refactor: 手机短信验证码认证代码优化和注释调整。

2025-01-13 23:41:33 +08:00
parent 91c1b29f02
commit 025a70b0cd
6 changed files with 22 additions and 20 deletions
--- a/src/main/java/com/youlai/boot/config/SecurityConfig.java
+++ b/src/main/java/com/youlai/boot/config/SecurityConfig.java
@@ -34,7 +34,7 @@ import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

 /**
- * Spring Security 安全配置
+ * Spring Security 配置类
 *
 * @author Ray.Hao
 * @since 2023/2/17
@@ -82,7 +82,7 @@ public class SecurityConfig {

                // 禁用默认的 Spring Security 特性，适用于前后端分离架构
                .sessionManagement(configurer ->
-                                configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 无状态认证，不使用 Session
+                        configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 无状态认证，不使用 Session
                )
                .csrf(AbstractHttpConfigurer::disable)      // 禁用 CSRF 防护，前后端分离无需此防护机制
                .formLogin(AbstractHttpConfigurer::disable) // 禁用默认的表单登录功能，前后端分离采用 Token 认证方式
@@ -132,21 +132,28 @@ public class SecurityConfig {
        return new WechatAuthenticationProvider(userService, wxMaService);
    }

+
+    /**
+     * 短信验证码认证 Provider
+     */
+    @Bean
    public SmsAuthenticationProvider smsAuthenticationProvider() {
        return new SmsAuthenticationProvider(userService, redisTemplate);
    }

    /**
-     * 手动注入 AuthenticationManager，支持多种认证方式
-     * - DaoAuthenticationProvider：用户名密码认证
-     * - WeChatAuthenticationProvider：微信认证
+     * 认证管理器
     */
    @Bean
-    public AuthenticationManager authenticationManager() {
+    public AuthenticationManager authenticationManager(
+            DaoAuthenticationProvider daoAuthenticationProvider,
+            WechatAuthenticationProvider weChatAuthenticationProvider,
+            SmsAuthenticationProvider smsAuthenticationProvider
+    ) {
        return new ProviderManager(
-                daoAuthenticationProvider(),
-                weChatAuthenticationProvider(),
-                smsAuthenticationProvider()
+                daoAuthenticationProvider,
+                weChatAuthenticationProvider,
+                smsAuthenticationProvider
        );
    }
 }
--- a/src/main/java/com/youlai/boot/core/security/extension/sms/SmsAuthenticationProvider.java
+++ b/src/main/java/com/youlai/boot/core/security/extension/sms/SmsAuthenticationProvider.java
@@ -73,7 +73,7 @@ public class SmsAuthenticationProvider implements AuthenticationProvider {
        // 构建认证后的用户详情信息
        SysUserDetails userDetails = new SysUserDetails(userAuthInfo);

-        // 创建已认证的 WeChatAuthenticationToken
+        // 创建已认证的 SmsAuthenticationToken
        return SmsAuthenticationToken.authenticated(
                userDetails,
                userDetails.getAuthorities()
--- a/src/main/java/com/youlai/boot/core/security/extension/sms/SmsAuthenticationToken.java
+++ b/src/main/java/com/youlai/boot/core/security/extension/sms/SmsAuthenticationToken.java
@@ -60,7 +60,7 @@ public class SmsAuthenticationToken extends AbstractAuthenticationToken {
     *
     * @param principal   用户信息
     * @param authorities 授权信息
-     * @return
+     * @return SmsAuthenticationToken
     */
    public static SmsAuthenticationToken authenticated(Object principal, Collection<? extends GrantedAuthority> authorities) {
        return new SmsAuthenticationToken(principal, authorities);
--- a/src/main/java/com/youlai/boot/shared/auth/controller/AuthController.java
+++ b/src/main/java/com/youlai/boot/shared/auth/controller/AuthController.java
@@ -75,7 +75,7 @@ public class AuthController {

    @Operation(summary = "发送登录短信验证码")
    @PostMapping("/login/sms/code")
-    public Result<?> sendLoginVerifyCode(
+    public Result<Void> sendLoginVerifyCode(
            @Parameter(description = "手机号", example = "18812345678") @RequestParam String mobile
    ) {
        authService.sendSmsLoginCode(mobile);
@@ -87,7 +87,7 @@ public class AuthController {
    @Log(value = "短信验证码登录", module = LogModuleEnum.LOGIN)
    public Result<AuthenticationToken> loginBySms(
            @Parameter(description = "手机号", example = "18812345678") @RequestParam String mobile,
-            @Parameter(description = "验证码", example = "123456") @RequestParam String code
+            @Parameter(description = "验证码", example = "1234") @RequestParam String code
    ) {
        AuthenticationToken loginResult = authService.loginBySms(mobile, code);
        return Result.success(loginResult);
--- a/src/main/java/com/youlai/boot/shared/auth/service/impl/AuthServiceImpl.java
+++ b/src/main/java/com/youlai/boot/shared/auth/service/impl/AuthServiceImpl.java
@@ -53,7 +53,6 @@ public class AuthServiceImpl implements AuthService {
    private final CodeGenerator codeGenerator;

    private final SmsService smsService;
-
    private final RedisTemplate<String, Object> redisTemplate;

    /**
@@ -101,7 +100,7 @@ public class AuthServiceImpl implements AuthService {
    }

    /**
-     * 发送短信验证码
+     * 发送登录短信验证码
     *
     * @param mobile 手机号
     */
@@ -134,7 +133,7 @@ public class AuthServiceImpl implements AuthService {
     */
    @Override
    public AuthenticationToken loginBySms(String mobile, String code) {
-        // 1. 创建用户微信认证的令牌（未认证）
+        // 1. 创建用户短信验证码认证的令牌（未认证）
        SmsAuthenticationToken smsAuthenticationToken = new SmsAuthenticationToken(mobile, code);

        // 2. 执行认证（认证中）
--- a/src/main/resources/mapper/system/UserMapper.xml
+++ b/src/main/resources/mapper/system/UserMapper.xml
@@ -165,7 +165,6 @@
            t1.id userId,
            t1.username,
            t1.nickname,
-            t1.PASSWORD,
            t1.STATUS,
            t1.dept_id ,
            t3.CODE
@@ -232,7 +231,4 @@
            u.id = #{userId} AND u.is_deleted = 0
    </select>

-
-
-
 </mapper>