LiuMangMang/ssh-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat: prepare sellable source delivery edition

Browse Source
This commit is contained in:
liumangmang
2026-04-16 23:28:26 +08:00
parent f606d20000
commit 37dc4d8216
93 changed files with 7649 additions and 3096 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/main/java/com/sshmanager/controller/AuthController.java
+118 -47
View File
@@ -1,69 +1,140 @@
package com.sshmanager.controller;
import com.sshmanager.dto.LoginRequest;
import com.sshmanager.dto.LoginResponse;
import com.sshmanager.entity.User;
import com.sshmanager.repository.UserRepository;
import com.sshmanager.security.JwtTokenProvider;
import org.springframework.http.ResponseEntity;
import com.sshmanager.dto.LoginRequest;
import com.sshmanager.dto.LoginResponse;
import com.sshmanager.dto.ChangePasswordRequest;
import com.sshmanager.entity.User;
import com.sshmanager.repository.UserRepository;
import com.sshmanager.security.JwtTokenProvider;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import java.util.HashMap;
import java.util.Map;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.time.Instant;
import java.util.HashMap;
import java.util.Map;
@RestController
@RequestMapping("/api/auth")
public class AuthController {
private final AuthenticationManager authenticationManager;
private final JwtTokenProvider tokenProvider;
private final UserRepository userRepository;
private final AuthenticationManager authenticationManager;
private final JwtTokenProvider tokenProvider;
private final UserRepository userRepository;
private final PasswordEncoder passwordEncoder;
public AuthController(AuthenticationManager authenticationManager,
JwtTokenProvider tokenProvider,
UserRepository userRepository,
PasswordEncoder passwordEncoder) {
this.authenticationManager = authenticationManager;
this.tokenProvider = tokenProvider;
this.userRepository = userRepository;
this.passwordEncoder = passwordEncoder;
}
public AuthController(AuthenticationManager authenticationManager,
JwtTokenProvider tokenProvider,
UserRepository userRepository) {
this.authenticationManager = authenticationManager;
this.tokenProvider = tokenProvider;
this.userRepository = userRepository;
}
@PostMapping("/login")
public ResponseEntity<?> login(@RequestBody LoginRequest request) {
@PostMapping("/login")
public ResponseEntity<?> login(@RequestBody LoginRequest request) {
try {
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(request.getUsername(), request.getPassword()));
SecurityContextHolder.getContext().setAuthentication(authentication);
String token = tokenProvider.generateToken(authentication);
User user = userRepository.findByUsername(request.getUsername()).orElseThrow(() -> new IllegalStateException("User not found"));
LoginResponse response = new LoginResponse(token, user.getUsername(),
user.getDisplayName() != null ? user.getDisplayName() : user.getUsername());
return ResponseEntity.ok(response);
} catch (BadCredentialsException e) {
SecurityContextHolder.getContext().setAuthentication(authentication);
String token = tokenProvider.generateToken(authentication);
User user = userRepository.findByUsername(request.getUsername()).orElseThrow(() -> new IllegalStateException("User not found"));
LoginResponse response = new LoginResponse(token, user.getUsername(),
user.getDisplayName() != null ? user.getDisplayName() : user.getUsername(),
isPasswordChangeRequired(user));
return ResponseEntity.ok(response);
} catch (BadCredentialsException e) {
Map<String, String> error = new HashMap<>();
error.put("message", "Invalid username or password");
return ResponseEntity.status(401).body(error);
}
}
@GetMapping("/me")
public ResponseEntity<?> me(Authentication authentication) {
}
}
@GetMapping("/health")
public ResponseEntity<?> health() {
Map<String, Object> data = new HashMap<>();
data.put("app", "ssh-manager");
data.put("status", "ok");
data.put("timestamp", Instant.now().toEpochMilli());
return ResponseEntity.ok(data);
}
@GetMapping("/me")
public ResponseEntity<?> me(Authentication authentication) {
if (authentication == null || !authentication.isAuthenticated()) {
Map<String, String> error = new HashMap<>();
error.put("error", "Unauthorized");
return ResponseEntity.status(401).body(error);
}
User user = userRepository.findByUsername(authentication.getName()).orElseThrow(() -> new IllegalStateException("User not found"));
Map<String, Object> data = new HashMap<>();
data.put("username", user.getUsername());
data.put("displayName", user.getDisplayName());
return ResponseEntity.ok(data);
}
}
Map<String, Object> data = new HashMap<>();
data.put("username", user.getUsername());
data.put("displayName", user.getDisplayName());
data.put("passwordChangeRequired", isPasswordChangeRequired(user));
return ResponseEntity.ok(data);
}
@PostMapping("/change-password")
public ResponseEntity<?> changePassword(@RequestBody ChangePasswordRequest request, Authentication authentication) {
if (authentication == null || !authentication.isAuthenticated()) {
Map<String, String> error = new HashMap<>();
error.put("error", "Unauthorized");
return ResponseEntity.status(401).body(error);
}
String currentPassword = request.getCurrentPassword() == null ? "" : request.getCurrentPassword().trim();
String newPassword = request.getNewPassword() == null ? "" : request.getNewPassword().trim();
if (currentPassword.isEmpty() || newPassword.isEmpty()) {
Map<String, String> error = new HashMap<>();
error.put("message", "Current password and new password are required");
return ResponseEntity.badRequest().body(error);
}
if (newPassword.length() < 8) {
Map<String, String> error = new HashMap<>();
error.put("message", "New password must be at least 8 characters");
return ResponseEntity.badRequest().body(error);
}
User user = userRepository.findByUsername(authentication.getName()).orElseThrow(() -> new IllegalStateException("User not found"));
if (!passwordEncoder.matches(currentPassword, user.getPasswordHash())) {
Map<String, String> error = new HashMap<>();
error.put("message", "Current password is incorrect");
return ResponseEntity.badRequest().body(error);
}
if (passwordEncoder.matches(newPassword, user.getPasswordHash())) {
Map<String, String> error = new HashMap<>();
error.put("message", "New password must be different from current password");
return ResponseEntity.badRequest().body(error);
}
user.setPasswordHash(passwordEncoder.encode(newPassword));
user.setPasswordChangedAt(Instant.now());
userRepository.save(user);
Map<String, Object> data = new HashMap<>();
data.put("message", "Password updated");
data.put("passwordChangeRequired", false);
return ResponseEntity.ok(data);
}
private boolean isPasswordChangeRequired(User user) {
return "admin".equals(user.getUsername()) && passwordEncoder.matches("admin123", user.getPasswordHash());
}
}