feat(安全): 添加验证码和登录安全增强功能

新增验证码功能用于敏感操作，包括删除账号、修改密码等添加登录失败锁定机制和限流策略实现防重放攻击和XSS防护增强重构XSS拦截器使用请求包装器
2026-03-03 17:49:50 +08:00
parent 5a24569ebd
commit 23929a974f
13 changed files with 763 additions and 26 deletions
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/UserController.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/UserController.java
@@ -1,5 +1,6 @@
 package com.test.bijihoudaun.controller;

+import com.test.bijihoudaun.annotation.RequireCaptcha;
 import com.test.bijihoudaun.bo.UpdatePasswordBo;
 import cn.hutool.core.util.ObjectUtil;
 import com.test.bijihoudaun.common.response.R;
@@ -84,6 +85,7 @@ public class UserController {
    }

    @Operation(summary = "删除当前登录的用户")
+    @RequireCaptcha("删除账号")
    @DeleteMapping("/deleteUser")
    public R<String> deleteUser(){
        UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
@@ -105,6 +107,7 @@ public class UserController {
    }

    @Operation(summary = "更新用户密码")
+    @RequireCaptcha("修改密码")
    @PutMapping("/password")
    public R<String> updatePassword(@RequestBody UpdatePasswordBo updatePasswordBo) {
        UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();