375ccb89ff
fix(security): 修复重放攻击拦截器的时间戳验证漏洞 refactor(security): 重构验证码工具类使用线程安全实现 perf(login): 优化登录锁定工具类性能并添加定期清理 fix(editor): 修复笔记编辑器空指针问题 style: 清理数据库索引脚本中的冗余注释 fix(api): 修复前端API调用参数编码问题 feat(image): 实现图片名称同步服务 refactor(markdown): 重构Markdown服务分离图片名称同步逻辑 fix(xss): 添加HTML转义函数防止XSS攻击 fix(user): 修复用户服务权限加载问题 fix(rate-limit): 修复速率限制拦截器并发问题 fix(axios): 生产环境隐藏详细错误信息 fix(image): 修复图片上传和删除的权限验证 refactor(captcha): 重构验证码工具类使用并发安全实现 fix(jwt): 修复JWT过滤器空指针问题 fix(export): 修复笔记导出XSS漏洞 fix(search): 修复Markdown搜索SQL注入问题 fix(interceptor): 修复重放攻击拦截器逻辑错误 fix(controller): 修复用户控制器空指针问题 fix(security): 修复nonce生成使用密码学安全方法
145 lines
5.8 KiB
Java
145 lines
5.8 KiB
Java
package com.test.bijihoudaun.controller;
|
|
|
|
import com.test.bijihoudaun.annotation.RequireCaptcha;
|
|
import com.test.bijihoudaun.bo.UpdatePasswordBo;
|
|
import cn.hutool.core.util.ObjectUtil;
|
|
import com.test.bijihoudaun.common.response.R;
|
|
import com.test.bijihoudaun.entity.User;
|
|
import com.test.bijihoudaun.entity.UserVO;
|
|
import com.test.bijihoudaun.service.RegistrationCodeService;
|
|
import com.test.bijihoudaun.service.SystemSettingService;
|
|
import com.test.bijihoudaun.service.UserService;
|
|
import io.swagger.v3.oas.annotations.Operation;
|
|
import io.swagger.v3.oas.annotations.Parameter;
|
|
import io.swagger.v3.oas.annotations.Parameters;
|
|
import io.swagger.v3.oas.annotations.tags.Tag;
|
|
import org.springframework.beans.BeanUtils;
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.security.core.context.SecurityContextHolder;
|
|
import org.springframework.security.authentication.BadCredentialsException;
|
|
import org.springframework.security.core.userdetails.UserDetails;
|
|
import org.springframework.web.bind.annotation.*;
|
|
|
|
import java.util.HashMap;
|
|
import java.util.Map;
|
|
|
|
@Tag(name = "用户接口")
|
|
@RestController
|
|
@RequestMapping("/api/user")
|
|
public class UserController {
|
|
@Autowired
|
|
private UserService userService;
|
|
|
|
@Autowired
|
|
private SystemSettingService systemSettingService;
|
|
|
|
@Autowired
|
|
private RegistrationCodeService registrationCodeService;
|
|
|
|
@Operation(summary = "用户注册")
|
|
@Parameters({
|
|
@Parameter(name = "username", description = "用户名",required = true),
|
|
@Parameter(name = "password", description = "密码",required = true),
|
|
@Parameter(name = "email", description = "邮箱",required = true),
|
|
@Parameter(name = "registrationCode", description = "注册码", required = true)
|
|
})
|
|
@PostMapping("/register")
|
|
public R<UserVO> register(String username, String password, String email, String registrationCode){
|
|
if (!systemSettingService.isRegistrationEnabled()) {
|
|
return R.fail("注册功能已关闭");
|
|
}
|
|
if (!registrationCodeService.validateCode(registrationCode)) {
|
|
return R.fail("无效或已过期的注册码");
|
|
}
|
|
User user = userService.register(username, password, email);
|
|
// 修复:添加空值检查
|
|
if (user == null) {
|
|
return R.fail("注册失败,请稍后重试");
|
|
}
|
|
UserVO userVO = new UserVO();
|
|
BeanUtils.copyProperties(user, userVO);
|
|
userVO.setId(String.valueOf(user.getId()));
|
|
return R.success(userVO);
|
|
}
|
|
|
|
@Operation(summary = "用户登录")
|
|
@Parameters({
|
|
@Parameter(name = "username", description = "用户名",required = true),
|
|
@Parameter(name = "password", description = "密码",required = true)
|
|
})
|
|
@PostMapping("/login")
|
|
public R<Map<String, Object>> login(String username, String password){
|
|
try {
|
|
String token = userService.login(username, password);
|
|
User user = userService.getOne(new com.baomidou.mybatisplus.core.conditions.query.QueryWrapper<User>().eq("username", username));
|
|
|
|
// 修复:添加空值检查
|
|
if (user == null) {
|
|
return R.fail("用户不存在");
|
|
}
|
|
|
|
Map<String, Object> result = new HashMap<>();
|
|
result.put("token", token);
|
|
|
|
Map<String, Object> userInfo = new HashMap<>();
|
|
userInfo.put("id", String.valueOf(user.getId()));
|
|
userInfo.put("username", user.getUsername());
|
|
userInfo.put("email", user.getEmail());
|
|
result.put("userInfo", userInfo);
|
|
|
|
return R.success(result);
|
|
} catch (BadCredentialsException e) {
|
|
return R.fail("用户名或密码错误");
|
|
}
|
|
}
|
|
|
|
@Operation(summary = "删除当前登录的用户")
|
|
@RequireCaptcha("删除账号")
|
|
@DeleteMapping("/deleteUser")
|
|
public R<String> deleteUser(){
|
|
// 修复:添加类型检查
|
|
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
|
|
if (!(principal instanceof UserDetails)) {
|
|
return R.fail("无法获取用户信息");
|
|
}
|
|
UserDetails userDetails = (UserDetails) principal;
|
|
String username = userDetails.getUsername();
|
|
User user = userService.getOne(new com.baomidou.mybatisplus.core.conditions.query.QueryWrapper<User>().eq("username", username));
|
|
|
|
if (ObjectUtil.isNull(user)) {
|
|
return R.fail("无法获取用户信息,删除失败");
|
|
}
|
|
|
|
userService.deleteUser(user.getId().intValue());
|
|
return R.success("用户删除成功");
|
|
}
|
|
|
|
@Operation(summary = "验证Token有效性")
|
|
@PostMapping("/validate-token")
|
|
public R<String> validateToken() {
|
|
return R.success("Token is valid");
|
|
}
|
|
|
|
@Operation(summary = "更新用户密码")
|
|
@RequireCaptcha("修改密码")
|
|
@PutMapping("/password")
|
|
public R<String> updatePassword(@RequestBody UpdatePasswordBo updatePasswordBo) {
|
|
// 修复:添加类型检查
|
|
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
|
|
if (!(principal instanceof UserDetails)) {
|
|
return R.fail("无法获取用户信息");
|
|
}
|
|
UserDetails userDetails = (UserDetails) principal;
|
|
String username = userDetails.getUsername();
|
|
User user = userService.getOne(new com.baomidou.mybatisplus.core.conditions.query.QueryWrapper<User>().eq("username", username));
|
|
|
|
// 修复:添加空值检查
|
|
if (ObjectUtil.isNull(user)) {
|
|
return R.fail("用户不存在");
|
|
}
|
|
|
|
userService.updatePassword(user.getId(), updatePasswordBo);
|
|
return R.success("密码更新成功");
|
|
}
|
|
}
|