From 083d9efe9a959153a6d2010b2bcce9fdccbb732a Mon Sep 17 00:00:00 2001 From: enoch Date: Fri, 6 Jun 2025 07:37:01 +0000 Subject: [PATCH] feat: Initialize Spring Boot project with user authentication - Add Maven Wrapper for easier project setup - Create pom.xml with Spring Boot dependencies for web, data JPA, and security - Implement main application class RestUserAuthApplication - Configure security settings with SecurityConfig class - Create AuthController for user authentication and registration - Implement UserController to retrieve current user information - Define DTOs for authentication requests and responses - Create User and Role models for user management - Implement UserRepository for database interactions - Add JWT authentication filter and token provider for secure API access - Create CustomUserDetailsService for loading user-specific data - Configure application properties for database and JWT settings - Add basic test class for application context loading - Include HTTP request examples for user registration and login in tests --- .gitattributes | 2 + .gitignore | 33 +++ .mvn/wrapper/maven-wrapper.properties | 19 ++ mvnw | 259 ++++++++++++++++++ mvnw.cmd | 149 ++++++++++ pom.xml | 98 +++++++ .../restuserauth/RestUserAuthApplication.java | 13 + .../restuserauth/config/SecurityConfig.java | 53 ++++ .../controller/AuthController.java | 84 ++++++ .../controller/UserController.java | 40 +++ .../restuserauth/dto/AuthRequest.java | 19 ++ .../restuserauth/dto/AuthResponse.java | 18 ++ .../restuserauth/dto/UserResponse.java | 32 +++ .../com/userauth/restuserauth/model/Role.java | 7 + .../com/userauth/restuserauth/model/User.java | 42 +++ .../repository/UserRepository.java | 13 + .../security/JwtAuthenticationFilter.java | 59 ++++ .../security/JwtTokenProvider.java | 64 +++++ .../service/CustomUserDetailsService.java | 38 +++ src/main/resources/application.properties | 30 ++ .../RestUserAuthApplicationTests.java | 13 + src/test/resources/rest-test/auth.http | 24 ++ 22 files changed, 1109 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 .mvn/wrapper/maven-wrapper.properties create mode 100755 mvnw create mode 100644 mvnw.cmd create mode 100644 pom.xml create mode 100644 src/main/java/com/userauth/restuserauth/RestUserAuthApplication.java create mode 100644 src/main/java/com/userauth/restuserauth/config/SecurityConfig.java create mode 100644 src/main/java/com/userauth/restuserauth/controller/AuthController.java create mode 100644 src/main/java/com/userauth/restuserauth/controller/UserController.java create mode 100644 src/main/java/com/userauth/restuserauth/dto/AuthRequest.java create mode 100644 src/main/java/com/userauth/restuserauth/dto/AuthResponse.java create mode 100644 src/main/java/com/userauth/restuserauth/dto/UserResponse.java create mode 100644 src/main/java/com/userauth/restuserauth/model/Role.java create mode 100644 src/main/java/com/userauth/restuserauth/model/User.java create mode 100644 src/main/java/com/userauth/restuserauth/repository/UserRepository.java create mode 100644 src/main/java/com/userauth/restuserauth/security/JwtAuthenticationFilter.java create mode 100644 src/main/java/com/userauth/restuserauth/security/JwtTokenProvider.java create mode 100644 src/main/java/com/userauth/restuserauth/service/CustomUserDetailsService.java create mode 100644 src/main/resources/application.properties create mode 100644 src/test/java/com/userauth/rest_user_auth/RestUserAuthApplicationTests.java create mode 100644 src/test/resources/rest-test/auth.http diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..3b41682 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +/mvnw text eol=lf +*.cmd text eol=crlf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..667aaef --- /dev/null +++ b/.gitignore @@ -0,0 +1,33 @@ +HELP.md +target/ +.mvn/wrapper/maven-wrapper.jar +!**/src/main/**/target/ +!**/src/test/**/target/ + +### STS ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans +.sts4-cache + +### IntelliJ IDEA ### +.idea +*.iws +*.iml +*.ipr + +### NetBeans ### +/nbproject/private/ +/nbbuild/ +/dist/ +/nbdist/ +/.nb-gradle/ +build/ +!**/src/main/**/build/ +!**/src/test/**/build/ + +### VS Code ### +.vscode/ diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties new file mode 100644 index 0000000..d58dfb7 --- /dev/null +++ b/.mvn/wrapper/maven-wrapper.properties @@ -0,0 +1,19 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +wrapperVersion=3.3.2 +distributionType=only-script +distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.zip diff --git a/mvnw b/mvnw new file mode 100755 index 0000000..19529dd --- /dev/null +++ b/mvnw @@ -0,0 +1,259 @@ +#!/bin/sh +# ---------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# ---------------------------------------------------------------------------- + +# ---------------------------------------------------------------------------- +# Apache Maven Wrapper startup batch script, version 3.3.2 +# +# Optional ENV vars +# ----------------- +# JAVA_HOME - location of a JDK home dir, required when download maven via java source +# MVNW_REPOURL - repo url base for downloading maven distribution +# MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +# MVNW_VERBOSE - true: enable verbose log; debug: trace the mvnw script; others: silence the output +# ---------------------------------------------------------------------------- + +set -euf +[ "${MVNW_VERBOSE-}" != debug ] || set -x + +# OS specific support. +native_path() { printf %s\\n "$1"; } +case "$(uname)" in +CYGWIN* | MINGW*) + [ -z "${JAVA_HOME-}" ] || JAVA_HOME="$(cygpath --unix "$JAVA_HOME")" + native_path() { cygpath --path --windows "$1"; } + ;; +esac + +# set JAVACMD and JAVACCMD +set_java_home() { + # For Cygwin and MinGW, ensure paths are in Unix format before anything is touched + if [ -n "${JAVA_HOME-}" ]; then + if [ -x "$JAVA_HOME/jre/sh/java" ]; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACCMD="$JAVA_HOME/jre/sh/javac" + else + JAVACMD="$JAVA_HOME/bin/java" + JAVACCMD="$JAVA_HOME/bin/javac" + + if [ ! -x "$JAVACMD" ] || [ ! -x "$JAVACCMD" ]; then + echo "The JAVA_HOME environment variable is not defined correctly, so mvnw cannot run." >&2 + echo "JAVA_HOME is set to \"$JAVA_HOME\", but \"\$JAVA_HOME/bin/java\" or \"\$JAVA_HOME/bin/javac\" does not exist." >&2 + return 1 + fi + fi + else + JAVACMD="$( + 'set' +e + 'unset' -f command 2>/dev/null + 'command' -v java + )" || : + JAVACCMD="$( + 'set' +e + 'unset' -f command 2>/dev/null + 'command' -v javac + )" || : + + if [ ! -x "${JAVACMD-}" ] || [ ! -x "${JAVACCMD-}" ]; then + echo "The java/javac command does not exist in PATH nor is JAVA_HOME set, so mvnw cannot run." >&2 + return 1 + fi + fi +} + +# hash string like Java String::hashCode +hash_string() { + str="${1:-}" h=0 + while [ -n "$str" ]; do + char="${str%"${str#?}"}" + h=$(((h * 31 + $(LC_CTYPE=C printf %d "'$char")) % 4294967296)) + str="${str#?}" + done + printf %x\\n $h +} + +verbose() { :; } +[ "${MVNW_VERBOSE-}" != true ] || verbose() { printf %s\\n "${1-}"; } + +die() { + printf %s\\n "$1" >&2 + exit 1 +} + +trim() { + # MWRAPPER-139: + # Trims trailing and leading whitespace, carriage returns, tabs, and linefeeds. + # Needed for removing poorly interpreted newline sequences when running in more + # exotic environments such as mingw bash on Windows. + printf "%s" "${1}" | tr -d '[:space:]' +} + +# parse distributionUrl and optional distributionSha256Sum, requires .mvn/wrapper/maven-wrapper.properties +while IFS="=" read -r key value; do + case "${key-}" in + distributionUrl) distributionUrl=$(trim "${value-}") ;; + distributionSha256Sum) distributionSha256Sum=$(trim "${value-}") ;; + esac +done <"${0%/*}/.mvn/wrapper/maven-wrapper.properties" +[ -n "${distributionUrl-}" ] || die "cannot read distributionUrl property in ${0%/*}/.mvn/wrapper/maven-wrapper.properties" + +case "${distributionUrl##*/}" in +maven-mvnd-*bin.*) + MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ + case "${PROCESSOR_ARCHITECTURE-}${PROCESSOR_ARCHITEW6432-}:$(uname -a)" in + *AMD64:CYGWIN* | *AMD64:MINGW*) distributionPlatform=windows-amd64 ;; + :Darwin*x86_64) distributionPlatform=darwin-amd64 ;; + :Darwin*arm64) distributionPlatform=darwin-aarch64 ;; + :Linux*x86_64*) distributionPlatform=linux-amd64 ;; + *) + echo "Cannot detect native platform for mvnd on $(uname)-$(uname -m), use pure java version" >&2 + distributionPlatform=linux-amd64 + ;; + esac + distributionUrl="${distributionUrl%-bin.*}-$distributionPlatform.zip" + ;; +maven-mvnd-*) MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ ;; +*) MVN_CMD="mvn${0##*/mvnw}" _MVNW_REPO_PATTERN=/org/apache/maven/ ;; +esac + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +[ -z "${MVNW_REPOURL-}" ] || distributionUrl="$MVNW_REPOURL$_MVNW_REPO_PATTERN${distributionUrl#*"$_MVNW_REPO_PATTERN"}" +distributionUrlName="${distributionUrl##*/}" +distributionUrlNameMain="${distributionUrlName%.*}" +distributionUrlNameMain="${distributionUrlNameMain%-bin}" +MAVEN_USER_HOME="${MAVEN_USER_HOME:-${HOME}/.m2}" +MAVEN_HOME="${MAVEN_USER_HOME}/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")" + +exec_maven() { + unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL || : + exec "$MAVEN_HOME/bin/$MVN_CMD" "$@" || die "cannot exec $MAVEN_HOME/bin/$MVN_CMD" +} + +if [ -d "$MAVEN_HOME" ]; then + verbose "found existing MAVEN_HOME at $MAVEN_HOME" + exec_maven "$@" +fi + +case "${distributionUrl-}" in +*?-bin.zip | *?maven-mvnd-?*-?*.zip) ;; +*) die "distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found '${distributionUrl-}'" ;; +esac + +# prepare tmp dir +if TMP_DOWNLOAD_DIR="$(mktemp -d)" && [ -d "$TMP_DOWNLOAD_DIR" ]; then + clean() { rm -rf -- "$TMP_DOWNLOAD_DIR"; } + trap clean HUP INT TERM EXIT +else + die "cannot create temp dir" +fi + +mkdir -p -- "${MAVEN_HOME%/*}" + +# Download and Install Apache Maven +verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +verbose "Downloading from: $distributionUrl" +verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +# select .zip or .tar.gz +if ! command -v unzip >/dev/null; then + distributionUrl="${distributionUrl%.zip}.tar.gz" + distributionUrlName="${distributionUrl##*/}" +fi + +# verbose opt +__MVNW_QUIET_WGET=--quiet __MVNW_QUIET_CURL=--silent __MVNW_QUIET_UNZIP=-q __MVNW_QUIET_TAR='' +[ "${MVNW_VERBOSE-}" != true ] || __MVNW_QUIET_WGET='' __MVNW_QUIET_CURL='' __MVNW_QUIET_UNZIP='' __MVNW_QUIET_TAR=v + +# normalize http auth +case "${MVNW_PASSWORD:+has-password}" in +'') MVNW_USERNAME='' MVNW_PASSWORD='' ;; +has-password) [ -n "${MVNW_USERNAME-}" ] || MVNW_USERNAME='' MVNW_PASSWORD='' ;; +esac + +if [ -z "${MVNW_USERNAME-}" ] && command -v wget >/dev/null; then + verbose "Found wget ... using wget" + wget ${__MVNW_QUIET_WGET:+"$__MVNW_QUIET_WGET"} "$distributionUrl" -O "$TMP_DOWNLOAD_DIR/$distributionUrlName" || die "wget: Failed to fetch $distributionUrl" +elif [ -z "${MVNW_USERNAME-}" ] && command -v curl >/dev/null; then + verbose "Found curl ... using curl" + curl ${__MVNW_QUIET_CURL:+"$__MVNW_QUIET_CURL"} -f -L -o "$TMP_DOWNLOAD_DIR/$distributionUrlName" "$distributionUrl" || die "curl: Failed to fetch $distributionUrl" +elif set_java_home; then + verbose "Falling back to use Java to download" + javaSource="$TMP_DOWNLOAD_DIR/Downloader.java" + targetZip="$TMP_DOWNLOAD_DIR/$distributionUrlName" + cat >"$javaSource" <<-END + public class Downloader extends java.net.Authenticator + { + protected java.net.PasswordAuthentication getPasswordAuthentication() + { + return new java.net.PasswordAuthentication( System.getenv( "MVNW_USERNAME" ), System.getenv( "MVNW_PASSWORD" ).toCharArray() ); + } + public static void main( String[] args ) throws Exception + { + setDefault( new Downloader() ); + java.nio.file.Files.copy( java.net.URI.create( args[0] ).toURL().openStream(), java.nio.file.Paths.get( args[1] ).toAbsolutePath().normalize() ); + } + } + END + # For Cygwin/MinGW, switch paths to Windows format before running javac and java + verbose " - Compiling Downloader.java ..." + "$(native_path "$JAVACCMD")" "$(native_path "$javaSource")" || die "Failed to compile Downloader.java" + verbose " - Running Downloader.java ..." + "$(native_path "$JAVACMD")" -cp "$(native_path "$TMP_DOWNLOAD_DIR")" Downloader "$distributionUrl" "$(native_path "$targetZip")" +fi + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +if [ -n "${distributionSha256Sum-}" ]; then + distributionSha256Result=false + if [ "$MVN_CMD" = mvnd.sh ]; then + echo "Checksum validation is not supported for maven-mvnd." >&2 + echo "Please disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + elif command -v sha256sum >/dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | sha256sum -c >/dev/null 2>&1; then + distributionSha256Result=true + fi + elif command -v shasum >/dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | shasum -a 256 -c >/dev/null 2>&1; then + distributionSha256Result=true + fi + else + echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2 + echo "Please install either command, or disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + fi + if [ $distributionSha256Result = false ]; then + echo "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised." >&2 + echo "If you updated your Maven version, you need to update the specified distributionSha256Sum property." >&2 + exit 1 + fi +fi + +# unzip and move +if command -v unzip >/dev/null; then + unzip ${__MVNW_QUIET_UNZIP:+"$__MVNW_QUIET_UNZIP"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -d "$TMP_DOWNLOAD_DIR" || die "failed to unzip" +else + tar xzf${__MVNW_QUIET_TAR:+"$__MVNW_QUIET_TAR"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -C "$TMP_DOWNLOAD_DIR" || die "failed to untar" +fi +printf %s\\n "$distributionUrl" >"$TMP_DOWNLOAD_DIR/$distributionUrlNameMain/mvnw.url" +mv -- "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" "$MAVEN_HOME" || [ -d "$MAVEN_HOME" ] || die "fail to move MAVEN_HOME" + +clean || : +exec_maven "$@" diff --git a/mvnw.cmd b/mvnw.cmd new file mode 100644 index 0000000..249bdf3 --- /dev/null +++ b/mvnw.cmd @@ -0,0 +1,149 @@ +<# : batch portion +@REM ---------------------------------------------------------------------------- +@REM Licensed to the Apache Software Foundation (ASF) under one +@REM or more contributor license agreements. See the NOTICE file +@REM distributed with this work for additional information +@REM regarding copyright ownership. The ASF licenses this file +@REM to you under the Apache License, Version 2.0 (the +@REM "License"); you may not use this file except in compliance +@REM with the License. You may obtain a copy of the License at +@REM +@REM http://www.apache.org/licenses/LICENSE-2.0 +@REM +@REM Unless required by applicable law or agreed to in writing, +@REM software distributed under the License is distributed on an +@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +@REM KIND, either express or implied. See the License for the +@REM specific language governing permissions and limitations +@REM under the License. +@REM ---------------------------------------------------------------------------- + +@REM ---------------------------------------------------------------------------- +@REM Apache Maven Wrapper startup batch script, version 3.3.2 +@REM +@REM Optional ENV vars +@REM MVNW_REPOURL - repo url base for downloading maven distribution +@REM MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +@REM MVNW_VERBOSE - true: enable verbose log; others: silence the output +@REM ---------------------------------------------------------------------------- + +@IF "%__MVNW_ARG0_NAME__%"=="" (SET __MVNW_ARG0_NAME__=%~nx0) +@SET __MVNW_CMD__= +@SET __MVNW_ERROR__= +@SET __MVNW_PSMODULEP_SAVE=%PSModulePath% +@SET PSModulePath= +@FOR /F "usebackq tokens=1* delims==" %%A IN (`powershell -noprofile "& {$scriptDir='%~dp0'; $script='%__MVNW_ARG0_NAME__%'; icm -ScriptBlock ([Scriptblock]::Create((Get-Content -Raw '%~f0'))) -NoNewScope}"`) DO @( + IF "%%A"=="MVN_CMD" (set __MVNW_CMD__=%%B) ELSE IF "%%B"=="" (echo %%A) ELSE (echo %%A=%%B) +) +@SET PSModulePath=%__MVNW_PSMODULEP_SAVE% +@SET __MVNW_PSMODULEP_SAVE= +@SET __MVNW_ARG0_NAME__= +@SET MVNW_USERNAME= +@SET MVNW_PASSWORD= +@IF NOT "%__MVNW_CMD__%"=="" (%__MVNW_CMD__% %*) +@echo Cannot start maven from wrapper >&2 && exit /b 1 +@GOTO :EOF +: end batch / begin powershell #> + +$ErrorActionPreference = "Stop" +if ($env:MVNW_VERBOSE -eq "true") { + $VerbosePreference = "Continue" +} + +# calculate distributionUrl, requires .mvn/wrapper/maven-wrapper.properties +$distributionUrl = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionUrl +if (!$distributionUrl) { + Write-Error "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" +} + +switch -wildcard -casesensitive ( $($distributionUrl -replace '^.*/','') ) { + "maven-mvnd-*" { + $USE_MVND = $true + $distributionUrl = $distributionUrl -replace '-bin\.[^.]*$',"-windows-amd64.zip" + $MVN_CMD = "mvnd.cmd" + break + } + default { + $USE_MVND = $false + $MVN_CMD = $script -replace '^mvnw','mvn' + break + } +} + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +if ($env:MVNW_REPOURL) { + $MVNW_REPO_PATTERN = if ($USE_MVND) { "/org/apache/maven/" } else { "/maven/mvnd/" } + $distributionUrl = "$env:MVNW_REPOURL$MVNW_REPO_PATTERN$($distributionUrl -replace '^.*'+$MVNW_REPO_PATTERN,'')" +} +$distributionUrlName = $distributionUrl -replace '^.*/','' +$distributionUrlNameMain = $distributionUrlName -replace '\.[^.]*$','' -replace '-bin$','' +$MAVEN_HOME_PARENT = "$HOME/.m2/wrapper/dists/$distributionUrlNameMain" +if ($env:MAVEN_USER_HOME) { + $MAVEN_HOME_PARENT = "$env:MAVEN_USER_HOME/wrapper/dists/$distributionUrlNameMain" +} +$MAVEN_HOME_NAME = ([System.Security.Cryptography.MD5]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join '' +$MAVEN_HOME = "$MAVEN_HOME_PARENT/$MAVEN_HOME_NAME" + +if (Test-Path -Path "$MAVEN_HOME" -PathType Container) { + Write-Verbose "found existing MAVEN_HOME at $MAVEN_HOME" + Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" + exit $? +} + +if (! $distributionUrlNameMain -or ($distributionUrlName -eq $distributionUrlNameMain)) { + Write-Error "distributionUrl is not valid, must end with *-bin.zip, but found $distributionUrl" +} + +# prepare tmp dir +$TMP_DOWNLOAD_DIR_HOLDER = New-TemporaryFile +$TMP_DOWNLOAD_DIR = New-Item -Itemtype Directory -Path "$TMP_DOWNLOAD_DIR_HOLDER.dir" +$TMP_DOWNLOAD_DIR_HOLDER.Delete() | Out-Null +trap { + if ($TMP_DOWNLOAD_DIR.Exists) { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } + } +} + +New-Item -Itemtype Directory -Path "$MAVEN_HOME_PARENT" -Force | Out-Null + +# Download and Install Apache Maven +Write-Verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +Write-Verbose "Downloading from: $distributionUrl" +Write-Verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +$webclient = New-Object System.Net.WebClient +if ($env:MVNW_USERNAME -and $env:MVNW_PASSWORD) { + $webclient.Credentials = New-Object System.Net.NetworkCredential($env:MVNW_USERNAME, $env:MVNW_PASSWORD) +} +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +$webclient.DownloadFile($distributionUrl, "$TMP_DOWNLOAD_DIR/$distributionUrlName") | Out-Null + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +$distributionSha256Sum = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionSha256Sum +if ($distributionSha256Sum) { + if ($USE_MVND) { + Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." + } + Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function Get-FileHash + if ((Get-FileHash "$TMP_DOWNLOAD_DIR/$distributionUrlName" -Algorithm SHA256).Hash.ToLower() -ne $distributionSha256Sum) { + Write-Error "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised. If you updated your Maven version, you need to update the specified distributionSha256Sum property." + } +} + +# unzip and move +Expand-Archive "$TMP_DOWNLOAD_DIR/$distributionUrlName" -DestinationPath "$TMP_DOWNLOAD_DIR" | Out-Null +Rename-Item -Path "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" -NewName $MAVEN_HOME_NAME | Out-Null +try { + Move-Item -Path "$TMP_DOWNLOAD_DIR/$MAVEN_HOME_NAME" -Destination $MAVEN_HOME_PARENT | Out-Null +} catch { + if (! (Test-Path -Path "$MAVEN_HOME" -PathType Container)) { + Write-Error "fail to move MAVEN_HOME" + } +} finally { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } +} + +Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..bd59d55 --- /dev/null +++ b/pom.xml @@ -0,0 +1,98 @@ + + + 4.0.0 + + org.springframework.boot + spring-boot-starter-parent + 3.5.0 + + + com.userauth + rest-user-auth + 0.0.1-SNAPSHOT + rest-user-auth + Demo project for Spring Boot User Auth + + + + + + + + + + + + + + + 21 + + + + org.springframework.boot + spring-boot-starter + + + + org.springframework.boot + spring-boot-starter-test + test + + + + org.springframework.boot + spring-boot-starter-web + + + + + org.springframework.boot + spring-boot-starter-data-jpa + + + + + org.springframework.boot + spring-boot-starter-security + + + + + com.mysql + mysql-connector-j + runtime + + + + + io.jsonwebtoken + jjwt-api + 0.11.5 + + + io.jsonwebtoken + jjwt-impl + 0.11.5 + runtime + + + io.jsonwebtoken + jjwt-jackson + 0.11.5 + runtime + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + + \ No newline at end of file diff --git a/src/main/java/com/userauth/restuserauth/RestUserAuthApplication.java b/src/main/java/com/userauth/restuserauth/RestUserAuthApplication.java new file mode 100644 index 0000000..ab6dd84 --- /dev/null +++ b/src/main/java/com/userauth/restuserauth/RestUserAuthApplication.java @@ -0,0 +1,13 @@ +package com.userauth.restuserauth; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class RestUserAuthApplication { + + public static void main(String[] args) { + SpringApplication.run(RestUserAuthApplication.class, args); + } + +} diff --git a/src/main/java/com/userauth/restuserauth/config/SecurityConfig.java b/src/main/java/com/userauth/restuserauth/config/SecurityConfig.java new file mode 100644 index 0000000..ef70de9 --- /dev/null +++ b/src/main/java/com/userauth/restuserauth/config/SecurityConfig.java @@ -0,0 +1,53 @@ +package com.userauth.restuserauth.config; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; + +import com.userauth.restuserauth.security.JwtAuthenticationFilter; +import com.userauth.restuserauth.service.CustomUserDetailsService; + +@Configuration +@EnableWebSecurity +public class SecurityConfig { + + @Bean + public JwtAuthenticationFilter jwtAuthenticationFilter() { + return new JwtAuthenticationFilter(); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + + @Bean + public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception { + return authenticationConfiguration.getAuthenticationManager(); + } + + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + http + .csrf(csrf -> csrf.disable()) + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .authorizeHttpRequests(auth -> auth + .requestMatchers("/api/auth/**").permitAll() + .anyRequest().authenticated() + ); + + // 在 UsernamePasswordAuthenticationFilter 之前添加 JWT 认证过滤器 + http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); + + return http.build(); + } +} diff --git a/src/main/java/com/userauth/restuserauth/controller/AuthController.java b/src/main/java/com/userauth/restuserauth/controller/AuthController.java new file mode 100644 index 0000000..8a15dd6 --- /dev/null +++ b/src/main/java/com/userauth/restuserauth/controller/AuthController.java @@ -0,0 +1,84 @@ +package com.userauth.restuserauth.controller; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import com.userauth.restuserauth.dto.AuthRequest; +import com.userauth.restuserauth.dto.AuthResponse; +import com.userauth.restuserauth.model.Role; +import com.userauth.restuserauth.model.User; +import com.userauth.restuserauth.repository.UserRepository; +import com.userauth.restuserauth.security.JwtTokenProvider; + +@RestController +@RequestMapping("/api/auth") +public class AuthController { + + // 添加 SLF4J Logger + private static final Logger logger = LoggerFactory.getLogger(AuthController.class); + + @Autowired + private AuthenticationManager authenticationManager; + + @Autowired + private UserRepository userRepository; + + @Autowired + private PasswordEncoder passwordEncoder; + + @Autowired + private JwtTokenProvider tokenProvider; + + @PostMapping("/login") + public ResponseEntity authenticateUser(@RequestBody AuthRequest loginRequest) { + try { + Authentication authentication = authenticationManager.authenticate( + new UsernamePasswordAuthenticationToken( + loginRequest.getUsername(), + loginRequest.getPassword() + ) + ); + + String jwt = tokenProvider.generateToken(authentication); + return ResponseEntity.ok(new AuthResponse(jwt, "登录成功")); + } catch (Exception e) { + // 关键改动:记录详细的错误日志,但仍然对客户端返回通用错误信息 + logger.error("用户 '{}' 认证失败:{}", loginRequest.getUsername(), e.getMessage()); + return new ResponseEntity<>("用户名或密码错误", HttpStatus.UNAUTHORIZED); + } + } + + @PostMapping("/register") + public ResponseEntity registerUser(@RequestBody AuthRequest registerRequest) { + if (userRepository.findByUsername(registerRequest.getUsername()).isPresent()) { + return new ResponseEntity<>("用户名已存在", HttpStatus.BAD_REQUEST); + } + + // 建议:检查电子邮件是否也已存在 + // if (userRepository.findByEmail(registerRequest.getEmail()).isPresent()) { + // return new ResponseEntity<>("该邮箱已被注册", HttpStatus.BAD_REQUEST); + // } + + User user = new User(); + user.setUsername(registerRequest.getUsername()); + user.setPassword(passwordEncoder.encode(registerRequest.getPassword())); + user.setEmail(registerRequest.getEmail()); + user.setPhone(registerRequest.getPhone()); + user.setRole(Role.USER); // 为新用户设置默认角色 + + userRepository.save(user); + + return new ResponseEntity<>("用户注册成功", HttpStatus.CREATED); + } +} diff --git a/src/main/java/com/userauth/restuserauth/controller/UserController.java b/src/main/java/com/userauth/restuserauth/controller/UserController.java new file mode 100644 index 0000000..66cf7ec --- /dev/null +++ b/src/main/java/com/userauth/restuserauth/controller/UserController.java @@ -0,0 +1,40 @@ +package com.userauth.restuserauth.controller; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.ResponseEntity; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import com.userauth.restuserauth.dto.UserResponse; +import com.userauth.restuserauth.model.User; +import com.userauth.restuserauth.repository.UserRepository; + +@RestController +@RequestMapping("/api/user") +public class UserController { + + @Autowired + private UserRepository userRepository; + + @GetMapping("/me") + public ResponseEntity getCurrentUser() { + // SecurityContextHolder 会持有由 JwtAuthenticationFilter 设置的认证信息 + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + String username = authentication.getName(); + + User user = userRepository.findByUsername(username) + .orElseThrow(() -> new RuntimeException("用户未找到:" + username)); + + UserResponse userResponse = new UserResponse( + user.getId(), + user.getUsername(), + user.getEmail(), + user.getPhone(), + user.getRole() + ); + + return ResponseEntity.ok(userResponse); + } +} \ No newline at end of file diff --git a/src/main/java/com/userauth/restuserauth/dto/AuthRequest.java b/src/main/java/com/userauth/restuserauth/dto/AuthRequest.java new file mode 100644 index 0000000..3815ade --- /dev/null +++ b/src/main/java/com/userauth/restuserauth/dto/AuthRequest.java @@ -0,0 +1,19 @@ +package com.userauth.restuserauth.dto; + +public class AuthRequest { + private String username; + private String password; + private String email; + private String phone; + + // Getters and Setters + public String getUsername() { return username; } + public void setUsername(String username) { this.username = username; } + public String getPassword() { return password; } + public void setPassword(String password) { this.password = password; } + public String getEmail() { return email; } + public void setEmail(String email) { this.email = email; } + public String getPhone() { return phone; } + public void setPhone(String phone) { this.phone = phone; } +} + diff --git a/src/main/java/com/userauth/restuserauth/dto/AuthResponse.java b/src/main/java/com/userauth/restuserauth/dto/AuthResponse.java new file mode 100644 index 0000000..7fc5d3b --- /dev/null +++ b/src/main/java/com/userauth/restuserauth/dto/AuthResponse.java @@ -0,0 +1,18 @@ +package com.userauth.restuserauth.dto; + +public class AuthResponse { + private String token; + private String message; + + public AuthResponse(String token, String message) { + this.token = token; + this.message = message; + } + + // Getters and Setters + public String getToken() { return token; } + public void setToken(String token) { this.token = token; } + public String getMessage() { return message; } + public void setMessage(String message) { this.message = message; } +} + diff --git a/src/main/java/com/userauth/restuserauth/dto/UserResponse.java b/src/main/java/com/userauth/restuserauth/dto/UserResponse.java new file mode 100644 index 0000000..c1575df --- /dev/null +++ b/src/main/java/com/userauth/restuserauth/dto/UserResponse.java @@ -0,0 +1,32 @@ +package com.userauth.restuserauth.dto; + +import com.userauth.restuserauth.model.Role; + +public class UserResponse { + private Long id; + private String username; + private String email; + private String phone; + private Role role; + + public UserResponse(Long id, String username, String email, String phone, Role role) { + this.id = id; + this.username = username; + this.email = email; + this.phone = phone; + this.role = role; + } + + // Getters and Setters + public Long getId() { return id; } + public void setId(Long id) { this.id = id; } + public String getUsername() { return username; } + public void setUsername(String username) { this.username = username; } + public String getEmail() { return email; } + public void setEmail(String email) { this.email = email; } + public String getPhone() { return phone; } + public void setPhone(String phone) { this.phone = phone; } + public Role getRole() { return role; } + public void setRole(Role role) { this.role = role; } +} + diff --git a/src/main/java/com/userauth/restuserauth/model/Role.java b/src/main/java/com/userauth/restuserauth/model/Role.java new file mode 100644 index 0000000..d0a2f66 --- /dev/null +++ b/src/main/java/com/userauth/restuserauth/model/Role.java @@ -0,0 +1,7 @@ +package com.userauth.restuserauth.model; + +public enum Role { + USER, + ADMIN +} + diff --git a/src/main/java/com/userauth/restuserauth/model/User.java b/src/main/java/com/userauth/restuserauth/model/User.java new file mode 100644 index 0000000..7aeab3d --- /dev/null +++ b/src/main/java/com/userauth/restuserauth/model/User.java @@ -0,0 +1,42 @@ +package com.userauth.restuserauth.model; + +import jakarta.persistence.*; + +@Entity +@Table(name = "users") +public class User { + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private Long id; + + @Column(nullable = false, unique = true) + private String username; + + @Column(nullable = false) + private String password; + + @Column(nullable = false, unique = true) + private String email; + + @Column + private String phone; + + @Enumerated(EnumType.STRING) + @Column(nullable = false) + private Role role; + + // Getters and Setters + public Long getId() { return id; } + public void setId(Long id) { this.id = id; } + public String getUsername() { return username; } + public void setUsername(String username) { this.username = username; } + public String getPassword() { return password; } + public void setPassword(String password) { this.password = password; } + public String getEmail() { return email; } + public void setEmail(String email) { this.email = email; } + public String getPhone() { return phone; } + public void setPhone(String phone) { this.phone = phone; } + public Role getRole() { return role; } + public void setRole(Role role) { this.role = role; } +} diff --git a/src/main/java/com/userauth/restuserauth/repository/UserRepository.java b/src/main/java/com/userauth/restuserauth/repository/UserRepository.java new file mode 100644 index 0000000..09f1b2a --- /dev/null +++ b/src/main/java/com/userauth/restuserauth/repository/UserRepository.java @@ -0,0 +1,13 @@ +package com.userauth.restuserauth.repository; + +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.stereotype.Repository; + +import com.userauth.restuserauth.model.User; + +import java.util.Optional; + +@Repository +public interface UserRepository extends JpaRepository { + Optional findByUsername(String username); +} diff --git a/src/main/java/com/userauth/restuserauth/security/JwtAuthenticationFilter.java b/src/main/java/com/userauth/restuserauth/security/JwtAuthenticationFilter.java new file mode 100644 index 0000000..ddec729 --- /dev/null +++ b/src/main/java/com/userauth/restuserauth/security/JwtAuthenticationFilter.java @@ -0,0 +1,59 @@ +package com.userauth.restuserauth.security; + +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; +import org.springframework.util.StringUtils; +import org.springframework.web.filter.OncePerRequestFilter; + +import com.userauth.restuserauth.service.CustomUserDetailsService; + +import java.io.IOException; + +public class JwtAuthenticationFilter extends OncePerRequestFilter { + + @Autowired + private JwtTokenProvider tokenProvider; + + @Autowired + private CustomUserDetailsService customUserDetailsService; + + private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationFilter.class); + @Override + protected void doFilterInternal(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull FilterChain filterChain) throws ServletException, IOException { + try { + String jwt = getJwtFromRequest(request); + + if (StringUtils.hasText(jwt) && tokenProvider.validateToken(jwt)) { + String username = tokenProvider.getUsernameFromToken(jwt); + + UserDetails userDetails = customUserDetailsService.loadUserByUsername(username); + UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()); + authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); + + SecurityContextHolder.getContext().setAuthentication(authentication); + } + } catch (Exception ex) { + logger.error("无法在安全上下文中设置用户认证", ex); + } + + filterChain.doFilter(request, response); + } + + private String getJwtFromRequest(HttpServletRequest request) { + String bearerToken = request.getHeader("Authorization"); + if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) { + return bearerToken.substring(7); + } + return null; + } +} \ No newline at end of file diff --git a/src/main/java/com/userauth/restuserauth/security/JwtTokenProvider.java b/src/main/java/com/userauth/restuserauth/security/JwtTokenProvider.java new file mode 100644 index 0000000..bed0201 --- /dev/null +++ b/src/main/java/com/userauth/restuserauth/security/JwtTokenProvider.java @@ -0,0 +1,64 @@ +package com.userauth.restuserauth.security; + +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.Jwts; +import io.jsonwebtoken.SignatureAlgorithm; +import io.jsonwebtoken.security.Keys; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.stereotype.Service; +import java.security.Key; +import java.util.Date; + + +@Service +public class JwtTokenProvider { + + private static final Logger logger = LoggerFactory.getLogger(JwtTokenProvider.class); + + private final Key key; + private final long expirationMs; + + public JwtTokenProvider(@Value("${app.jwt.secret}") String secret, @Value("${app.jwt.expiration-ms}") long expirationMs) { + this.key = Keys.hmacShaKeyFor(secret.getBytes()); + this.expirationMs = expirationMs; + } + + public String generateToken(Authentication authentication) { + UserDetails userPrincipal = (UserDetails) authentication.getPrincipal(); + Date now = new Date(); + Date expiryDate = new Date(now.getTime() + expirationMs); + + return Jwts.builder() + .setSubject(userPrincipal.getUsername()) + .setIssuedAt(new Date()) + .setExpiration(expiryDate) + .signWith(key, SignatureAlgorithm.HS512) + .compact(); + } + + // 新增:从 JWT 中获取用户名 + public String getUsernameFromToken(String token) { + Claims claims = Jwts.parserBuilder() + .setSigningKey(key) + .build() + .parseClaimsJws(token) + .getBody(); + return claims.getSubject(); + } + + // 新增:验证 JWT + public boolean validateToken(String authToken) { + try { + Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(authToken); + return true; + } catch (Exception ex) { + logger.error("无效的 JWT 令牌:{}", ex.getMessage()); + } + return false; + } +} \ No newline at end of file diff --git a/src/main/java/com/userauth/restuserauth/service/CustomUserDetailsService.java b/src/main/java/com/userauth/restuserauth/service/CustomUserDetailsService.java new file mode 100644 index 0000000..4694bfd --- /dev/null +++ b/src/main/java/com/userauth/restuserauth/service/CustomUserDetailsService.java @@ -0,0 +1,38 @@ +package com.userauth.restuserauth.service; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.stereotype.Service; + +import java.util.Collections; +import java.util.Set; + +import com.userauth.restuserauth.model.User; +import com.userauth.restuserauth.repository.UserRepository; + +@Service +public class CustomUserDetailsService implements UserDetailsService { + + @Autowired + private UserRepository userRepository; + + @Override + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + User user = userRepository.findByUsername(username) + .orElseThrow(() -> new UsernameNotFoundException("用户不存在:" + username)); + + // 从用户角色创建权限列表,注意 "ROLE_" 前缀是 Spring Security 的约定 + Set authorities = Collections.singleton( + new SimpleGrantedAuthority("ROLE_" + user.getRole().name()) + ); + + return new org.springframework.security.core.userdetails.User( + user.getUsername(), + user.getPassword(), + authorities); + } +} \ No newline at end of file diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties new file mode 100644 index 0000000..afcc1f8 --- /dev/null +++ b/src/main/resources/application.properties @@ -0,0 +1,30 @@ +spring.application.name=rest-user-auth + +# =============================== +# DATABASE CONFIGURATION +# =============================== +# 数据库 URL,请替换 your_database_name 为你的数据库名 +spring.datasource.url=jdbc:mysql://10.254.100.62:3306/play-auth +# 数据库用户名 +spring.datasource.username=enoch +# 数据库密码 +spring.datasource.password=enoch@123 +spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver + +# =============================== +# JPA / HIBERNATE CONFIGURATION +# =============================== +# 自动更新数据库表结构。在开发时方便,生产环境建议使用 Flyway 或 Liquibase +spring.jpa.hibernate.ddl-auto=update +# 在控制台显示执行的 SQL 语句,便于调试 +spring.jpa.show-sql=true +# 格式化显示的 SQL +spring.jpa.properties.hibernate.format_sql=true + +# =============================== +# JWT CONFIGURATION +# =============================== +# 用于签发 JWT 的密钥。请务必修改为一个足够长且复杂的字符串,不要在生产环境中泄露 +app.jwt.secret=YourSuperSecretKeyForJWTsWhichIsLongAndSecureAbcdAbcdAbcdAbcdAbcdAbcdAbcdAbcdAbcdAbcd +# JWT 的过期时间(毫秒),这里设置为 1 小时 +app.jwt.expiration-ms=3600000 diff --git a/src/test/java/com/userauth/rest_user_auth/RestUserAuthApplicationTests.java b/src/test/java/com/userauth/rest_user_auth/RestUserAuthApplicationTests.java new file mode 100644 index 0000000..c334b4b --- /dev/null +++ b/src/test/java/com/userauth/rest_user_auth/RestUserAuthApplicationTests.java @@ -0,0 +1,13 @@ +package com.userauth.rest_user_auth; + +import org.junit.jupiter.api.Test; +import org.springframework.boot.test.context.SpringBootTest; + +@SpringBootTest +class RestUserAuthApplicationTests { + + @Test + void contextLoads() { + } + +} diff --git a/src/test/resources/rest-test/auth.http b/src/test/resources/rest-test/auth.http new file mode 100644 index 0000000..67500bb --- /dev/null +++ b/src/test/resources/rest-test/auth.http @@ -0,0 +1,24 @@ +POST http://localhost:8080/api/auth/register +Content-Type: application/json + +{ + "username": "testuser02", + "password": "Password123!", + "email": "testuser01@example.com", + "phone": "13800138001" +} + + +### Login a user +POST http://localhost:8080/api/auth/login +Content-Type: application/json + +{ + "username": "testuser02", + "password": "Password123!" +} + +### Get user info +GET http://localhost:8080/api/user/me +Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ0ZXN0dXNlcjAyIiwiaWF0IjoxNzQ5MTk1MjQyLCJleHAiOjE3NDkxOTg4NDJ9.geB8qi60zzn_BJrqo9ETfGyH6zUxCfDg8rJQTTTypJBpP67bmM0qmEWwxmDqfkFSJ6Ycw6hVUxIzU4R0s3XNXw +