feat(auth): 实现RBAC，调整JWT验证，更新用户服务和控制器

src/main/java/top/suyiiyii/sims/common/InterceptorConfig.java

@@ -1,14 +1,10 @@
 package top.suyiiyii.sims.common;
 
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
 import top.suyiiyii.sims.service.RoleService;
-import top.suyiiyii.sims.utils.JwtUtils;
 
 /**
  * @Author tortoise
@@ -26,50 +22,20 @@ public class InterceptorConfig extends WebMvcConfigurationSupport {
 
     @Autowired
     private JwtInterceptor jwtInterceptor;
+    @Autowired
+    private RbacInterceptor rbacInterceptor;
 
     @Override
     protected void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(jwtInterceptor)
                 .addPathPatterns("/**")
                 .excludePathPatterns("/v3/api-docs/**");
+        registry.addInterceptor(rbacInterceptor)
+                .excludePathPatterns("/v3/api-docs/**");;
 
-        // 注册AdminInterceptor，只拦截以admin/开头的路径
-        registry.addInterceptor(new AdminInterceptor())
-                .addPathPatterns("/admin/**");
         super.addInterceptors(registry);
     }
 
 
-    // AdminInterceptor的实现
-    public class AdminInterceptor implements HandlerInterceptor {
-        @Override
-        public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
-            String path = request.getRequestURI();
-            if (path.startsWith("/admin/") && !hasAdminPermission(request)) {
-                // 如果用户没有管理员权限，返回403 Forbidden
-                response.setStatus(HttpServletResponse.SC_FORBIDDEN);
-                return false;
-            }
-            return true;
-        }
-
-        private boolean hasAdminPermission(HttpServletRequest request) {
-            // 这里应该实现检查用户权限的逻辑
-            // 例如，从session、token或者数据库中获取用户信息并判断权限
-            // 以下仅为示例
-            String token = (String) request.getAttribute("token");
-            //非空
-            if (token == null) {
-                return false;
-            }
-            try {
-                Integer userId = Integer.valueOf(JwtUtils.extractUserId(token));
-                return roleService.isRoleNameAdmin(userId);
-            } catch (Exception e) {
-                // 处理令牌解析过程中可能出现的异常
-                return false;
-            }
-        }
-    }
 }
 

src/main/java/top/suyiiyii/sims/common/JwtInterceptor.java

@@ -1,19 +1,15 @@
 package top.suyiiyii.sims.common;
 
-import cn.hutool.core.util.StrUtil;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
-import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.HandlerInterceptor;
-import top.suyiiyii.sims.entity.User;
 import top.suyiiyii.sims.exception.ServiceException;
 import top.suyiiyii.sims.mapper.MpUserMapper;
 import top.suyiiyii.sims.utils.JwtUtils;
 
-import java.util.List;
-
 /**
  * @Author tortoise
  * @Date 2024/8/12 11:33
@@ -26,8 +22,8 @@ import java.util.List;
 @Component
 public class JwtInterceptor implements HandlerInterceptor {
 
-    @Autowired
+    @Value("${jwt.secret}")
-    MpUserMapper userMapper;
+    private String secret;
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
@@ -37,46 +33,22 @@ public class JwtInterceptor implements HandlerInterceptor {
         // 从 Authorization 头中获取 token
         String token = request.getHeader("Authorization");
         if (token != null && token.startsWith("Bearer ")) {
-            token = token.substring(7);
             // 去除 "Bearer " 前缀
+            token = token.substring(7);
         } else {
-            // 如果 Authorization 头中没有 token，则尝试从请求参数中获取
+            // 如果没有有效的token，设置userId为-1，表示未登录
-            token = request.getParameter("token");
+            request.setAttribute("userId", -1);
-        }
-        List<String> allowRoles = null;
-        // 如果不是映射到方法直接通过
-        if (handler instanceof HandlerMethod) {
-            AuthAccess annotation = ((HandlerMethod) handler).getMethodAnnotation(AuthAccess.class);
-            if (annotation != null) {
-                allowRoles = List.of(annotation.allowRoles());
-            }
-        }
-//        // 执行认证
-//        if (StrUtil.isBlank(token)) {
-//            //权限错误
-//            throw new ServiceException("401", "请登录");
-//        }
-//        // 获取 token 中的 user id
-//        String userId = JwtUtils.extractUserId(token);
-//        if (userId == null) {
-//            throw new ServiceException("401", "请登录");
-//        }
-//
-//        User user = userMapper.selectById(Integer.parseInt(userId));
-//        if (user == null) {
-//            throw new ServiceException("401", "请登录");
-//        }
-//        // 验证 token 的有效性
-//        if (!JwtUtils.verifyToken(token, user.getPassword())) {
-//            throw new ServiceException("401", "请登录");
-//        }
-        // 验证token后，如果一切正常，将token存储到request的属性中
-        request.setAttribute("token", token);
-        if (allowRoles != null && !allowRoles.isEmpty()) {
-            if (allowRoles.contains("guest")) {
             return true;
         }
+        // 验证 token 的有效性
+        if (!JwtUtils.verifyToken(token, secret)) {
+            throw new ServiceException("401", "登录已过期，请重新登录");
         }
-        throw new ServiceException("403", "权限不足");
+
+        // 获取 token 中的 user id
+        String userId = JwtUtils.extractUserId(token);
+
+        request.setAttribute("userId", userId);
+        return true;
     }
 }

src/main/java/top/suyiiyii/sims/common/RbacInterceptor.java

@@ -0,0 +1,64 @@
+package top.suyiiyii.sims.common;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+import top.suyiiyii.sims.entity.Role;
+import top.suyiiyii.sims.exception.ServiceException;
+import top.suyiiyii.sims.service.RbacService;
+
+import java.util.List;
+
+/**
+ * Rbac 拦截器
+ * 从请求对象中获取用户信息，然后判断用户是否有权限访问当前路径
+ */
+@Component
+public class RbacInterceptor implements HandlerInterceptor {
+
+    @Autowired
+    RbacService rbacService;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        if ("/error".equals(request.getRequestURI())) {
+            return true;
+        }
+        // 获取用户角色
+        List<String> roles = getUserRole(request).stream().map(Role::getRoleName).toList();
+
+        List<String> allowRoles = null;
+
+        // 获取当前请求的方法上的 AuthAccess 注解，从而获取允许访问的角色
+        if (handler instanceof HandlerMethod) {
+            AuthAccess annotation = ((HandlerMethod) handler).getMethodAnnotation(AuthAccess.class);
+            if (annotation != null) {
+                allowRoles = List.of(annotation.allowRoles());
+            }
+        }
+
+        if (allowRoles != null && !allowRoles.isEmpty()) {
+            if (allowRoles.contains("guest")) {
+                return true;
+            }
+            for (String role : roles) {
+                if (allowRoles.contains(role)) {
+                    return true;
+                }
+            }
+        }
+        throw new ServiceException("403", "权限不足");
+    }
+
+    private List<Role> getUserRole(HttpServletRequest request) {
+        Integer UserId = (Integer) request.getAttribute("userId");
+        if (UserId == null || UserId == -1) {
+            return List.of(Role.guest());
+        }
+        return rbacService.getRolesByUserId(UserId);
+    }
+
+}

src/main/java/top/suyiiyii/sims/controller/UserController.java

@@ -78,6 +78,7 @@ public class UserController {
         User user = new User();
         user.setUsername(request.getUsername());
         user.setPassword(request.getPassword());
+        user.setStudentId(request.getStudentId());
         user.setEmail(request.getEmail());
         user.setGrade(request.getGrade());
         user.setUserGroup(request.getGroup());
@@ -121,6 +122,7 @@ public class UserController {
     public static class RegisterRequest {
         private String username;
         private String password;
+        private int studentId;
         private String email;
         private String grade;
         private String group;

src/main/java/top/suyiiyii/sims/entity/Role.java

@@ -26,4 +26,7 @@ public class Role {
     //管理员，普通用户，组员，组长，队长
     private String roleName;
 
+    public static Role guest() {
+        return new Role(-1, -1, "guest");
+    }
 }

src/main/java/top/suyiiyii/sims/mapper/UserMapper.java

@@ -22,7 +22,7 @@ public interface UserMapper extends BaseMapper<User> {
      * @param user 新用户对象
      * @return 影响的行数
      */
-    @Insert("insert INTO user (id,student_id, username, password, name, email, userGroup) VALUES (#{id},#{studentId}, #{username}, #{password}, #{name}, #{email}, #{userGroup})")
+    @Insert("insert INTO user (id,student_id, username, password, username, email, user_group) VALUES (#{id},#{studentId}, #{username}, #{password}, #{name}, #{email}, #{userGroup})")
     int addUser(User user);
 
     /**
@@ -41,10 +41,10 @@ public interface UserMapper extends BaseMapper<User> {
     @Update("UPDATE user SET " +
             "student_id = #{userId}, " +
             "username = #{username}, " +
-            "name = #{name}, " +
+            "username = #{name}, " +
             "email = #{email}, " +
             "grade = #{grade}, " +
-            "userGroup = #{group} " +
+            "user_group = #{group} " +
             "WHERE id = #{id}")
     int updateUser(User user);
 
@@ -53,7 +53,7 @@ public interface UserMapper extends BaseMapper<User> {
      * @param
      * @return 用户对象
      */
-    @Select("SELECT id, student_id, username, password, name, email,grade,user_group from user WHERE student_id = #{id}")
+    @Select("SELECT id, student_id, username, password, username, email,grade,user_group from user WHERE student_id = #{id}")
     User selectByUserId(Integer id);
 
     /**
@@ -61,13 +61,13 @@ public interface UserMapper extends BaseMapper<User> {
      * @param
      * @return 用户对象
      */
-    @Select("SELECT id, student_id, username, password, name, email,grade, user_group from user WHERE id = #{id}")
+    @Select("SELECT id, student_id, username, password, username, email,grade, user_group from user WHERE id = #{id}")
     User selectById(Integer id);
     /**
      * 查询所有用户信息
      * @return 用户列表
      */
-    @Select("SELECT id, student_id, username, password, name, email, grade, user_group FROM user")
+    @Select("SELECT id, student_id, username, password, username, email, grade, user_group FROM user")
     List<User> selectAll();
 
   @Select("select * from user where username = #{username}")

src/main/java/top/suyiiyii/sims/service/RbacService.java

@@ -38,4 +38,18 @@ public class RbacService {
         return roleMapper.selectBatchIds(userRoles.stream().map(UserRole::getRoleId).toList());
     }
 
+    public boolean addRoleWithUserId(int userId, String roleName) {
+        Role role = roleMapper.selectOne(new QueryWrapper<Role>().eq("role_name", roleName));
+        if (role == null) {
+            Role newRole = new Role();
+            newRole.setRoleName(roleName);
+            roleMapper.insert(newRole);
+            role = roleMapper.selectOne(new QueryWrapper<Role>().eq("role_name", roleName));
+        }
+        UserRole userRole = new UserRole();
+        userRole.setUserId(userId);
+        userRole.setRoleId(role.getId());
+        return userRoleMapper.insert(userRole) > 0;
+    }
+
 }

src/main/java/top/suyiiyii/sims/service/UserService.java

@@ -3,15 +3,14 @@ package top.suyiiyii.sims.service;
 
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
 
 import top.suyiiyii.sims.dto.UserDto;
 import top.suyiiyii.sims.entity.*;
 import top.suyiiyii.sims.exception.ServiceException;
-import top.suyiiyii.sims.mapper.PermissionsMapper;
+import top.suyiiyii.sims.mapper.*;
-import top.suyiiyii.sims.mapper.RoleMapper;
-import top.suyiiyii.sims.mapper.UserMapper;
 import top.suyiiyii.sims.utils.JwtUtils;
 
 import java.util.ArrayList;
@@ -31,9 +30,13 @@ public class UserService {
     @Autowired
     UserMapper userMapper;
     @Autowired
+    MpUserMapper mpUserMapper;
+    @Autowired
     RoleMapper roleMapper;
     @Autowired
     PermissionsMapper permissionsMapper;
+    @Value("${jwt.secret}")
+    private String secret;
 
     public void addUser(User user) {
         userMapper.addUser(user);
@@ -74,7 +77,7 @@ public class UserService {
             }
         }
 
-        String token = JwtUtils.createToken(dbUser.getId().toString(), dbUser.getPassword());
+        String token = JwtUtils.createToken(dbUser.getId().toString(), secret);
 
 
         return token;
@@ -93,7 +96,7 @@ public class UserService {
             throw new ServiceException("账号已经存在");
         }
         if (user.getStudentId() == null || user.getStudentId().equals("")) {
-            throw new ServiceException("用户id不能为空");
+            throw new ServiceException("学号不能为空");
         }
         if( user.getPassword() == null || user.getPassword().equals("")) {
             throw new ServiceException("密码不能为空");
@@ -105,7 +108,7 @@ public class UserService {
             throw new ServiceException("组别不能为空");
         }
 
-            userMapper.addUser(user);
+        mpUserMapper.insert(user);
             return user;
     }
     public User selectByUsername(String username) {

src/main/resources/application.yaml

@@ -12,3 +12,6 @@ spring:
 auto-table:
   enable: true
   model-package: top.suyiiyii.sims.entity
+
+jwt:
+  secret: ${JWT_SECRET}

src/test/java/top/suyiiyii/sims/service/RbacServiceTest.java

@@ -0,0 +1,33 @@
+package top.suyiiyii.sims.service;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import top.suyiiyii.sims.entity.Role;
+
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+@SpringBootTest
+class RbacServiceTest {
+
+    @Autowired
+    private RbacService rbacService;
+
+    @Test
+    void addRoleWithUserId() {
+        int userId = 1; // mock userId
+        String roleName = "ROLE"; // mock roleName
+        boolean result = rbacService.addRoleWithUserId(userId, roleName);
+        assertTrue(result);
+    }
+    @Test
+    void getRolesByUserId() {
+        int userId = 1; // mock userId
+        List<Role> roles = rbacService.getRolesByUserId(userId);
+        assertNotNull(roles);
+        assert roles.stream().map(Role::getRoleName).toList().contains("ROLE"); // mock roleName
+    }
+
+}