feat: 多用户管理与公开注册功能
- 后端:User 实体新增 role/enabled 字段、UserController CRUD、UserService - 安全:SecurityConfig /api/users/** 要求 ROLE_ADMIN、JWT 过滤器检查账号状态 - 注册:POST /api/auth/register 公开注册,固定 ROLE_USER - 保护:删除/禁用/降级最后 admin 均拒绝,DataInitializer 含 backfill - 前端:用户管理页面、登录/注册切换、admin 专属导航入口 - 测试:UserServiceTest 19 个 + UserControllerTest 6 个 + AuthControllerTest 适配
This commit is contained in:
liumangmang
@@ -1,13 +1,17 @@
|
||||
package com.sshmanager.controller;
|
||||
|
||||
package com.sshmanager.controller;
|
||||
|
||||
import com.sshmanager.dto.LoginRequest;
|
||||
import com.sshmanager.dto.LoginResponse;
|
||||
import com.sshmanager.dto.ChangePasswordRequest;
|
||||
import com.sshmanager.dto.RegisterRequest;
|
||||
import com.sshmanager.dto.UserDto;
|
||||
import com.sshmanager.exception.InvalidOperationException;
|
||||
import com.sshmanager.service.UserService;
|
||||
import com.sshmanager.entity.User;
|
||||
import com.sshmanager.repository.UserRepository;
|
||||
import com.sshmanager.security.JwtTokenProvider;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@@ -22,45 +26,74 @@ import org.springframework.web.bind.annotation.RestController;
|
||||
import java.time.Instant;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/api/auth")
|
||||
public class AuthController {
|
||||
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/api/auth")
|
||||
public class AuthController {
|
||||
|
||||
private final AuthenticationManager authenticationManager;
|
||||
private final JwtTokenProvider tokenProvider;
|
||||
private final UserRepository userRepository;
|
||||
private final PasswordEncoder passwordEncoder;
|
||||
private final UserService userService;
|
||||
|
||||
public AuthController(AuthenticationManager authenticationManager,
|
||||
JwtTokenProvider tokenProvider,
|
||||
UserRepository userRepository,
|
||||
PasswordEncoder passwordEncoder) {
|
||||
PasswordEncoder passwordEncoder,
|
||||
UserService userService) {
|
||||
this.authenticationManager = authenticationManager;
|
||||
this.tokenProvider = tokenProvider;
|
||||
this.userRepository = userRepository;
|
||||
this.passwordEncoder = passwordEncoder;
|
||||
this.userService = userService;
|
||||
}
|
||||
|
||||
|
||||
@PostMapping("/login")
|
||||
public ResponseEntity<?> login(@RequestBody LoginRequest request) {
|
||||
try {
|
||||
Authentication authentication = authenticationManager.authenticate(
|
||||
new UsernamePasswordAuthenticationToken(request.getUsername(), request.getPassword()));
|
||||
|
||||
try {
|
||||
Authentication authentication = authenticationManager.authenticate(
|
||||
new UsernamePasswordAuthenticationToken(request.getUsername(), request.getPassword()));
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(authentication);
|
||||
String token = tokenProvider.generateToken(authentication);
|
||||
|
||||
User user = userRepository.findByUsername(request.getUsername()).orElseThrow(() -> new IllegalStateException("User not found"));
|
||||
LoginResponse response = new LoginResponse(token, user.getUsername(),
|
||||
user.getDisplayName() != null ? user.getDisplayName() : user.getUsername(),
|
||||
user.getRole() != null ? user.getRole() : "ROLE_USER",
|
||||
isPasswordChangeRequired(user));
|
||||
|
||||
return ResponseEntity.ok(response);
|
||||
} catch (BadCredentialsException e) {
|
||||
Map<String, String> error = new HashMap<>();
|
||||
error.put("message", "Invalid username or password");
|
||||
return ResponseEntity.status(401).body(error);
|
||||
Map<String, String> error = new HashMap<>();
|
||||
error.put("message", "Invalid username or password");
|
||||
return ResponseEntity.status(401).body(error);
|
||||
}
|
||||
}
|
||||
|
||||
@PostMapping("/register")
|
||||
public ResponseEntity<?> register(@RequestBody RegisterRequest request) {
|
||||
try {
|
||||
UserDto created = userService.createRegularUser(
|
||||
request.getUsername(), request.getPassword(), request.getDisplayName());
|
||||
|
||||
// Auto-login: construct authentication directly (user already created & verified)
|
||||
UsernamePasswordAuthenticationToken auth =
|
||||
new UsernamePasswordAuthenticationToken(created.getUsername(), null);
|
||||
SecurityContextHolder.getContext().setAuthentication(auth);
|
||||
String token = tokenProvider.generateToken(auth);
|
||||
|
||||
LoginResponse response = new LoginResponse(token, created.getUsername(),
|
||||
created.getDisplayName() != null ? created.getDisplayName() : created.getUsername(),
|
||||
created.getRole() != null ? created.getRole() : "ROLE_USER",
|
||||
false);
|
||||
|
||||
return ResponseEntity.ok(response);
|
||||
} catch (InvalidOperationException e) {
|
||||
Map<String, String> error = new HashMap<>();
|
||||
error.put("message", e.getMessage());
|
||||
return ResponseEntity.badRequest().body(error);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -75,15 +108,16 @@ public class AuthController {
|
||||
|
||||
@GetMapping("/me")
|
||||
public ResponseEntity<?> me(Authentication authentication) {
|
||||
if (authentication == null || !authentication.isAuthenticated()) {
|
||||
Map<String, String> error = new HashMap<>();
|
||||
error.put("error", "Unauthorized");
|
||||
return ResponseEntity.status(401).body(error);
|
||||
}
|
||||
User user = userRepository.findByUsername(authentication.getName()).orElseThrow(() -> new IllegalStateException("User not found"));
|
||||
if (authentication == null || !authentication.isAuthenticated()) {
|
||||
Map<String, String> error = new HashMap<>();
|
||||
error.put("error", "Unauthorized");
|
||||
return ResponseEntity.status(401).body(error);
|
||||
}
|
||||
User user = userRepository.findByUsername(authentication.getName()).orElseThrow(() -> new IllegalStateException("User not found"));
|
||||
Map<String, Object> data = new HashMap<>();
|
||||
data.put("username", user.getUsername());
|
||||
data.put("displayName", user.getDisplayName());
|
||||
data.put("role", user.getRole() != null ? user.getRole() : "ROLE_USER");
|
||||
data.put("passwordChangeRequired", isPasswordChangeRequired(user));
|
||||
return ResponseEntity.ok(data);
|
||||
}
|
||||
@@ -135,6 +169,7 @@ public class AuthController {
|
||||
}
|
||||
|
||||
private boolean isPasswordChangeRequired(User user) {
|
||||
return "admin".equals(user.getUsername()) && passwordEncoder.matches("admin123", user.getPasswordHash());
|
||||
return user.getPasswordChangedAt() == null
|
||||
|| !user.getPasswordChangedAt().isAfter(Instant.EPOCH);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user