feat(security): 添加 Token 验证功能

- 在 CommonApi.js 中添加 validateToken 函数，用于验证 Token 有效性 - 在 HomePage.vue 中集成 Token 验证功能，导出前验证登录状态- 在 UserController.java 中添加 validateToken 接口，用于后端验证 Token
2025-07-31 19:39:59 +08:00
parent 16998c5144
commit cd43768baf
3 changed files with 21 additions and 3 deletions
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/UserController.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/UserController.java
@@ -11,6 +11,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;

 import java.util.HashMap;
@@ -57,6 +58,10 @@ public class UserController {
        return R.success("删除成功");
    }

-
+    @Operation(summary = "验证Token有效性")
+    @PostMapping("/validate-token")
+    public R<String> validateToken() {
+        return R.success("Token is valid");
+    }

 }
--- a/biji-qianduan/src/api/CommonApi.js
+++ b/biji-qianduan/src/api/CommonApi.js
@@ -127,3 +127,6 @@ export const permanentlyDeleteItem = (id) => axiosApi.delete(`/api/trash/permane

 // 清空回收站
 export const cleanTrash = () => axiosApi.delete('/api/trash/clean');
+
+// 验证Token
+export const validateToken = () => axiosApi.post('/api/user/validate-token');
--- a/biji-qianduan/src/components/HomePage.vue
+++ b/biji-qianduan/src/components/HomePage.vue
@@ -50,7 +50,7 @@
              <el-button v-if="showEditor" type="primary" @click="showEditor = !showEditor; previewFile(editData)">返回</el-button>
              <el-button v-if="showEditor && userStore.isLoggedIn" type="success" @click="handleSave(vditor.getValue())">保存</el-button>
              <span v-if="showEditor" class="save-status">{{ saveStatus }}</span>
-              <el-dropdown v-if="!showEditor" @command="handleExport">
+              <el-dropdown v-if="!showEditor && userStore.isLoggedIn" @command="handleExport">
                <el-button type="success">
                  导出<el-icon class="el-icon--right"><arrow-down /></el-icon>
                </el-button>
@@ -225,7 +225,8 @@ import {
  updateGroupingName,
  updateMarkdownTitle,
  deleteGrouping as apiDeleteGrouping,
-  getRecentFiles
+  getRecentFiles,
+  validateToken
 } from '@/api/CommonApi.js'
 import { Plus, Fold, Expand, Folder, Document, Search, Edit, Delete, ArrowDown, Clock } from "@element-plus/icons-vue";
 import { useUserStore } from '../stores/user';
@@ -746,6 +747,15 @@ const sanitizeFilename = (name) => name.replace(/[<>:"/\\|?*]/g, '_').trim() ||
 const handleExport = async (format) => {
  if (!selectedFile.value || showExportLoading.value) return;

+  try {
+    await validateToken();
+  } catch (error) {
+    ElMessage.error('登录已过期，请重新登录');
+    userStore.logout();
+    router.push('/login');
+    return;
+  }
+
  const title = sanitizeFilename(selectedFile.value.title);
  const content = selectedFile.value.content;
  const previewElement = document.querySelector('.markdown-preview');