页码：{}，每页数量：{}", page, size);
+        return productsService.listProductsByPage(page, size);
+    }
+    
+    /**
+     * 根据店铺ID查询商品
+     * @param shopId 店铺ID
+     * @return 商品列表
+     */
+    @GetMapping("/shop/{shopId}")
+    public Result<List<Products>> getProductsByShopId(@PathVariable Long shopId) {
+        logger.info("根据店铺ID查询商品，店铺ID：{}", shopId);
+        return productsService.getProductsByShopId(shopId);
+    }
+    
+    /**
+     * 批量上下架商品
+     * @param ids 商品ID列表
+     * @param status 状态（上架/下架）
+     * @return 是否成功
+     */
+    @PutMapping("/batch-status")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> batchUpdateProductStatus(@RequestBody List<Long> ids, @RequestParam Integer status) {
+        logger.info("批量上下架商品，商品ID数量：{}，状态：{}", ids.size(), status);
+        return productsService.batchUpdateProductStatus(ids, status);
+    }
+    
+    /**
+     * 搜索商品
+     * @param keyword 关键词
+     * @param page 当前页码
+     * @param size 每页数量
+     * @return 商品列表
+     */
+    @GetMapping("/search")
+    public Result<List<Products>> searchProducts(@RequestParam String keyword, @RequestParam int page, @RequestParam int size) {
+        logger.info("搜索商品，关键词：{}，页码：{}，每页数量：{}", keyword, page, size);
+        return productsService.searchProducts(keyword, page, size);
+    }
+}

src/main/java/com/qf/backend/controller/RefundsController.java

@@ -0,0 +1,158 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.Refunds;
+import com.qf.backend.service.RefundsService;
+import java.util.List;
+
+/**
+ * 退款控制器
+ * 处理退款相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/refunds")
+@RestController
+public class RefundsController {
+    private static final Logger logger = LoggerFactory.getLogger(RefundsController.class);
+    
+    @Autowired
+    private RefundsService refundsService;
+    
+    /**
+     * 根据订单ID查询退款记录
+     * @param orderId 订单ID
+     * @return 退款记录列表
+     */
+    @GetMapping("/order/{orderId}")
+    public Result<List<Refunds>> getRefundsByOrderId(@PathVariable Long orderId) {
+        logger.info("根据订单ID查询退款记录，订单ID：{}", orderId);
+        List<Refunds> refunds = refundsService.getRefundsByOrderId(orderId);
+        return Result.success(refunds);
+    }
+    
+    /**
+     * 根据退款单号查询退款记录
+     * @param refundNumber 退款单号
+     * @return 退款记录
+     */
+    @GetMapping("/number/{refundNumber}")
+    public Result<Refunds> getRefundByNumber(@PathVariable String refundNumber) {
+        logger.info("根据退款单号查询退款记录，退款单号：{}", refundNumber);
+        Refunds refund = refundsService.getRefundByNumber(refundNumber);
+        return Result.success(refund);
+    }
+    
+    /**
+     * 创建退款记录
+     * @param refunds 退款信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')")
+    public Result<Boolean> createRefund(@RequestBody Refunds refunds) {
+        logger.info("创建退款记录，退款信息：{}", refunds);
+        boolean result = refundsService.createRefund(refunds);
+        return Result.success(result);
+    }
+    
+    /**
+     * 更新退款信息
+     * @param refunds 退款信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateRefund(@RequestBody Refunds refunds) {
+        logger.info("更新退款信息，退款信息：{}", refunds);
+        boolean result = refundsService.updateRefund(refunds);
+        return Result.success(result);
+    }
+    
+    /**
+     * 删除退款记录
+     * @param id 退款ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteRefund(@PathVariable Long id) {
+        logger.info("删除退款记录，退款ID：{}", id);
+        boolean result = refundsService.deleteRefund(id);
+        return Result.success(result);
+    }
+    
+    /**
+     * 根据退款ID查询退款记录
+     * @param id 退款ID
+     * @return 退款记录
+     */
+    @GetMapping("/{id}")
+    public Result<Refunds> getRefundById(@PathVariable Long id) {
+        logger.info("根据退款ID查询退款记录，退款ID：{}", id);
+        Refunds refund = refundsService.getRefundById(id);
+        return Result.success(refund);
+    }
+    
+    /**
+     * 根据用户ID查询退款记录
+     * @param userId 用户ID
+     * @return 退款记录列表
+     */
+    @GetMapping("/user/{userId}")
+    public Result<List<Refunds>> getRefundsByUserId(@PathVariable Long userId) {
+        logger.info("根据用户ID查询退款记录，用户ID：{}", userId);
+        List<Refunds> refunds = refundsService.getRefundsByUserId(userId);
+        return Result.success(refunds);
+    }
+    
+    /**
+     * 根据退款状态查询退款记录
+     * @param status 退款状态
+     * @return 退款记录列表
+     */
+    @GetMapping("/status/{status}")
+    public Result<List<Refunds>> getRefundsByStatus(@PathVariable Integer status) {
+        logger.info("根据退款状态查询退款记录，状态：{}", status);
+        List<Refunds> refunds = refundsService.getRefundsByStatus(status);
+        return Result.success(refunds);
+    }
+    
+    /**
+     * 更新退款状态
+     * @param refundId 退款ID
+     * @param status 退款状态
+     * @return 是否成功
+     */
+    @PutMapping("/update-status/{refundId}/{status}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateRefundStatus(@PathVariable Long refundId, @PathVariable Integer status) {
+        logger.info("更新退款状态，退款ID：{}，状态：{}", refundId, status);
+        boolean result = refundsService.updateRefundStatus(refundId, status);
+        return Result.success(result);
+    }
+    
+    /**
+     * 分页查询退款记录
+     * @param page 当前页码
+     * @param size 每页数量
+     * @return 退款记录列表
+     */
+    @GetMapping("/page/{page}/{size}")
+    public Result<List<Refunds>> listRefundsByPage(@PathVariable int page, @PathVariable int size) {
+        logger.info("分页查询退款记录，页码：{}，每页数量：{}", page, size);
+        List<Refunds> refunds = refundsService.listRefundsByPage(page, size);
+        return Result.success(refunds);
+    }
+}

src/main/java/com/qf/backend/controller/RolePermissionsController.java

@@ -0,0 +1,180 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.RolePermissions;
+import com.qf.backend.service.RolePermissionsService;
+import java.util.List;
+
+/**
+ * 角色权限关联控制器
+ * 处理角色与权限关联相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/role-permissions")
+@RestController
+public class RolePermissionsController {
+    private static final Logger logger = LoggerFactory.getLogger(RolePermissionsController.class);
+    
+    @Autowired
+    private RolePermissionsService rolePermissionsService;
+    
+    /**
+     * 根据角色ID查询角色权限关联
+     * @param roleId 角色ID
+     * @return 角色权限关联列表
+     */
+    @GetMapping("/role/{roleId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<List<RolePermissions>> getRolePermissionsByRoleId(@PathVariable Long roleId) {
+        logger.info("管理员根据角色ID查询角色权限关联，角色ID：{}", roleId);
+        List<RolePermissions> rolePermissions = rolePermissionsService.getRolePermissionsByRoleId(roleId);
+        return Result.success(rolePermissions);
+    }
+    
+    /**
+     * 根据权限ID查询角色权限关联
+     * @param permissionId 权限ID
+     * @return 角色权限关联列表
+     */
+    @GetMapping("/permission/{permissionId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<List<RolePermissions>> getRolePermissionsByPermissionId(@PathVariable Long permissionId) {
+        logger.info("管理员根据权限ID查询角色权限关联，权限ID：{}", permissionId);
+        List<RolePermissions> rolePermissions = rolePermissionsService.getRolePermissionsByPermissionId(permissionId);
+        return Result.success(rolePermissions);
+    }
+    
+    /**
+     * 为角色添加权限
+     * @param request 角色权限关联请求体
+     * @return 是否成功
+     */
+    @PostMapping("/add")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> addPermissionToRole(@RequestBody RolePermissionRequest request) {
+        logger.info("管理员为角色添加权限，角色ID：{}，权限ID：{}", request.getRoleId(), request.getPermissionId());
+        boolean result = rolePermissionsService.addPermissionToRole(request.getRoleId(), request.getPermissionId());
+        return Result.success(result);
+    }
+    
+    /**
+     * 从角色移除权限
+     * @param request 角色权限关联请求体
+     * @return 是否成功
+     */
+    @DeleteMapping("/remove")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> removePermissionFromRole(@RequestBody RolePermissionRequest request) {
+        logger.info("管理员从角色移除权限，角色ID：{}，权限ID：{}", request.getRoleId(), request.getPermissionId());
+        boolean result = rolePermissionsService.removePermissionFromRole(request.getRoleId(), request.getPermissionId());
+        return Result.success(result);
+    }
+    
+    /**
+     * 批量为角色添加权限
+     * @param request 批量角色权限关联请求体
+     * @return 是否成功
+     */
+    @PostMapping("/batch-add")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> batchAddPermissionsToRole(@RequestBody BatchRolePermissionRequest request) {
+        logger.info("管理员批量为角色添加权限，角色ID：{}，权限ID列表：{}", request.getRoleId(), request.getPermissionIds());
+        boolean result = rolePermissionsService.batchAddPermissionsToRole(request.getRoleId(), request.getPermissionIds());
+        return Result.success(result);
+    }
+    
+    /**
+     * 清空角色的所有权限
+     * @param roleId 角色ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/clear/{roleId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> clearRolePermissions(@PathVariable Long roleId) {
+        logger.info("管理员清空角色的所有权限，角色ID：{}", roleId);
+        boolean result = rolePermissionsService.clearRolePermissions(roleId);
+        return Result.success(result);
+    }
+    
+    /**
+     * 检查角色是否拥有指定权限
+     * @param roleId 角色ID
+     * @param permissionId 权限ID
+     * @return 是否拥有
+     */
+    @GetMapping("/check")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> checkRoleHasPermission(Long roleId, Long permissionId) {
+        logger.info("管理员检查角色是否拥有指定权限，角色ID：{}，权限ID：{}", roleId, permissionId);
+        boolean result = rolePermissionsService.checkRoleHasPermission(roleId, permissionId);
+        return Result.success(result);
+    }
+    
+    /**
+     * 根据角色ID查询其拥有的权限ID列表
+     * @param roleId 角色ID
+     * @return 权限ID列表
+     */
+    @GetMapping("/permission-ids/{roleId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<List<Long>> listPermissionIdsByRoleId(@PathVariable Long roleId) {
+        logger.info("管理员根据角色ID查询其拥有的权限ID列表，角色ID：{}", roleId);
+        List<Long> permissionIds = rolePermissionsService.listPermissionIdsByRoleId(roleId);
+        return Result.success(permissionIds);
+    }
+    
+    /**
+     * 角色权限关联请求体
+     */
+    public static class RolePermissionRequest {
+        private Long roleId;
+        private Long permissionId;
+        
+        // getter和setter
+        public Long getRoleId() {
+            return roleId;
+        }
+        public void setRoleId(Long roleId) {
+            this.roleId = roleId;
+        }
+        public Long getPermissionId() {
+            return permissionId;
+        }
+        public void setPermissionId(Long permissionId) {
+            this.permissionId = permissionId;
+        }
+    }
+    
+    /**
+     * 批量角色权限关联请求体
+     */
+    public static class BatchRolePermissionRequest {
+        private Long roleId;
+        private List<Long> permissionIds;
+        
+        // getter和setter
+        public Long getRoleId() {
+            return roleId;
+        }
+        public void setRoleId(Long roleId) {
+            this.roleId = roleId;
+        }
+        public List<Long> getPermissionIds() {
+            return permissionIds;
+        }
+        public void setPermissionIds(List<Long> permissionIds) {
+            this.permissionIds = permissionIds;
+        }
+    }
+}

src/main/java/com/qf/backend/controller/RolesController.java

@@ -0,0 +1,133 @@
+/*
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
+ */
+
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.Roles;
+import com.qf.backend.service.RolesService;
+import java.util.List;
+
+/**
+ * 角色管理控制器
+ * 处理角色相关的HTTP请求
+ * 遵循RESTful API设计规范
+ * @author 30803
+ */
+@RequestMapping("/api/roles")
+@RestController
+public class RolesController {
+    private static final Logger logger = LoggerFactory.getLogger(RolesController.class);
+    
+    @Autowired
+    private RolesService rolesService;
+    
+    /**
+     * 查询所有角色
+     * @return 角色列表
+     */
+    @GetMapping
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<List<Roles>> listAllRoles() {
+        logger.info("管理员查询所有角色");
+        return rolesService.listAllRoles();
+    }
+    
+    /**
+     * 根据角色ID查询角色
+     * @param id 角色ID
+     * @return 角色信息
+     */
+    @GetMapping("/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Roles> getRoleById(@PathVariable Long id) {
+        logger.info("管理员根据ID查询角色，ID：{}", id);
+        return rolesService.getRoleById(id);
+    }
+    
+    /**
+     * 根据角色名称查询角色
+     * @param roleName 角色名称
+     * @return 角色信息
+     */
+    @GetMapping("/name/{roleName}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Roles> getRoleByName(@PathVariable String roleName) {
+        logger.info("管理员根据名称查询角色，名称：{}", roleName);
+        return rolesService.getRoleByName(roleName);
+    }
+    
+    /**
+     * 根据用户ID查询其拥有的角色列表
+     * @param userId 用户ID
+     * @return 角色列表
+     */
+    @GetMapping("/user/{userId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<List<Roles>> listRolesByUserId(@PathVariable Long userId) {
+        logger.info("管理员根据用户ID查询角色列表，用户ID：{}", userId);
+        return rolesService.listRolesByUserId(userId);
+    }
+    
+    /**
+     * 创建角色
+     * @param roles 角色信息
+     * @return 是否成功
+     */
+    @PostMapping
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> createRole(@RequestBody Roles roles) {
+        logger.info("管理员创建角色：{}", roles);
+        return rolesService.createRole(roles);
+    }
+    
+    /**
+     * 更新角色信息
+     * @param roles 角色信息
+     * @return 是否成功
+     */
+    @PutMapping
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateRole(@RequestBody Roles roles) {
+        logger.info("管理员更新角色：{}", roles);
+        return rolesService.updateRole(roles);
+    }
+    
+    /**
+     * 删除角色
+     * @param id 角色ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteRole(@PathVariable Long id) {
+        logger.info("管理员删除角色，ID：{}", id);
+        return rolesService.deleteRole(id);
+    }
+    
+    /**
+     * 批量删除角色
+     * @param ids 角色ID列表
+     * @return 是否成功
+     */
+    @DeleteMapping("/batch")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> batchDeleteRoles(@RequestBody List<Long> ids) {
+        logger.info("管理员批量删除角色，IDs：{}", ids);
+        return rolesService.batchDeleteRoles(ids);
+    }
+}

src/main/java/com/qf/backend/controller/ShopCategoriesController.java

@@ -0,0 +1,133 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.ShopCategories;
+import com.qf.backend.service.ShopCategoriesService;
+import java.util.List;
+
+/**
+ * 店铺分类控制器
+ * 处理店铺分类相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/shop-categories")
+@RestController
+public class ShopCategoriesController {
+    private static final Logger logger = LoggerFactory.getLogger(ShopCategoriesController.class);
+    
+    @Autowired
+    private ShopCategoriesService shopCategoriesService;
+    
+    /**
+     * 根据分类名称查询分类
+     * @param categoryName 分类名称
+     * @return 分类信息
+     */
+    @GetMapping("/name/{categoryName}")
+    public Result<ShopCategories> getCategoryByName(@PathVariable String categoryName) {
+        logger.info("根据分类名称查询分类，分类名称：{}", categoryName);
+        return shopCategoriesService.getCategoryByName(categoryName);
+    }
+    
+    /**
+     * 根据父分类ID查询子分类
+     * @param parentId 父分类ID
+     * @return 子分类列表
+     */
+    @GetMapping("/parent/{parentId}")
+    public Result<List<ShopCategories>> getSubCategoriesByParentId(@PathVariable Long parentId) {
+        logger.info("根据父分类ID查询子分类，父分类ID：{}", parentId);
+        return shopCategoriesService.getSubCategoriesByParentId(parentId);
+    }
+    
+    /**
+     * 创建分类
+     * @param shopCategories 分类信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> createCategory(@RequestBody ShopCategories shopCategories) {
+        logger.info("创建分类，分类信息：{}", shopCategories);
+        return shopCategoriesService.createCategory(shopCategories);
+    }
+    
+    /**
+     * 更新分类信息
+     * @param shopCategories 分类信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateCategory(@RequestBody ShopCategories shopCategories) {
+        logger.info("更新分类信息，分类信息：{}", shopCategories);
+        return shopCategoriesService.updateCategory(shopCategories);
+    }
+    
+    /**
+     * 删除分类
+     * @param id 分类ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteCategory(@PathVariable Long id) {
+        logger.info("删除分类，分类ID：{}", id);
+        return shopCategoriesService.deleteCategory(id);
+    }
+    
+    /**
+     * 查询所有根分类（父分类ID为0或null的分类）
+     * @return 根分类列表
+     */
+    @GetMapping("/root")
+    public Result<List<ShopCategories>> listRootCategories() {
+        logger.info("查询所有根分类");
+        return shopCategoriesService.listRootCategories();
+    }
+    
+    /**
+     * 根据分类ID查询分类
+     * @param id 分类ID
+     * @return 分类信息
+     */
+    @GetMapping("/{id}")
+    public Result<ShopCategories> getCategoryById(@PathVariable Long id) {
+        logger.info("根据分类ID查询分类，分类ID：{}", id);
+        return shopCategoriesService.getCategoryById(id);
+    }
+    
+    /**
+     * 批量删除分类
+     * @param ids 分类ID列表
+     * @return 是否成功
+     */
+    @DeleteMapping("/batch-delete")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> batchDeleteCategories(@RequestBody List<Long> ids) {
+        logger.info("批量删除分类，分类ID数量：{}", ids.size());
+        return shopCategoriesService.batchDeleteCategories(ids);
+    }
+    
+    /**
+     * 查询所有分类（树形结构）
+     * @return 分类树形列表
+     */
+    @GetMapping("/tree")
+    public Result<List<ShopCategories>> listAllCategoriesWithTree() {
+        logger.info("查询所有分类（树形结构）");
+        return shopCategoriesService.listAllCategoriesWithTree();
+    }
+}

src/main/java/com/qf/backend/controller/ShopRatingsController.java

@@ -0,0 +1,161 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.ShopRatings;
+import com.qf.backend.service.ShopRatingsService;
+import java.util.List;
+
+/**
+ * 店铺评分控制器
+ * 处理店铺评分相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/shop-ratings")
+@RestController
+public class ShopRatingsController {
+    private static final Logger logger = LoggerFactory.getLogger(ShopRatingsController.class);
+    
+    @Autowired
+    private ShopRatingsService shopRatingsService;
+    
+    /**
+     * 根据店铺ID查询评分
+     * @param shopId 店铺ID
+     * @return 评分列表
+     */
+    @GetMapping("/shop/{shopId}")
+    public Result<List<ShopRatings>> getRatingsByShopId(@PathVariable Long shopId) {
+        logger.info("根据店铺ID查询评分，店铺ID：{}", shopId);
+        return shopRatingsService.getRatingsByShopId(shopId);
+    }
+    
+    /**
+     * 根据用户ID查询评分
+     * @param userId 用户ID
+     * @return 评分列表
+     */
+    @GetMapping("/user/{userId}")
+    public Result<List<ShopRatings>> getRatingsByUserId(@PathVariable Long userId) {
+        logger.info("根据用户ID查询评分，用户ID：{}", userId);
+        return shopRatingsService.getRatingsByUserId(userId);
+    }
+    
+    /**
+     * 创建评分
+     * @param shopRatings 评分信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')")
+    public Result<Boolean> createRating(@RequestBody ShopRatings shopRatings) {
+        logger.info("创建评分，评分信息：{}", shopRatings);
+        return shopRatingsService.createRating(shopRatings);
+    }
+    
+    /**
+     * 更新评分信息
+     * @param shopRatings 评分信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')")
+    public Result<Boolean> updateRating(@RequestBody ShopRatings shopRatings) {
+        logger.info("更新评分信息，评分信息：{}", shopRatings);
+        return shopRatingsService.updateRating(shopRatings);
+    }
+    
+    /**
+     * 删除评分
+     * @param id 评分ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteRating(@PathVariable Long id) {
+        logger.info("删除评分，评分ID：{}", id);
+        return shopRatingsService.deleteRating(id);
+    }
+    
+    /**
+     * 根据评分ID查询评分
+     * @param id 评分ID
+     * @return 评分信息
+     */
+    @GetMapping("/{id}")
+    public Result<ShopRatings> getRatingById(@PathVariable Long id) {
+        logger.info("根据评分ID查询评分，评分ID：{}", id);
+        return shopRatingsService.getRatingById(id);
+    }
+    
+    /**
+     * 获取店铺平均评分
+     * @param shopId 店铺ID
+     * @return 平均评分
+     */
+    @GetMapping("/shop/{shopId}/average")
+    public Result<Double> getAverageRatingByShopId(@PathVariable Long shopId) {
+        logger.info("获取店铺平均评分，店铺ID：{}", shopId);
+        return shopRatingsService.getAverageRatingByShopId(shopId);
+    }
+    
+    /**
+     * 获取店铺评分数量
+     * @param shopId 店铺ID
+     * @return 评分数量
+     */
+    @GetMapping("/shop/{shopId}/count")
+    public Result<Integer> getRatingCountByShopId(@PathVariable Long shopId) {
+        logger.info("获取店铺评分数量，店铺ID：{}", shopId);
+        return shopRatingsService.getRatingCountByShopId(shopId);
+    }
+    
+    /**
+     * 根据评分星级查询店铺评分
+     * @param shopId 店铺ID
+     * @param rating 评分星级
+     * @return 评分列表
+     */
+    @GetMapping("/shop/{shopId}/rating/{rating}")
+    public Result<List<ShopRatings>> getRatingsByShopIdAndRating(@PathVariable Long shopId, @PathVariable Integer rating) {
+        logger.info("根据评分星级查询店铺评分，店铺ID：{}，评分星级：{}", shopId, rating);
+        return shopRatingsService.getRatingsByShopIdAndRating(shopId, rating);
+    }
+    
+    /**
+     * 检查用户是否已对店铺评分
+     * @param shopId 店铺ID
+     * @param userId 用户ID
+     * @return 是否已评分
+     */
+    @GetMapping("/check")
+    public Result<Boolean> checkUserHasRated(@RequestParam Long shopId, @RequestParam Long userId) {
+        logger.info("检查用户是否已对店铺评分，店铺ID：{}，用户ID：{}", shopId, userId);
+        return shopRatingsService.checkUserHasRated(shopId, userId);
+    }
+    
+    /**
+     * 分页查询店铺评分
+     * @param shopId 店铺ID
+     * @param page 当前页码
+     * @param size 每页数量
+     * @return 评分列表
+     */
+    @GetMapping("/shop/{shopId}/page/{page}/{size}")
+    public Result<List<ShopRatings>> listRatingsByShopIdAndPage(@PathVariable Long shopId, @PathVariable int page, @PathVariable int size) {
+        logger.info("分页查询店铺评分，店铺ID：{}，页码：{}，每页数量：{}", shopId, page, size);
+        return shopRatingsService.listRatingsByShopIdAndPage(shopId, page, size);
+    }
+}

src/main/java/com/qf/backend/controller/ShopsController.java

@@ -0,0 +1,151 @@
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.Shops;
+import com.qf.backend.service.ShopsService;
+import java.util.List;
+
+/**
+ * 店铺控制器
+ * 处理店铺相关的HTTP请求
+ * 遵循RESTful API设计规范
+ */
+@RequestMapping("/api/shops")
+@RestController
+public class ShopsController {
+    private static final Logger logger = LoggerFactory.getLogger(ShopsController.class);
+    
+    @Autowired
+    private ShopsService shopsService;
+    
+    /**
+     * 根据店铺名称查询店铺
+     * @param shopName 店铺名称
+     * @return 店铺列表
+     */
+    @GetMapping("/name/{shopName}")
+    public Result<List<Shops>> getShopsByName(@PathVariable String shopName) {
+        logger.info("根据店铺名称查询店铺，店铺名称：{}", shopName);
+        return shopsService.getShopsByName(shopName);
+    }
+    
+    /**
+     * 根据用户ID查询店铺
+     * @param userId 用户ID
+     * @return 店铺信息
+     */
+    @GetMapping("/user/{userId}")
+    public Result<Shops> getShopByUserId(@PathVariable Long userId) {
+        logger.info("根据用户ID查询店铺，用户ID：{}", userId);
+        return shopsService.getShopByUserId(userId);
+    }
+    
+    /**
+     * 创建店铺
+     * @param shops 店铺信息
+     * @return 是否成功
+     */
+    @PostMapping("/create")
+    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')")
+    public Result<Boolean> createShop(@RequestBody Shops shops) {
+        logger.info("创建店铺，店铺信息：{}", shops);
+        return shopsService.createShop(shops);
+    }
+    
+    /**
+     * 更新店铺信息
+     * @param shops 店铺信息
+     * @return 是否成功
+     */
+    @PutMapping("/update")
+    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')")
+    public Result<Boolean> updateShop(@RequestBody Shops shops) {
+        logger.info("更新店铺信息，店铺信息：{}", shops);
+        return shopsService.updateShop(shops);
+    }
+    
+    /**
+     * 删除店铺
+     * @param id 店铺ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> deleteShop(@PathVariable Long id) {
+        logger.info("删除店铺，店铺ID：{}", id);
+        return shopsService.deleteShop(id);
+    }
+    
+    /**
+     * 根据店铺ID查询店铺
+     * @param id 店铺ID
+     * @return 店铺信息
+     */
+    @GetMapping("/{id}")
+    public Result<Shops> getShopById(@PathVariable Long id) {
+        logger.info("根据店铺ID查询店铺，店铺ID：{}", id);
+        return shopsService.getShopById(id);
+    }
+    
+    /**
+     * 分页查询店铺
+     * @param page 当前页码
+     * @param size 每页数量
+     * @return 店铺列表
+     */
+    @GetMapping("/page/{page}/{size}")
+    public Result<List<Shops>> listShopsByPage(@PathVariable int page, @PathVariable int size) {
+        logger.info("分页查询店铺，页码：{}，每页数量：{}", page, size);
+        return shopsService.listShopsByPage(page, size);
+    }
+    
+    /**
+     * 根据店铺分类ID查询店铺
+     * @param categoryId 分类ID
+     * @return 店铺列表
+     */
+    @GetMapping("/category/{categoryId}")
+    public Result<List<Shops>> getShopsByCategoryId(@PathVariable Long categoryId) {
+        logger.info("根据店铺分类ID查询店铺，分类ID：{}", categoryId);
+        return shopsService.getShopsByCategoryId(categoryId);
+    }
+    
+    /**
+     * 更新店铺状态
+     * @param shopId 店铺ID
+     * @param status 店铺状态
+     * @return 是否成功
+     */
+    @PutMapping("/update-status/{shopId}/{status}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> updateShopStatus(@PathVariable Long shopId, @PathVariable Integer status) {
+        logger.info("更新店铺状态，店铺ID：{}，状态：{}", shopId, status);
+        return shopsService.updateShopStatus(shopId, status);
+    }
+    
+    /**
+     * 搜索店铺
+     * @param keyword 关键词
+     * @param page 当前页码
+     * @param size 每页数量
+     * @return 店铺列表
+     */
+    @GetMapping("/search")
+    public Result<List<Shops>> searchShops(@RequestParam String keyword, @RequestParam int page, @RequestParam int size) {
+        logger.info("搜索店铺，关键词：{}，页码：{}，每页数量：{}", keyword, page, size);
+        return shopsService.searchShops(keyword, page, size);
+    }
+}

src/main/java/com/qf/backend/controller/UserRolesController.java

@@ -0,0 +1,169 @@
+/*
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
+ */
+
+package com.qf.backend.controller;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.UserRoles;
+import com.qf.backend.service.UserRolesService;
+import java.util.List;
+
+/**
+ * 用户角色关联控制器
+ * 处理用户与角色关联相关的HTTP请求
+ * 遵循RESTful API设计规范
+ * @author 30803
+ */
+@RequestMapping("/api/user-roles")
+@RestController
+public class UserRolesController {
+    private static final Logger logger = LoggerFactory.getLogger(UserRolesController.class);
+    
+    @Autowired
+    private UserRolesService userRolesService;
+    
+    /**
+     * 根据用户ID查询角色关联
+     * @param userId 用户ID
+     * @return 用户角色关联列表
+     */
+    @GetMapping("/user/{userId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<List<UserRoles>> getUserRolesByUserId(@PathVariable Long userId) {
+        logger.info("管理员根据用户ID查询角色关联，用户ID：{}", userId);
+        return userRolesService.getUserRolesByUserId(userId);
+    }
+    
+    /**
+     * 根据角色ID查询用户关联
+     * @param roleId 角色ID
+     * @return 用户角色关联列表
+     */
+    @GetMapping("/role/{roleId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<List<UserRoles>> getUserRolesByRoleId(@PathVariable Long roleId) {
+        logger.info("管理员根据角色ID查询用户关联，角色ID：{}", roleId);
+        return userRolesService.getUserRolesByRoleId(roleId);
+    }
+    
+    /**
+     * 为用户添加角色
+     * @param userId 用户ID
+     * @param roleId 角色ID
+     * @return 是否成功
+     */
+    @PostMapping("/add")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> addRoleToUser(@RequestBody UserRolesRequest request) {
+        logger.info("管理员为用户添加角色，用户ID：{}，角色ID：{}", request.getUserId(), request.getRoleId());
+        return userRolesService.addRoleToUser(request.getUserId(), request.getRoleId());
+    }
+    
+    /**
+     * 从用户移除角色
+     * @param userId 用户ID
+     * @param roleId 角色ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/remove")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> removeRoleFromUser(@RequestBody UserRolesRequest request) {
+        logger.info("管理员从用户移除角色，用户ID：{}，角色ID：{}", request.getUserId(), request.getRoleId());
+        return userRolesService.removeRoleFromUser(request.getUserId(), request.getRoleId());
+    }
+    
+    /**
+     * 批量为用户添加角色
+     * @param userId 用户ID
+     * @param roleIds 角色ID列表
+     * @return 是否成功
+     */
+    @PostMapping("/batch-add")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> batchAddRolesToUser(@RequestBody BatchUserRolesRequest request) {
+        logger.info("管理员批量为用户添加角色，用户ID：{}，角色ID列表：{}", request.getUserId(), request.getRoleIds());
+        return userRolesService.batchAddRolesToUser(request.getUserId(), request.getRoleIds());
+    }
+    
+    /**
+     * 清空用户的所有角色
+     * @param userId 用户ID
+     * @return 是否成功
+     */
+    @DeleteMapping("/clear/{userId}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> clearUserRoles(@PathVariable Long userId) {
+        logger.info("管理员清空用户的所有角色，用户ID：{}", userId);
+        return userRolesService.clearUserRoles(userId);
+    }
+    
+    /**
+     * 检查用户是否拥有指定角色
+     * @param userId 用户ID
+     * @param roleId 角色ID
+     * @return 是否拥有
+     */
+    @GetMapping("/check")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Boolean> checkUserHasRole(Long userId, Long roleId) {
+        logger.info("管理员检查用户是否拥有指定角色，用户ID：{}，角色ID：{}", userId, roleId);
+        return userRolesService.checkUserHasRole(userId, roleId);
+    }
+    
+    /**
+     * 用户角色关联请求体
+     */
+    public static class UserRolesRequest {
+        private Long userId;
+        private Long roleId;
+        
+        // getter和setter
+        public Long getUserId() {
+            return userId;
+        }
+        public void setUserId(Long userId) {
+            this.userId = userId;
+        }
+        public Long getRoleId() {
+            return roleId;
+        }
+        public void setRoleId(Long roleId) {
+            this.roleId = roleId;
+        }
+    }
+    
+    /**
+     * 批量用户角色关联请求体
+     */
+    public static class BatchUserRolesRequest {
+        private Long userId;
+        private List<Long> roleIds;
+        
+        // getter和setter
+        public Long getUserId() {
+            return userId;
+        }
+        public void setUserId(Long userId) {
+            this.userId = userId;
+        }
+        public List<Long> getRoleIds() {
+            return roleIds;
+        }
+        public void setRoleIds(List<Long> roleIds) {
+            this.roleIds = roleIds;
+        }
+    }
+}

src/main/java/com/qf/backend/controller/UsersController.java

@@ -4,36 +4,91 @@
  */
 
 package com.qf.backend.controller;
-
-import java.util.List;
-
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.security.access.prepost.PreAuthorize;
 
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.Users;
 import com.qf.backend.service.UsersService;
+import java.util.List;
 
 /**
- *
+ * 用户管理控制器
+ * 处理用户相关的HTTP请求
+ * 遵循RESTful API设计规范
  * @author 30803
  */
-@RestController
 @RequestMapping("/api/users")
+@RestController
 public class UsersController {
+    private static final Logger logger = LoggerFactory.getLogger(UsersController.class);
     @Autowired
     private UsersService usersService;
     
-    @GetMapping("/list")
+    /**
+     * 分页获取用户列表 仅管理员角色
+     * @param pageNum 页码
+     * @param pageSize 每页数量
+     * @return 用户列表
+     */
+    @GetMapping("/page")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<List<Users>> listUsersByPage(int pageNum, int pageSize) {
+        logger.info("管理员获取用户列表，页码：{}，每页数量：{}", pageNum, pageSize);
+        return usersService.listUsersByPage(pageNum, pageSize);
+    }
+    
+    /**
+     * 根据id查询用户 仅管理员角色
+     * @param id 用户ID
+     * @return 用户信息
+     */
+    @GetMapping("/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Users> getUserById(@PathVariable Long id) {
+        logger.info("管理员根据id查询用户，id：{}", id);
+        return usersService.getUserById(id);
+    }
+    
+    /**
+     * 根据用户名查询用户 用户可以查询自己的信息
+     * @param username 用户名
+     * @return 用户信息
+     */
+    @GetMapping("/username/{username}")
+    // @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Users> getUserByUsername(@PathVariable String username) {
+        logger.info("管理员根据用户名查询用户，用户名：{}", username);
+        return usersService.getUserByUsername(username);
+    }
+    
+    /**
+     * 根据邮箱查询用户 仅管理员角色
+     * @param email 邮箱
+     * @return 用户信息
+     */
+    @GetMapping("/email/{email}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public Result<Users> getUserByEmail(@PathVariable String email) {
+        logger.info("管理员根据邮箱查询用户，邮箱：{}", email);
+        return usersService.getUserByEmail(email);
+    }
+    
+    /**
+     * 查询所有用户 仅管理员角色
+     * @return 用户列表
+     */
+    @GetMapping
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     public Result<List<Users>> listAllUsers() {
+        logger.info("管理员查询所有用户");
         return usersService.listAllUsers();
     }
-    @DeleteMapping("/delete/{id}")
-    public Result<Boolean> deleteUser(Long id) {
-        System.out.println(id);
-        return usersService.deleteUser(id);
-    }
+    
 }

src/main/java/com/qf/backend/dto/LoginResponse.java

@@ -2,17 +2,17 @@
  * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
  * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
  */
-
 package com.qf.backend.dto;
+
 import java.util.List;
 
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
+
 /**
- * 登录用户DTO(登录时使用)
- * @param id 用户ID
+ * (登录时返回的用户信息DTO)
  * @param username 用户名
  * @param password 密码
  * @param roles 角色列表
@@ -23,10 +23,10 @@ import lombok.NoArgsConstructor;
 @Builder
 @NoArgsConstructor
 @AllArgsConstructor
-public class LoginUser {
-    private Long id;
-    private String username;
-    private String password;
-    private List<String> roles;
-    private List<String> permissions;
+public class LoginResponse {
+    private String username; // 用户名
+    private List<String> roles; // 角色列表 暂时无用
+    private List<String> permissions; // 权限列表 暂时无用
+    private String token;     // JWT令牌
+    private String tokenType; // 令牌类型，通常为Bearer
 }

src/main/java/com/qf/backend/dto/Result.java

@@ -1,4 +1,4 @@
-package com.qf.backend.common;
+package com.qf.backend.dto;
 
 import lombok.Data;
 

src/main/java/com/qf/backend/entity/RolePermissions.java

@@ -23,7 +23,6 @@ public class RolePermissions {
     
     @TableId(type = IdType.AUTO)
     private Long id; // 关联ID，主键，自增
-    
     private Long roleId; // 角色ID，外键，关联roles表
     private Long permissionId; // 权限ID，外键，关联permissions表
     private Date createdAt; // 创建时间

src/main/java/com/qf/backend/entity/Users.java

@@ -3,6 +3,7 @@ package com.qf.backend.entity;
 import java.util.Date;
 
 import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableField;
 import com.baomidou.mybatisplus.annotation.TableId;
 import com.baomidou.mybatisplus.annotation.TableName;
 
@@ -28,6 +29,7 @@ public class Users {
     private String email; // 邮箱，唯一
     private String phone; // 手机号，唯一
     private String avatar; // 头像URL
+    @TableField(exist = false) // 标记该字段在数据库中不存在
     private Date lastLoginTime; // 最后登录时间
     private Integer status; // 状态：0:禁用, 1:启用
     private Date createdAt; // 创建时间

src/main/java/com/qf/backend/exception/ExceptionUsageExample.java

@@ -1,7 +1,7 @@
 package com.qf.backend.exception;
 
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
+import com.qf.backend.util.ResultUtils;
 
 /**
  * 异常处理使用示例

src/main/java/com/qf/backend/exception/GlobalExceptionHandler.java

@@ -23,8 +23,8 @@ import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.method.annotation.MethodArgumentTypeMismatchException;
 import org.springframework.web.servlet.NoHandlerFoundException;
 
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
+import com.qf.backend.util.ResultUtils;
 
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;

src/main/java/com/qf/backend/inti/RoleInitializer.java

@@ -1,4 +1,4 @@
-package com.qf.backend.config;
+package com.qf.backend.inti;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -9,8 +9,6 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.qf.backend.entity.Roles;
 import com.qf.backend.service.RolesService;
 
-import jakarta.annotation.PostConstruct;
-
 /**
  * 角色初始化配置类，用于在系统启动时创建内置角色
  * @author 30803
@@ -21,19 +19,18 @@ public class RoleInitializer {
     
     @Autowired
     private RolesService rolesService;
-    
     /**
      * 系统启动时初始化内置角色
      */
-    @PostConstruct
+    // @PostConstruct
     public void initRoles() {
         logger.info("开始初始化内置角色...");
         
         // 定义内置角色信息
         String[][] roleInfos = {
-            {"用户", "默认用户角色", "0"},  // roleType: 0-默认用户
-            {"店主", "店铺管理员角色", "1"},  // roleType: 1-店主
-            {"管理员", "系统管理员角色", "2"}   // roleType: 2-管理员
+            {"User", "默认用户角色", "0"},  // roleType: 0-默认用户
+            {"Shopkeeper", "店铺管理员角色", "1"},  // roleType: 1-店主
+            {"Admin", "系统管理员角色", "2"}   // roleType: 2-管理员
         };
         
         for (String[] roleInfo : roleInfos) {

src/main/java/com/qf/backend/inti/UserInitializer.java

@@ -0,0 +1,66 @@
+package com.qf.backend.inti;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.qf.backend.entity.Users;
+import com.qf.backend.service.UsersService;
+
+/**
+ * 用户初始化配置类，用于在系统启动时创建内置用户
+ * @author 30803
+ */
+@Component
+public class UserInitializer {
+    private static final Logger logger = LoggerFactory.getLogger(UserInitializer.class);
+    
+    @Autowired
+    private UsersService usersService;
+    
+    /**
+     * 系统启动时初始化内置用户
+     */
+    // @PostConstruct
+    public void initUsers() {
+        logger.info("开始初始化内置用户...");
+        
+        // 定义内置用户信息
+        String[][] userInfos = {
+            // 用户名,密码,手机号,邮箱,状态
+            {"admin", "admin123", "13800000000", "admin@qq.com", "1"},  // 管理员用户
+            {"shopkeeper", "123456", "13800000001", "shopkeeper@qq.com", "1"},  // 店主用户
+            {"user", "123456", "13800000002", "user@qq.com", "1"}  // 普通用户
+        };
+        
+        for (String[] userInfo : userInfos) {
+            String username = userInfo[0];
+            String password = userInfo[1];
+            String phone = userInfo[2];
+            String email = userInfo[3];
+            Integer status = Integer.parseInt(userInfo[4]);
+            
+            // 检查用户是否已存在
+            Users existingUser = usersService.getOne(new QueryWrapper<Users>().eq("username", username));
+            if (existingUser == null) {
+                // 创建新用户
+                Users user = new Users();
+                user.setUsername(username);
+                user.setPassword(password);
+                user.setPhone(phone);
+                user.setEmail(email);
+                user.setStatus(status);
+                // 注意：不设置last_login_time字段，因为数据库中可能不存在该字段
+                
+                usersService.createUser(user);
+                logger.info("成功创建内置用户: {}", username);
+            } else {
+                logger.info("内置用户 {} 已存在，跳过创建", username);
+            }
+        }
+        
+        logger.info("内置用户初始化完成");
+    }
+}

src/main/java/com/qf/backend/service/OrderItemsService.java

@@ -3,7 +3,7 @@ package com.qf.backend.service;
 import java.util.List;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.OrderItems;
 
 /**

src/main/java/com/qf/backend/service/OrderStatusHistoryService.java

@@ -1,7 +1,7 @@
 package com.qf.backend.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.OrderStatusHistory;
 
 import java.util.List;

src/main/java/com/qf/backend/service/OrdersService.java

@@ -1,7 +1,7 @@
 package com.qf.backend.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.Orders;
 
 import java.util.List;

src/main/java/com/qf/backend/service/PermissionsService.java

@@ -1,7 +1,7 @@
 package com.qf.backend.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.Permissions;
 
 import java.util.List;

src/main/java/com/qf/backend/service/ProductAttributeValuesService.java

@@ -1,7 +1,7 @@
 package com.qf.backend.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ProductAttributeValues;
 
 import java.util.List;

src/main/java/com/qf/backend/service/ProductAttributesService.java

@@ -1,7 +1,7 @@
 package com.qf.backend.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ProductAttributes;
 
 import java.util.List;

src/main/java/com/qf/backend/service/ProductCategoriesService.java

@@ -1,7 +1,7 @@
 package com.qf.backend.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ProductCategories;
 
 import java.util.List;

src/main/java/com/qf/backend/service/ProductImagesService.java

@@ -1,7 +1,7 @@
 package com.qf.backend.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ProductImages;
 
 import java.util.List;

src/main/java/com/qf/backend/service/ProductInventoriesService.java

@@ -1,7 +1,7 @@
 package com.qf.backend.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ProductInventories;
 
 import java.util.List;

src/main/java/com/qf/backend/service/ProductSkusService.java

@@ -1,7 +1,7 @@
 package com.qf.backend.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ProductSkus;
 
 import java.util.List;

src/main/java/com/qf/backend/service/ProductsService.java

@@ -1,7 +1,7 @@
 package com.qf.backend.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.Products;
 
 import java.util.List;

src/main/java/com/qf/backend/service/RolesService.java

@@ -3,7 +3,7 @@ package com.qf.backend.service;
 import java.util.List;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.Roles;
 
 /**

src/main/java/com/qf/backend/service/ShopCategoriesService.java

@@ -1,7 +1,7 @@
 package com.qf.backend.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ShopCategories;
 
 import java.util.List;

src/main/java/com/qf/backend/service/ShopRatingsService.java

@@ -1,7 +1,7 @@
 package com.qf.backend.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ShopRatings;
 
 import java.util.List;

src/main/java/com/qf/backend/service/ShopsService.java

@@ -3,7 +3,7 @@ package com.qf.backend.service;
 import java.util.List;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.Shops;
 
 /**

src/main/java/com/qf/backend/service/UserDetailsService.java

@@ -1,7 +1,7 @@
 package com.qf.backend.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.UserDetails;
 
 /**

src/main/java/com/qf/backend/service/UserLoginService.java

@@ -5,8 +5,8 @@
 
 package com.qf.backend.service;
 
-import com.qf.backend.common.Result;
-import com.qf.backend.dto.LoginUser;
+import com.qf.backend.dto.LoginResponse;
+import com.qf.backend.dto.Result;
 
 /**
  * 用户登录服务接口
@@ -16,7 +16,7 @@ public interface UserLoginService {
      * 用户登录
      * @param username 用户名
      * @param password 密码
-     * @return 登录结果
+     * @return 登录结果，包含登录状态、token等信息
      */
-    Result<LoginUser> login(String username, String password);
+    Result<LoginResponse> login(String username, String password);
 }

src/main/java/com/qf/backend/service/UserRolesService.java

@@ -1,11 +1,11 @@
 package com.qf.backend.service;
 
-import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
-import com.qf.backend.entity.UserRoles;
-
 import java.util.List;
 
+import com.baomidou.mybatisplus.extension.service.IService;
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.UserRoles;
+
 /**
  * 用户角色关联服务接口
  */

src/main/java/com/qf/backend/service/UsersService.java

@@ -3,7 +3,7 @@ package com.qf.backend.service;
 import java.util.List;
 
 import com.baomidou.mybatisplus.extension.service.IService;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.Users;
 
 /**

src/main/java/com/qf/backend/service/impl/OrderItemsServiceImpl.java

@@ -13,13 +13,13 @@ import org.springframework.stereotype.Service;
 import com.baomidou.mybatisplus.core.conditions.Wrapper;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.mapper.BaseMapper;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.OrderItems;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.OrderItemsMapper;
 import com.qf.backend.service.OrderItemsService;
+import com.qf.backend.util.ResultUtils;
 
 @Service
 public class OrderItemsServiceImpl implements OrderItemsService  {

src/main/java/com/qf/backend/service/impl/OrderStatusHistoryServiceImpl.java

@@ -9,7 +9,7 @@ import org.springframework.stereotype.Service;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.OrderStatusHistory;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;

src/main/java/com/qf/backend/service/impl/OrdersServiceImpl.java

@@ -11,13 +11,13 @@ import org.springframework.stereotype.Service;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.Orders;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.OrdersMapper;
 import com.qf.backend.service.OrdersService;
+import com.qf.backend.util.ResultUtils;
 
 @Service
 public class OrdersServiceImpl extends ServiceImpl<OrdersMapper, Orders> implements OrdersService {

src/main/java/com/qf/backend/service/impl/PermissionsServiceImpl.java

@@ -9,13 +9,13 @@ import org.springframework.stereotype.Service;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.Permissions;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.PermissionsMapper;
 import com.qf.backend.service.PermissionsService;
+import com.qf.backend.util.ResultUtils;
 import com.qf.backend.util.ValidateUtil;
 
 @Service

src/main/java/com/qf/backend/service/impl/ProductAttributeValuesServiceImpl.java

@@ -7,13 +7,13 @@ import org.springframework.stereotype.Service;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ProductAttributeValues;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.ProductAttributeValuesMapper;
 import com.qf.backend.service.ProductAttributeValuesService;
+import com.qf.backend.util.ResultUtils;
 import com.qf.backend.util.ValidateUtil;
 
 /**

src/main/java/com/qf/backend/service/impl/ProductAttributesServiceImpl.java

@@ -2,13 +2,13 @@ package com.qf.backend.service.impl;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ProductAttributes;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.ProductAttributesMapper;
 import com.qf.backend.service.ProductAttributesService;
+import com.qf.backend.util.ResultUtils;
 import com.qf.backend.util.ValidateUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;

src/main/java/com/qf/backend/service/impl/ProductCategoriesServiceImpl.java

@@ -2,13 +2,13 @@ package com.qf.backend.service.impl;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ProductCategories;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.ProductCategoriesMapper;
 import com.qf.backend.service.ProductCategoriesService;
+import com.qf.backend.util.ResultUtils;
 import com.qf.backend.util.ValidateUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;

src/main/java/com/qf/backend/service/impl/ProductImagesServiceImpl.java

@@ -10,13 +10,13 @@ import org.springframework.stereotype.Service;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ProductImages;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.ProductImagesMapper;
 import com.qf.backend.service.ProductImagesService;
+import com.qf.backend.util.ResultUtils;
 import com.qf.backend.util.ValidateUtil;
 
 @Service

src/main/java/com/qf/backend/service/impl/ProductInventoriesServiceImpl.java

@@ -9,13 +9,13 @@ import org.springframework.stereotype.Service;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ProductInventories;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.ProductInventoriesMapper;
 import com.qf.backend.service.ProductInventoriesService;
+import com.qf.backend.util.ResultUtils;
 import com.qf.backend.util.ValidateUtil;
 
 @Service

src/main/java/com/qf/backend/service/impl/ProductSkusServiceImpl.java

@@ -9,13 +9,13 @@ import org.springframework.stereotype.Service;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ProductSkus;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.ProductSkusMapper;
 import com.qf.backend.service.ProductSkusService;
+import com.qf.backend.util.ResultUtils;
 import com.qf.backend.util.ValidateUtil;
 
 @Service

src/main/java/com/qf/backend/service/impl/ProductsServiceImpl.java

@@ -8,13 +8,13 @@ import org.springframework.stereotype.Service;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.Products;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.ProductsMapper;
 import com.qf.backend.service.ProductsService;
+import com.qf.backend.util.ResultUtils;
 import com.qf.backend.util.ValidateUtil;
 
 /**

src/main/java/com/qf/backend/service/impl/RolesServiceImpl.java

@@ -15,13 +15,13 @@ import org.springframework.stereotype.Service;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.Roles;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.RolesMapper;
 import com.qf.backend.service.RolesService;
+import com.qf.backend.util.ResultUtils;
 import com.qf.backend.util.ValidateUtil;
 
 /**

src/main/java/com/qf/backend/service/impl/ShopCategoriesServiceImpl.java

@@ -9,13 +9,13 @@ import org.springframework.stereotype.Service;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ShopCategories;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.ShopCategoriesMapper;
 import com.qf.backend.service.ShopCategoriesService;
+import com.qf.backend.util.ResultUtils;
 import com.qf.backend.util.ValidateUtil;
 
 @Service

src/main/java/com/qf/backend/service/impl/ShopRatingsServiceImpl.java

@@ -10,13 +10,13 @@ import org.springframework.stereotype.Service;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.ShopRatings;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.ShopRatingsMapper;
 import com.qf.backend.service.ShopRatingsService;
+import com.qf.backend.util.ResultUtils;
 import com.qf.backend.util.ValidateUtil;
 
 @Service

src/main/java/com/qf/backend/service/impl/ShopsServiceImpl.java

@@ -10,13 +10,13 @@ import org.springframework.stereotype.Service;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.Shops;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.ShopsMapper;
 import com.qf.backend.service.ShopsService;
+import com.qf.backend.util.ResultUtils;
 import com.qf.backend.util.ValidateUtil;
 
 @Service

src/main/java/com/qf/backend/service/impl/UserDetailsServiceImpl.java

@@ -1,158 +1,87 @@
 package com.qf.backend.service.impl;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
 
-import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
-import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
-import com.qf.backend.entity.UserDetails;
-import com.qf.backend.exception.BusinessException;
-import com.qf.backend.exception.ErrorCode;
-import com.qf.backend.mapper.UserDetailsMapper;
-import com.qf.backend.service.UserDetailsService;
+import com.qf.backend.dto.Result;
+import com.qf.backend.entity.Roles;
+import com.qf.backend.entity.UserRoles;
+import com.qf.backend.entity.Users;
+import com.qf.backend.service.RolesService;
+import com.qf.backend.service.UserRolesService;
+import com.qf.backend.service.UsersService;
+
+
 
 /**
- * 用户详情服务实现类
+ * UserDetailsService实现类，用于从数据库中加载用户信息
+ * 该类实现了Spring Security的UserDetailsService接口，用于根据用户名加载用户信息
  */
 @Service
-public class UserDetailsServiceImpl extends ServiceImpl<UserDetailsMapper, UserDetails> implements UserDetailsService {
+public class UserDetailsServiceImpl implements UserDetailsService {
     
+    /**
+     * 注入用户服务，用于查询用户信息
+     */
     @Autowired
-    private UserDetailsMapper userDetailsMapper;
+    private UsersService usersService;
+    @Autowired
+    private UserRolesService userRolesService;
+    @Autowired
+    private RolesService RolesService;
 
+    /**
+     * 根据用户名加载用户信息
+     * @param username 用户名
+     * @return UserDetails 用户详情对象，包含用户名、密码、权限等信息
+     * @throws UsernameNotFoundException 如果用户名不存在
+     */
     @Override
-    public Result<UserDetails> getUserDetailsByUserId(Long userId) {
-        if (userId == null) {
-            throw new BusinessException(ErrorCode.MISSING_PARAM, "用户ID不能为空");
-        }
-        try {
-            UserDetails userDetails = userDetailsMapper.selectOne(
-                    new QueryWrapper<UserDetails>().eq("user_id", userId));
-            return ResultUtils.success(userDetails);
-        } catch (BusinessException e) {
-            throw e;
-        } catch (Exception e) {
-            throw new BusinessException(ErrorCode.DATABASE_ERROR, "查询用户详情失败", e);
-        }
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        // 1. 从数据库中查询用户
+        Result<Users> result = usersService.getUserByUsername(username);
+        if (result == null || result.getData() == null) {
+            throw new UsernameNotFoundException("用户名不存在: " + username);
         }
         
-    @Override
-    public Result<Boolean> createUserDetails(UserDetails userDetails) {
-        if (userDetails == null) {
-            throw new BusinessException(ErrorCode.MISSING_PARAM, "用户详情信息不能为空");
-        }
-        if (userDetails.getUserId() == null) {
-            throw new BusinessException(ErrorCode.MISSING_PARAM, "用户ID不能为空");
-        }
-        try {
-            // 检查是否已存在该用户的详情
-            UserDetails existing = userDetailsMapper.selectOne(
-                    new QueryWrapper<UserDetails>().eq("user_id", userDetails.getUserId()));
-            if (existing != null) {
-                throw new BusinessException(ErrorCode.BUSINESS_ERROR, "该用户已存在详情信息");
-            }
-            int result = userDetailsMapper.insert(userDetails);
-            return ResultUtils.success(result > 0);
-        } catch (BusinessException e) {
-            throw e;
-        } catch (Exception e) {
-            throw new BusinessException(ErrorCode.DATABASE_ERROR, "创建用户详情失败", e);
-        }
-    }
+        Users user = result.getData();
         
-    @Override
-    public Result<Boolean> updateUserDetails(UserDetails userDetails) {
-        if (userDetails == null) {
-            throw new BusinessException(ErrorCode.MISSING_PARAM, "用户详情信息不能为空");
+        // 2. 构建权限列表（这里简化处理，实际应从数据库中查询用户的角色和权限）
+        List<GrantedAuthority> authorities = new ArrayList<>();
+        // 查询用户角色关联
+        Result<List<UserRoles>> userRoleResultList = userRolesService.getUserRolesByUserId(user.getId());
+        if (userRoleResultList == null || userRoleResultList.getData() == null) {
+            throw new UsernameNotFoundException("用户角色不存在: " + user.getId());
         }
-        if (userDetails.getId() == null) {
-            throw new BusinessException(ErrorCode.MISSING_PARAM, "用户详情ID不能为空");
+        // 3. 查询角色权限
+        for (UserRoles userRole : userRoleResultList.getData()) {
+            Result<Roles> roleResult = RolesService.getRoleById(userRole.getRoleId());
+            if (roleResult == null || roleResult.getData() == null) {
+                throw new UsernameNotFoundException("权限不存在: " + userRole.getRoleId());
             }
-        try {
-            // 检查用户详情是否存在
-            UserDetails existing = userDetailsMapper.selectById(userDetails.getId());
-            if (existing == null) {
-                throw new BusinessException(ErrorCode.NOT_FOUND, "用户详情不存在");
+            Roles role = roleResult.getData();
+            // 4. 转换为Spring Security的GrantedAuthority对象
+            authorities.add(new SimpleGrantedAuthority("ROLE_" + role.getRoleName().toUpperCase()));
         }
-            int result = userDetailsMapper.updateById(userDetails);
-            return ResultUtils.success(result > 0);
-        } catch (BusinessException e) {
-            throw e;
-        } catch (Exception e) {
-            throw new BusinessException(ErrorCode.DATABASE_ERROR, "更新用户详情失败", e);
+        // 3. 返回UserDetails对象
+        // 注意：在实际应用中，密码应该加密存储，这里直接使用明文密码（仅用于演示）
+        return User.builder()
+                .username(user.getUsername()) // 用户名
+                .password(user.getPassword()) // 密码需要加密存储，这里直接使用明文密码（仅用于演示）
+                .authorities(authorities) // 假设用户默认拥有USER权限
+                .accountExpired(false) // 假设账号永不过期
+                .accountLocked(false) // 假设账号永不过期
+                .credentialsExpired(false) // 假设密码永不过期
+                .disabled(user.getStatus() == 0) // 假设status为0表示禁用
+                .build();
     }
-    }
-
-    @Override
-    public Result<Boolean> deleteUserDetailsByUserId(Long userId) {
-        if (userId == null) {
-            throw new BusinessException(ErrorCode.MISSING_PARAM, "用户ID不能为空");
-        }
-        try {
-            // 检查用户详情是否存在
-            UserDetails existing = userDetailsMapper.selectOne(
-                    new QueryWrapper<UserDetails>().eq("user_id", userId));
-            if (existing == null) {
-                throw new BusinessException(ErrorCode.NOT_FOUND, "用户详情不存在");
-            }
-            int result = userDetailsMapper.delete(
-                    new QueryWrapper<UserDetails>().eq("user_id", userId));
-            return ResultUtils.success(result > 0);
-        } catch (BusinessException e) {
-            throw e;
-        } catch (Exception e) {
-            throw new BusinessException(ErrorCode.DATABASE_ERROR, "删除用户详情失败", e);
-        }
-    }
-
-    @Override
-    public Result<UserDetails> getUserDetailsById(Long id) {
-        if (id == null) {
-            throw new BusinessException(ErrorCode.MISSING_PARAM, "用户详情ID不能为空");
-        }
-        try {
-            UserDetails userDetails = userDetailsMapper.selectById(id);
-            if (userDetails == null) {
-                throw new BusinessException(ErrorCode.NOT_FOUND, "用户详情不存在");
-            }
-            return ResultUtils.success(userDetails);
-        } catch (BusinessException e) {
-            throw e;
-        } catch (Exception e) {
-            throw new BusinessException(ErrorCode.DATABASE_ERROR, "查询用户详情失败", e);
-        }
-    }
-
-    // @Override
-    // public Result<Boolean> updateContactInfo(Long userId, String phone, String email) {
-    //     if (userId == null) {
-    //         throw new BusinessException(ErrorCode.MISSING_PARAM, "用户ID不能为空");
-    //     }
-    //     if (ValidateUtil.isEmpty(phone) && ValidateUtil.isEmpty(email)) {
-    //         throw new BusinessException(ErrorCode.MISSING_PARAM, "手机号和邮箱不能同时为空");
-    //     }
-    //     try {
-    //         // 检查用户详情是否存在
-    //         UserDetails existing = userDetailsMapper.selectOne(
-    //                 new QueryWrapper<UserDetails>().eq("user_id", userId));
-    //         if (existing == null) {
-    //             throw new BusinessException(ErrorCode.NOT_FOUND, "用户详情不存在");
-    //         }
-    //         // 更新联系方式
-    //         if (phone != null) {
-    //             existing.setPhone(phone);
-    //         }
-    //         if (email != null) {
-    //             existing.setEmail(email);
-    //         }
-    //         int result = userDetailsMapper.updateById(existing);
-    //         return ResultUtils.success(result > 0);
-    //     } catch (BusinessException e) {
-    //         throw e;
-    //     } catch (Exception e) {
-    //         throw new BusinessException(ErrorCode.DATABASE_ERROR, "更新用户联系方式失败", e);
-    //     }
-    // }
 }

src/main/java/com/qf/backend/service/impl/UserLoginServiceImpl.java

@@ -15,9 +15,8 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
-import com.qf.backend.dto.LoginUser;
+import com.qf.backend.dto.LoginResponse;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.Permissions;
 import com.qf.backend.entity.Roles;
 import com.qf.backend.entity.UserRoles;
@@ -29,6 +28,7 @@ import com.qf.backend.service.RolesService;
 import com.qf.backend.service.UserLoginService;
 import com.qf.backend.service.UserRolesService;
 import com.qf.backend.service.UsersService;
+import com.qf.backend.util.ResultUtils;
 import com.qf.backend.util.ValidateUtil;
 
 
@@ -57,17 +57,15 @@ public class UserLoginServiceImpl implements UserLoginService {
      * @return 登录结果
      */
     @Override
-    public Result<LoginUser> login(String username, String password) {
+    public Result<LoginResponse> login(String username, String password) {
         logger.info("用户登录，用户名：{}", username);
         // 1. 校验用户名和密码是否为空
         try{
         if (ValidateUtil.isEmpty(username) || ValidateUtil.isEmpty(password)) {
             throw new IllegalArgumentException("用户名或密码不能为空");
         } 
-        // 加密密码
-        String encryptedPassword = ValidateUtil.encryptPassword(password);
         // 2. 登录
-        Result<Users> result = usersServiceImpl.login(username, encryptedPassword);
+        Result<Users> result = usersServiceImpl.login(username, password);
         if (result == null || result.getData() == null) {
             throw new IllegalArgumentException("用户名不存在或密码错误");
         }
@@ -87,7 +85,7 @@ public class UserLoginServiceImpl implements UserLoginService {
         for (UserRoles ur : userRoles) {
             Roles role = rolesServiceImpl.getById(ur.getRoleId());
             if (role != null) {
-                roleNames.add(role.getRoleName());
+                roleNames.add(String.valueOf(role.getRoleType()));
                 roleIds.add(role.getId());
             }
         }
@@ -104,14 +102,12 @@ public class UserLoginServiceImpl implements UserLoginService {
             }
         }
         
-        // 6. 构建LoginUser对象
-        LoginUser loginUser = new LoginUser();
-        loginUser.setId(user.getId());
-        loginUser.setUsername(user.getUsername());
-        loginUser.setRoles(new ArrayList<>(roleNames));
-        loginUser.setPermissions(new ArrayList<>(permissionCodes));
-
-        return ResultUtils.success(loginUser);
+        // 6. 构建LoginResponse对象
+        LoginResponse loginResponse = new LoginResponse();
+        loginResponse.setUsername(user.getUsername());
+        loginResponse.setRoles(new ArrayList<>(roleNames));
+        loginResponse.setPermissions(new ArrayList<>(permissionCodes));
+        return ResultUtils.success(loginResponse);
         } catch (Exception e) {
             logger.error("用户登录失败，用户名：{}", username, e);
             return ResultUtils.fail(ErrorCode.SYSTEM_ERROR, e.getMessage());

src/main/java/com/qf/backend/service/impl/UsersRolesServiceImpl.java

@@ -12,13 +12,13 @@ import org.springframework.stereotype.Service;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.UserRoles;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.UserRolesMapper;
 import com.qf.backend.service.UserRolesService;
+import com.qf.backend.util.ResultUtils;
 
 
 

src/main/java/com/qf/backend/service/impl/UsersServiceImpl.java

@@ -12,13 +12,13 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.qf.backend.common.Result;
-import com.qf.backend.common.ResultUtils;
+import com.qf.backend.dto.Result;
 import com.qf.backend.entity.Users;
 import com.qf.backend.exception.BusinessException;
 import com.qf.backend.exception.ErrorCode;
 import com.qf.backend.mapper.UsersMapper;
 import com.qf.backend.service.UsersService;
+import com.qf.backend.util.ResultUtils;
 import com.qf.backend.util.ValidateUtil;
 
 @Service
@@ -88,12 +88,18 @@ public class UsersServiceImpl extends ServiceImpl<UsersMapper, Users> implements
                 throw new BusinessException(ErrorCode.INVALID_PARAM, "用户名或密码不能为空");
             }
             
-            // 校验用户名是否存在
-            Users user = usersMapper.login(username, password);
+            // 根据用户名查询用户
+            Users user = usersMapper.selectByUsername(username);
             if (user == null) {
                 throw new BusinessException(ErrorCode.USER_NOT_FOUND, "用户名不存在或密码错误");
             }
             
+            // 使用BCryptPasswordEncoder验证密码
+            BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+            if (!passwordEncoder.matches(password, user.getPassword())) {
+                throw new BusinessException(ErrorCode.USER_NOT_FOUND, "用户名不存在或密码错误");
+            }
+            
             return ResultUtils.success(user);
         } catch (BusinessException e) {
             throw e;

src/main/java/com/qf/backend/util/ResultUtils.java

@@ -1,7 +1,10 @@
-package com.qf.backend.common;
+package com.qf.backend.util;
 
+import com.qf.backend.dto.Result;
 import com.qf.backend.exception.ErrorCode;
 
+
+
 /**
  * 响应结果工具类
  * 提供各种响应结果的快速创建方法

src/main/resources/application.properties

@@ -6,4 +6,4 @@ spring.datasource.username=root
 spring.datasource.password=123456
 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
 # 暂时关闭Spring Security
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
+# spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration