diff --git a/tacit-admin/src/main/java/com/tacit/admin/controller/AuthController.java b/tacit-admin/src/main/java/com/tacit/admin/controller/AuthController.java new file mode 100644 index 0000000..ff6e913 --- /dev/null +++ b/tacit-admin/src/main/java/com/tacit/admin/controller/AuthController.java @@ -0,0 +1,34 @@ +package com.tacit.admin.controller; + +import com.tacit.admin.entity.dto.LoginRequest; +import com.tacit.admin.entity.dto.LoginResponse; +import com.tacit.admin.entity.dto.RegisterRequest; +import com.tacit.admin.service.UserService; +import com.tacit.common.entity.ResponseResult; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.tags.Tag; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.web.bind.annotation.*; + +@RestController +@RequestMapping("/auth") +@Tag(name = "认证管理", description = "登录注册相关接口") +public class AuthController { + + @Autowired + private UserService userService; + + @Operation(summary = "用户登录", description = "用户登录获取JWT令牌") + @PostMapping("/login") + public ResponseResult login(@RequestBody LoginRequest loginRequest) { + LoginResponse loginResponse = userService.login(loginRequest); + return ResponseResult.success(loginResponse); + } + + @Operation(summary = "用户注册", description = "注册新用户") + @PostMapping("/register") + public ResponseResult register(@RequestBody RegisterRequest registerRequest) { + userService.register(registerRequest); + return ResponseResult.success(); + } +} diff --git a/tacit-admin/src/main/java/com/tacit/admin/entity/dto/RegisterRequest.java b/tacit-admin/src/main/java/com/tacit/admin/entity/dto/RegisterRequest.java new file mode 100644 index 0000000..895adbd --- /dev/null +++ b/tacit-admin/src/main/java/com/tacit/admin/entity/dto/RegisterRequest.java @@ -0,0 +1,20 @@ +package com.tacit.admin.entity.dto; + +import lombok.Data; + +import java.io.Serializable; + +@Data +public class RegisterRequest implements Serializable { + private static final long serialVersionUID = 1L; + + private String username; + + private String password; + + private String nickname; + + private String email; + + private String phone; +} diff --git a/tacit-gateway/src/main/java/com/tacit/gateway/config/SecurityConfig.java b/tacit-gateway/src/main/java/com/tacit/gateway/config/SecurityConfig.java new file mode 100644 index 0000000..0a41566 --- /dev/null +++ b/tacit-gateway/src/main/java/com/tacit/gateway/config/SecurityConfig.java @@ -0,0 +1,31 @@ +package com.tacit.gateway.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; +import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec; +import org.springframework.security.web.server.SecurityWebFilterChain; + +/** + * Spring Cloud Gateway 响应式 Security 配置 + * 禁用 CSRF 保护,因为 Gateway 通常作为 API 网关,使用 JWT 等无状态认证 + */ +@Configuration +@EnableWebFluxSecurity +public class SecurityConfig { + + @Bean + public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) { + return http + // 禁用 CSRF 保护 + .csrf(CsrfSpec::disable) + // 允许所有请求通过(认证由 JwtAuthenticationFilter 处理) + .authorizeExchange(exchanges -> exchanges + .anyExchange().permitAll() + ) + .build(); + } +} + +