LiuMangMang/ssh-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
1f1d1db65a43f59156abde4c644b50d444f7c320
ssh-manager/backend/src/main/java/com/sshmanager/controller/AuthController.java
T
liumangmang 1f1d1db65a feat: 多用户管理与公开注册功能 
- 后端:User 实体新增 role/enabled 字段、UserController CRUD、UserService
- 安全:SecurityConfig /api/users/** 要求 ROLE_ADMIN、JWT 过滤器检查账号状态
- 注册:POST /api/auth/register 公开注册,固定 ROLE_USER
- 保护:删除/禁用/降级最后 admin 均拒绝,DataInitializer 含 backfill
- 前端:用户管理页面、登录/注册切换、admin 专属导航入口
- 测试:UserServiceTest 19 个 + UserControllerTest 6 个 + AuthControllerTest 适配
2026-05-28 09:13:27 +08:00

176 lines
8.0 KiB
Java
Raw Blame History

package com.sshmanager.controller;
import com.sshmanager.dto.LoginRequest;
import com.sshmanager.dto.LoginResponse;
import com.sshmanager.dto.ChangePasswordRequest;
import com.sshmanager.dto.RegisterRequest;
import com.sshmanager.dto.UserDto;
import com.sshmanager.exception.InvalidOperationException;
import com.sshmanager.service.UserService;
import com.sshmanager.entity.User;
import com.sshmanager.repository.UserRepository;
import com.sshmanager.security.JwtTokenProvider;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.time.Instant;
import java.util.HashMap;
import java.util.Map;
@RestController
@RequestMapping("/api/auth")
public class AuthController {
private final AuthenticationManager authenticationManager;
private final JwtTokenProvider tokenProvider;
private final UserRepository userRepository;
private final PasswordEncoder passwordEncoder;
private final UserService userService;
public AuthController(AuthenticationManager authenticationManager,
JwtTokenProvider tokenProvider,
UserRepository userRepository,
PasswordEncoder passwordEncoder,
UserService userService) {
this.authenticationManager = authenticationManager;
this.tokenProvider = tokenProvider;
this.userRepository = userRepository;
this.passwordEncoder = passwordEncoder;
this.userService = userService;
}
@PostMapping("/login")
public ResponseEntity<?> login(@RequestBody LoginRequest request) {
try {
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(request.getUsername(), request.getPassword()));
SecurityContextHolder.getContext().setAuthentication(authentication);
String token = tokenProvider.generateToken(authentication);
User user = userRepository.findByUsername(request.getUsername()).orElseThrow(() -> new IllegalStateException("User not found"));
LoginResponse response = new LoginResponse(token, user.getUsername(),
user.getDisplayName() != null ? user.getDisplayName() : user.getUsername(),
user.getRole() != null ? user.getRole() : "ROLE_USER",
isPasswordChangeRequired(user));
return ResponseEntity.ok(response);
} catch (BadCredentialsException e) {
Map<String, String> error = new HashMap<>();
error.put("message", "Invalid username or password");
return ResponseEntity.status(401).body(error);
}
}
@PostMapping("/register")
public ResponseEntity<?> register(@RequestBody RegisterRequest request) {
try {
UserDto created = userService.createRegularUser(
request.getUsername(), request.getPassword(), request.getDisplayName());
// Auto-login: construct authentication directly (user already created & verified)
UsernamePasswordAuthenticationToken auth =
new UsernamePasswordAuthenticationToken(created.getUsername(), null);
SecurityContextHolder.getContext().setAuthentication(auth);
String token = tokenProvider.generateToken(auth);
LoginResponse response = new LoginResponse(token, created.getUsername(),
created.getDisplayName() != null ? created.getDisplayName() : created.getUsername(),
created.getRole() != null ? created.getRole() : "ROLE_USER",
false);
return ResponseEntity.ok(response);
} catch (InvalidOperationException e) {
Map<String, String> error = new HashMap<>();
error.put("message", e.getMessage());
return ResponseEntity.badRequest().body(error);
}
}
@GetMapping("/health")
public ResponseEntity<?> health() {
Map<String, Object> data = new HashMap<>();
data.put("app", "ssh-manager");
data.put("status", "ok");
data.put("timestamp", Instant.now().toEpochMilli());
return ResponseEntity.ok(data);
}
@GetMapping("/me")
public ResponseEntity<?> me(Authentication authentication) {
if (authentication == null || !authentication.isAuthenticated()) {
Map<String, String> error = new HashMap<>();
error.put("error", "Unauthorized");
return ResponseEntity.status(401).body(error);
}
User user = userRepository.findByUsername(authentication.getName()).orElseThrow(() -> new IllegalStateException("User not found"));
Map<String, Object> data = new HashMap<>();
data.put("username", user.getUsername());
data.put("displayName", user.getDisplayName());
data.put("role", user.getRole() != null ? user.getRole() : "ROLE_USER");
data.put("passwordChangeRequired", isPasswordChangeRequired(user));
return ResponseEntity.ok(data);
}
@PostMapping("/change-password")
public ResponseEntity<?> changePassword(@RequestBody ChangePasswordRequest request, Authentication authentication) {
if (authentication == null || !authentication.isAuthenticated()) {
Map<String, String> error = new HashMap<>();
error.put("error", "Unauthorized");
return ResponseEntity.status(401).body(error);
}
String currentPassword = request.getCurrentPassword() == null ? "" : request.getCurrentPassword().trim();
String newPassword = request.getNewPassword() == null ? "" : request.getNewPassword().trim();
if (currentPassword.isEmpty() || newPassword.isEmpty()) {
Map<String, String> error = new HashMap<>();
error.put("message", "Current password and new password are required");
return ResponseEntity.badRequest().body(error);
}
if (newPassword.length() < 8) {
Map<String, String> error = new HashMap<>();
error.put("message", "New password must be at least 8 characters");
return ResponseEntity.badRequest().body(error);
}
User user = userRepository.findByUsername(authentication.getName()).orElseThrow(() -> new IllegalStateException("User not found"));
if (!passwordEncoder.matches(currentPassword, user.getPasswordHash())) {
Map<String, String> error = new HashMap<>();
error.put("message", "Current password is incorrect");
return ResponseEntity.badRequest().body(error);
}
if (passwordEncoder.matches(newPassword, user.getPasswordHash())) {
Map<String, String> error = new HashMap<>();
error.put("message", "New password must be different from current password");
return ResponseEntity.badRequest().body(error);
}
user.setPasswordHash(passwordEncoder.encode(newPassword));
user.setPasswordChangedAt(Instant.now());
userRepository.save(user);
Map<String, Object> data = new HashMap<>();
data.put("message", "Password updated");
data.put("passwordChangeRequired", false);
return ResponseEntity.ok(data);
}
private boolean isPasswordChangeRequired(User user) {
return user.getPasswordChangedAt() == null
|| !user.getPasswordChangedAt().isAfter(Instant.EPOCH);
}
}
Reference in New Issue View Git Blame Copy Permalink