feat(security): 添加 JWT 认证功能

- 在后端添加 JWT 认证过滤器 JwtAuthenticationTokenFilter
- 创建 JwtTokenUtil 工具类用于生成和验证 JWT token
- 在 application.yml 中配置 JWT 相关参数
- 更新前端 HomePage 组件，增加用户认证相关逻辑

biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java

@@ -0,0 +1,61 @@
+package com.test.bijihoudaun.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import com.test.bijihoudaun.interceptor.JwtAuthenticationTokenFilter;
+import com.test.bijihoudaun.util.JwtTokenUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Autowired
+    private UserDetailsService userDetailsService;
+
+    @Autowired
+    private JwtTokenUtil jwtTokenUtil;
+
+    @Value("${jwt.header}")
+    private String tokenHeader;
+
+    @Value("${jwt.tokenHead}")
+    private String tokenHead;
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter = new JwtAuthenticationTokenFilter(userDetailsService, jwtTokenUtil, tokenHeader, tokenHead);
+
+        http
+                .csrf(csrf -> csrf.disable())
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests(authz -> authz
+                        .requestMatchers("/doc.html", "/webjars/**", "/v3/api-docs/**", "/api/user/login", "/api/user/register").permitAll()
+                        .requestMatchers(org.springframework.http.HttpMethod.GET).permitAll()
+                        .anyRequest().authenticated()
+                );
+
+        // 在这里添加JWT过滤器
+        http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
+
+        return http.build();
+    }
+}

biji-houdaun/src/main/java/com/test/bijihoudaun/controller/UserController.java

@@ -12,6 +12,10 @@ import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+
+import java.util.HashMap;
+import java.util.Map;
+
 @Tag(name = "用户接口")
 @RestController
 @RequestMapping("/api/user")
@@ -36,8 +40,11 @@ public class UserController {
             @Parameter(name = "password", description = "密码",required = true)
     })
     @PostMapping("/login")
-    public R<User> login(String username, String password){
-        return R.success(userService.login(username,password));
+    public R<Map<String, String>> login(String username, String password){
+        String token = userService.login(username, password);
+        Map<String, String> tokenMap = new HashMap<>();
+        tokenMap.put("token", token);
+        return R.success(tokenMap);
     }
 
     @Operation(summary = "用户删除")

biji-houdaun/src/main/java/com/test/bijihoudaun/interceptor/JwtAuthenticationTokenFilter.java

@@ -0,0 +1,52 @@
+package com.test.bijihoudaun.interceptor;
+
+import com.test.bijihoudaun.util.JwtTokenUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
+
+    private final UserDetailsService userDetailsService;
+    private final JwtTokenUtil jwtTokenUtil;
+    private final String tokenHeader;
+    private final String tokenHead;
+
+    public JwtAuthenticationTokenFilter(UserDetailsService userDetailsService, JwtTokenUtil jwtTokenUtil, String tokenHeader, String tokenHead) {
+        this.userDetailsService = userDetailsService;
+        this.jwtTokenUtil = jwtTokenUtil;
+        this.tokenHeader = tokenHeader;
+        this.tokenHead = tokenHead;
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
+        String authHeader = request.getHeader(this.tokenHeader);
+        if (authHeader != null && authHeader.startsWith(this.tokenHead)) {
+            final String authToken = authHeader.substring(this.tokenHead.length());
+            String username = jwtTokenUtil.getUsernameFromToken(authToken);
+
+            if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+                UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
+
+                if (jwtTokenUtil.validateToken(authToken, userDetails)) {
+                    UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
+                    authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                    SecurityContextHolder.getContext().setAuthentication(authentication);
+                }
+            }
+        }
+        chain.doFilter(request, response);
+    }
+}

biji-houdaun/src/main/java/com/test/bijihoudaun/mapper/UserMapper.java

@@ -3,10 +3,11 @@ package com.test.bijihoudaun.mapper;
 import com.baomidou.mybatisplus.core.mapper.BaseMapper;
 import com.test.bijihoudaun.entity.User;
 import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Select;
 
 @Mapper
 public interface UserMapper extends BaseMapper<User> {
     // 自定义查询方法示例
-    // @Select("SELECT * FROM user WHERE username = #{username}")
-    // User findByUsername(String username);
+    @Select("SELECT * FROM user WHERE username = #{username}")
+    User findByUsername(String username);
 }

biji-houdaun/src/main/java/com/test/bijihoudaun/service/UserService.java

@@ -19,7 +19,7 @@ public interface UserService extends IService<User> {
      * @param password 密码
      * @return 登录成功的用户
      */
-    User login(String username, String password);
+    String login(String username, String password);
 
     /**
      * 用户删除

biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/UserServiceImpl.java

@@ -6,21 +6,34 @@ import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.test.bijihoudaun.entity.User;
 import com.test.bijihoudaun.mapper.UserMapper;
 import com.test.bijihoudaun.service.UserService;
+import com.test.bijihoudaun.util.JwtTokenUtil;
 import com.test.bijihoudaun.util.PasswordUtils;
 import com.test.bijihoudaun.util.UuidV7;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
 
-import java.time.LocalDateTime;
+import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Date;
 
 @Service
-public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements UserService {
+public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements UserService, UserDetailsService {
 
     @Autowired
     private UserMapper userMapper;
 
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        User user = userMapper.findByUsername(username);
+        if (user == null) {
+            throw new UsernameNotFoundException("User not found with username: " + username);
+        }
+        return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), new ArrayList<>());
+    }
+
     @Override
     public User register(String username, String password, String email) {
         String encrypt = PasswordUtils.encrypt(password);
@@ -43,23 +56,16 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
         return user;
     }
 
+    @Autowired
+    private JwtTokenUtil jwtTokenUtil;
+
     @Override
-    public User login(String username, String password) {
-        LambdaQueryWrapper<User> queryWrapper = new LambdaQueryWrapper<>();
-        queryWrapper.eq(User::getUsername, username);
-        User user = userMapper.selectOne(queryWrapper);
-        boolean verify = PasswordUtils.verify(password, user.getPassword());
-        if (!verify) {
+    public String login(String username, String password) {
+        UserDetails userDetails = loadUserByUsername(username);
+        if (!PasswordUtils.verify(password, userDetails.getPassword())) {
             throw new RuntimeException("密码错误");
         }
-        user.setToken(UuidV7.uuidNoHyphen());
-        // 过期时间：当前时间+3天的时间
-        // 修改时间计算方式
-        Calendar calendar = Calendar.getInstance();
-        calendar.add(Calendar.DAY_OF_MONTH, 3); // 增加3天
-        user.setTokenEnddata(calendar.getTime());
-        userMapper.updateById(user);
-        return user;
+        return jwtTokenUtil.generateToken(userDetails);
     }
 
     @Override

biji-houdaun/src/main/java/com/test/bijihoudaun/util/JwtTokenUtil.java

@@ -0,0 +1,68 @@
+package com.test.bijihoudaun.util;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Function;
+
+@Component
+public class JwtTokenUtil {
+
+    @Value("${jwt.secret}")
+    private String secret;
+
+    @Value("${jwt.expiration}")
+    private Long expiration;
+
+    // 从token中获取用户名
+    public String getUsernameFromToken(String token) {
+        return getClaimFromToken(token, Claims::getSubject);
+    }
+
+    // 从token中获取过期时间
+    public Date getExpirationDateFromToken(String token) {
+        return getClaimFromToken(token, Claims::getExpiration);
+    }
+
+    public <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver) {
+        final Claims claims = getAllClaimsFromToken(token);
+        return claimsResolver.apply(claims);
+    }
+
+    // 为了从token中获取任何信息，我们都需要密钥
+    private Claims getAllClaimsFromToken(String token) {
+        return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
+    }
+
+    // 检查token是否过期
+    private Boolean isTokenExpired(String token) {
+        final Date expiration = getExpirationDateFromToken(token);
+        return expiration.before(new Date());
+    }
+
+    // 为用户生成token
+    public String generateToken(UserDetails userDetails) {
+        Map<String, Object> claims = new HashMap<>();
+        return doGenerateToken(claims, userDetails.getUsername());
+    }
+
+    // 创建token
+    private String doGenerateToken(Map<String, Object> claims, String subject) {
+        return Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(new Date(System.currentTimeMillis()))
+                .setExpiration(new Date(System.currentTimeMillis() + expiration * 1000))
+                .signWith(SignatureAlgorithm.HS512, secret).compact();
+    }
+
+    // 验证token
+    public Boolean validateToken(String token, UserDetails userDetails) {
+        final String username = getUsernameFromToken(token);
+        return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));
+    }
+}

biji-houdaun/src/main/resources/application.yml

@@ -29,3 +29,10 @@ mybatis-plus:
   mapper-locations: classpath:mapper/*.xml
   configuration:
     map-underscore-to-camel-case: true
+
+# JWT 配置
+jwt:
+  secret: mysecretkeymysecretkeymysecretkeymysecretkeymysecretkey # 至少256位的密钥
+  expiration: 86400 # token有效期，单位秒，这里是24小时
+  header: Authorization # JWT存储的请求头
+  tokenHead: "Bearer " # JWT负载中拿到开头