init: rebuild myplayer-backend

src/main/java/xin/merlin/myplayerbackend/MyplayerBackendApplication.java

@@ -0,0 +1,13 @@
+package xin.merlin.myplayerbackend;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class MyplayerBackendApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(MyplayerBackendApplication.class, args);
+    }
+
+}

src/main/java/xin/merlin/myplayerbackend/config/MyBatisPlusConfig.java

@@ -0,0 +1,18 @@
+package xin.merlin.myplayerbackend.config;
+
+import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor;
+import com.baomidou.mybatisplus.extension.plugins.inner.PaginationInnerInterceptor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class MyBatisPlusConfig {
+
+    @Bean
+    public MybatisPlusInterceptor mybatisPlusInterceptor() {
+        MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
+        interceptor.addInnerInterceptor(new PaginationInnerInterceptor());
+        return interceptor;
+    }
+}
+

src/main/java/xin/merlin/myplayerbackend/config/security/JWTAuthenticationFilter.java

@@ -0,0 +1,68 @@
+package xin.merlin.myplayerbackend.config.security;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+import xin.merlin.myplayerbackend.utils.JwtUtil;
+
+
+import java.io.IOException;
+import java.util.Collections;
+
+@Component
+@RequiredArgsConstructor
+public class JWTAuthenticationFilter extends OncePerRequestFilter {
+
+    private final JwtUtil jwtUtil;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request,
+                                    HttpServletResponse response,
+                                    FilterChain filterChain)
+            throws ServletException, IOException {
+
+        String authHeader = request.getHeader("Authorization");
+
+        if (authHeader != null && authHeader.startsWith("Bearer ")) {
+            String token = authHeader.substring(7).trim();
+
+            try {
+                if (!jwtUtil.isTokenExpired(token)) {
+                    System.out.println(token);
+                    String username = jwtUtil.getUAccount(token);
+
+                    if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+                        UsernamePasswordAuthenticationToken authenticationToken =
+                                new UsernamePasswordAuthenticationToken(username, null, Collections.emptyList());
+                        authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                        SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+                    }
+                }
+            } catch (JwtUtil.TokenExpiredException e) {
+                // Token 过期，返回 401
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                response.getWriter().write("Token 已过期，请重新登录");
+                return;
+            } catch (JwtUtil.InvalidTokenException e) {
+                // Token 非法，返回 401
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                response.getWriter().write("无效的 Token，请重新登录");
+                return;
+            } catch (Exception e) {
+                // 其他异常
+                response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+                response.getWriter().write("服务器内部错误");
+                return;
+            }
+        }
+
+        filterChain.doFilter(request, response);
+    }
+}

src/main/java/xin/merlin/myplayerbackend/config/security/JwtProperties.java

@@ -0,0 +1,15 @@
+package xin.merlin.myplayerbackend.config.security;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@Data
+@Configuration
+@ConfigurationProperties(prefix = "jwt")
+public class JwtProperties {
+    private String secret;
+    private String issuer;
+    private String subject;
+    private long expire; // 秒
+}

src/main/java/xin/merlin/myplayerbackend/config/security/PasswordConfig.java

@@ -0,0 +1,17 @@
+package xin.merlin.myplayerbackend.config.security;
+
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class PasswordConfig {
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+}

src/main/java/xin/merlin/myplayerbackend/config/security/SecurityConfig.java

@@ -0,0 +1,60 @@
+package xin.merlin.myplayerbackend.config.security;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+
+@Configuration
+@EnableWebSecurity
+@RequiredArgsConstructor
+public class SecurityConfig {
+
+    private final JWTAuthenticationFilter jwtAuthenticationFilter;
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+                .csrf(AbstractHttpConfigurer::disable)
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests(authz -> authz
+                        .requestMatchers(
+                                "/login",
+                                "/register",
+                                "/health",
+                                "/code/**",
+                                "/blog/**"
+                        ).permitAll()
+                        .anyRequest().authenticated()
+                )
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
+        return http.build();
+    }
+
+    // 新增：全局CORS配置
+    @Bean
+    public WebMvcConfigurer corsConfigurer() {
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings(CorsRegistry registry) {
+                registry.addMapping("/**")
+                        .allowedOriginPatterns("*") // 开发阶段允许所有来源
+                        .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+                        .allowedHeaders("*")
+                        .exposedHeaders("Authorization")
+                        .allowCredentials(true)
+                        .maxAge(3600L);
+            }
+        };
+    }
+}

src/main/java/xin/merlin/myplayerbackend/utils/JwtUtil.java

@@ -0,0 +1,110 @@
+package xin.merlin.myplayerbackend.utils;
+
+import io.jsonwebtoken.*;
+import io.jsonwebtoken.security.Keys;
+import jakarta.annotation.PostConstruct;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+import xin.merlin.myplayerbackend.config.security.JwtProperties;
+
+
+import javax.crypto.SecretKey;
+import java.nio.charset.StandardCharsets;
+import java.util.Date;
+import java.util.UUID;
+
+@Component
+@RequiredArgsConstructor
+public class JwtUtil {
+
+    private final JwtProperties jwtProperties;
+
+    private SecretKey key;
+    private JwtParser jwtParser;
+
+    @PostConstruct
+    public void init() {
+        try {
+            // 从配置文件密钥生成 SecretKey
+            this.key = Keys.hmacShaKeyFor(jwtProperties.getSecret().getBytes(StandardCharsets.UTF_8));
+            this.jwtParser = Jwts.parser()
+                    .verifyWith(key)
+                    .build();
+        } catch (Exception e) {
+            throw new RuntimeException("JWT 密钥初始化失败，请检查配置文件 jwt.secret", e);
+        }
+    }
+
+    /**
+     * 生成 JWT Token
+     */
+    public String generateToken(String uAccount, Integer uId) {
+        Date now = new Date();
+        Date expireDate = new Date(now.getTime() + jwtProperties.getExpire() * 1000L);
+
+        return Jwts.builder()
+                .subject(uAccount)
+                .claim("id", uId)
+                .claim("account", uAccount)
+                .id(UUID.randomUUID().toString())
+                .issuedAt(now)
+                .expiration(expireDate)
+                .issuer(jwtProperties.getIssuer())
+                .signWith(key, Jwts.SIG.HS256) // JJWT 0.12.6推荐的写法
+                .compact();
+    }
+
+    /**
+     * 解析 Token 获取 Claims
+     */
+    public Claims getClaims(String token) {
+        try {
+            Jws<Claims> jws = jwtParser.parseSignedClaims(token);
+            System.out.println(jws.getPayload());
+            return jws.getPayload();
+        } catch (ExpiredJwtException e) {
+            throw new TokenExpiredException("Token 已过期", e);
+        } catch (JwtException e) {
+            throw new InvalidTokenException("无效的 Token", e);
+        } catch (Exception e) {
+            throw new InvalidTokenException("解析 Token 失败", e);
+        }
+    }
+
+    /**
+     * 判断 Token 是否过期
+     */
+    public boolean isTokenExpired(String token) {
+        Claims claims = getClaims(token);
+        return claims.getExpiration().before(new Date());
+    }
+
+    /**
+     * 获取账号
+     */
+    public String getUAccount(String token) {
+        Claims claims = getClaims(token);
+        return claims.getSubject();
+    }
+
+    /**
+     * 获取用户ID
+     */
+    public String getUId(String token) {
+        Claims claims = getClaims(token);
+        return claims.get("id", String.class);
+    }
+
+    // 自定义异常类
+    public static class TokenExpiredException extends RuntimeException {
+        public TokenExpiredException(String message, Throwable cause) {
+            super(message, cause);
+        }
+    }
+
+    public static class InvalidTokenException extends RuntimeException {
+        public InvalidTokenException(String message, Throwable cause) {
+            super(message, cause);
+        }
+    }
+}

src/main/java/xin/merlin/myplayerbackend/utils/result/Response.java

@@ -0,0 +1,33 @@
+package xin.merlin.myplayerbackend.utils.result;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.time.LocalDateTime;
+
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+public class Response<T> {
+    private int code;
+    private String message;
+    private T data;
+
+    // 请求成功
+    public static <T> Response<T> success(ResultCode code , T data){
+        System.out.println( LocalDateTime.now()+" success : \n"+code);
+        return new Response<T>(code.getCode(), code.getMessage(), data);
+    }
+    public static <T> Response<T> success(ResultCode code){
+        System.out.println( LocalDateTime.now()+" success : \n"+code);
+        return new Response<T>(code.getCode(), code.getMessage(),null);
+    }
+
+    // 请求失败
+    public static <T> Response<T> fail(ResultCode code){
+        System.out.println( LocalDateTime.now()+" fail : \n"+code);
+        return new Response<T>(code.getCode(),code.getMessage(), null);
+    }
+
+}

src/main/java/xin/merlin/myplayerbackend/utils/result/ResultCode.java

@@ -0,0 +1,37 @@
+package xin.merlin.myplayerbackend.utils.result;
+
+import lombok.Getter;
+
+/**
+ * 通用状态码枚举类
+ */
+@Getter
+public enum ResultCode {
+
+    SUCCESS(200, "成功"),
+    BAD_REQUEST(400, "请求参数错误"),
+    UNAUTHORIZED(401, "未认证或登录已过期"),
+    FORBIDDEN(403, "无权限访问"),
+    NOT_FOUND(404, "资源不存在"),
+    SERVER_ERROR(500, "服务器内部错误"),
+
+    // 自定义业务错误码
+    USER_BANNED(1000,"用户被封禁"),
+    USER_NOT_FOUND(1001, "用户不存在"),
+    USER_EXIST(1003,"用户已存在"),
+    USER_PASSWORD_ERROR(1004,"用户密码错误"),
+    USER_VERIFICATION_ERROR(1005,"验证码不存在或错误"),
+    USER_SEND_TOO_FAST(1006,"用户请求过快"),
+    USER_SEND_TOO_OFTEN(1007,"请求次数过多，已被限制"),
+    ORDER_NOT_FOUND(2000, "订单不存在");
+
+
+
+    private final int code;
+    private final String message;
+
+    ResultCode(int code, String message) {
+        this.code = code;
+        this.message = message;
+    }
+}

src/test/java/xin/merlin/myplayerbackend/MyplayerBackendApplicationTests.java

@@ -0,0 +1,13 @@
+package xin.merlin.myplayerbackend;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class MyplayerBackendApplicationTests {
+
+    @Test
+    void contextLoads() {
+    }
+
+}