feat(auth): 完善API网关JWT认证和权限控制功能

- 实现网关侧JWT工具类和权限规则匹配器 - 集成JWT认证流程，支持Bearer Token验证 - 添加基于路径和HTTP方法的权限控制机制 - 配置白名单路由规则，优化认证性能 - 更新前端受保护路由组件，实现权限验证 - 添加403禁止访问页面和权限检查逻辑 - 重构登录页面，集成实际认证API调用 - 实现用户信息获取和权限加载功能 - 优化全局异常处理器中的认证错误状态码 - 集成FastJSON2和JJWT依赖库支持
2026-02-06 13:11:08 +08:00
parent 719f54bf2e
commit 056cee11cc
33 changed files with 1462 additions and 89 deletions
--- a/backend/shared/security-common/src/main/java/com/datamate/common/security/JwtUtils.java
+++ b/backend/shared/security-common/src/main/java/com/datamate/common/security/JwtUtils.java
@@ -3,9 +3,13 @@ package com.datamate.common.security;
 import io.jsonwebtoken.*;
 import io.jsonwebtoken.security.Keys;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.util.StringUtils;
 import org.springframework.stereotype.Component;

 import javax.crypto.SecretKey;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -15,15 +19,23 @@ import java.util.Map;
 */
@Component
 public class JwtUtils {
+    private static final String DEFAULT_SECRET = "datamate-secret-key-for-jwt-token-generation";

-    @Value("${jwt.secret:datamate-secret-key-for-jwt-token-generation}")
+    @Value("${jwt.secret:" + DEFAULT_SECRET + "}")
    private String secret;

    @Value("${jwt.expiration:86400}") // 24小时
    private Long expiration;

    private SecretKey getSigningKey() {
-        return Keys.hmacShaKeyFor(secret.getBytes());
+        String secretValue = StringUtils.hasText(secret) ? secret : DEFAULT_SECRET;
+        try {
+            MessageDigest digest = MessageDigest.getInstance("SHA-512");
+            byte[] keyBytes = digest.digest(secretValue.getBytes(StandardCharsets.UTF_8));
+            return Keys.hmacShaKeyFor(keyBytes);
+        } catch (NoSuchAlgorithmException e) {
+            throw new IllegalStateException("Cannot initialize JWT signing key", e);
+        }
    }

    /**
@@ -84,7 +96,18 @@ public class JwtUtils {
    public Boolean validateToken(String token, String username) {
        try {
            String tokenUsername = getUsernameFromToken(token);
-            return (username.equals(tokenUsername) && !isTokenExpired(token));
+            return (username.equals(tokenUsername) && validateToken(token));
+        } catch (JwtException | IllegalArgumentException e) {
+            return false;
+        }
+    }
+
+    /**
+     * 仅校验令牌格式与有效期
+     */
+    public Boolean validateToken(String token) {
+        try {
+            return !isTokenExpired(token);
        } catch (JwtException | IllegalArgumentException e) {
            return false;
        }