refactor: 发送验证码代码重构优化；扩展Spring Security 支持短信验证码；

src/main/java/com/youlai/boot/shared/auth/controller/AuthController.java

@@ -2,10 +2,9 @@ package com.youlai.boot.shared.auth.controller;
 
 import com.youlai.boot.common.enums.LogModuleEnum;
 import com.youlai.boot.common.result.Result;
-import com.youlai.boot.shared.auth.model.RefreshTokenRequest;
 import com.youlai.boot.shared.auth.service.AuthService;
-import com.youlai.boot.shared.auth.model.CaptchaResponse;
-import com.youlai.boot.core.security.model.AuthToken;
+import com.youlai.boot.shared.auth.model.CaptchaInfo;
+import com.youlai.boot.core.security.model.AuthenticationToken;
 import com.youlai.boot.common.annotation.Log;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
@@ -29,18 +28,25 @@ public class AuthController {
 
     private final AuthService authService;
 
-    @Operation(summary = "登录")
+    @Operation(summary = "获取登录验证码")
+    @GetMapping("/captcha")
+    public Result<CaptchaInfo> getCaptcha() {
+        CaptchaInfo captcha = authService.getCaptcha();
+        return Result.success(captcha);
+    }
+
+    @Operation(summary = "账号密码登录")
     @PostMapping("/login")
     @Log(value = "登录", module = LogModuleEnum.LOGIN)
-    public Result<AuthToken> login(
+    public Result<AuthenticationToken> login(
             @Parameter(description = "用户名", example = "admin") @RequestParam String username,
             @Parameter(description = "密码", example = "123456") @RequestParam String password
     ) {
-        AuthToken authToken = authService.login(username, password);
-        return Result.success(authToken);
+        AuthenticationToken authenticationToken = authService.login(username, password);
+        return Result.success(authenticationToken);
     }
 
-    @Operation(summary = "注销")
+    @Operation(summary = "注销登录")
     @DeleteMapping("/logout")
     @Log(value = "注销", module = LogModuleEnum.LOGIN)
     public Result<?> logout() {
@@ -48,48 +54,42 @@ public class AuthController {
         return Result.success();
     }
 
-    @Operation(summary = "获取验证码")
-    @GetMapping("/captcha")
-    public Result<CaptchaResponse> getCaptcha() {
-        CaptchaResponse captcha = authService.getCaptcha();
-        return Result.success(captcha);
-    }
-
-    @Operation(summary = "刷新token")
+    @Operation(summary = "刷新访问令牌")
     @PostMapping("/refresh-token")
-    public Result<?> refreshToken(@RequestBody RefreshTokenRequest request) {
-        AuthToken authToken = authService.refreshToken(request);
-        return Result.success(authToken);
+    public Result<?> refreshToken(
+            @Parameter(description = "刷新令牌", example = "xxx.xxx.xxx") @RequestParam String refreshToken
+    ) {
+        AuthenticationToken authenticationToken = authService.refreshToken(refreshToken);
+        return Result.success(authenticationToken);
     }
 
-    @Operation(summary = "微信登录")
-    @PostMapping("/wechat-login")
+    @Operation(summary = "微信授权登录")
+    @PostMapping("/login/wechat")
     @Log(value = "微信登录", module = LogModuleEnum.LOGIN)
-    public Result<AuthToken> wechatLogin(
+    public Result<AuthenticationToken> loginByWechat(
             @Parameter(description = "微信授权码", example = "code") @RequestParam String code
     ) {
-        AuthToken loginResult = authService.wechatLogin(code);
+        AuthenticationToken loginResult = authService.loginByWechat(code);
         return Result.success(loginResult);
     }
 
-
-    @Operation(summary = "短信验证码登录")
-    @PostMapping("/sms-login")
-    @Log(value = "短信验证码登录", module = LogModuleEnum.LOGIN)
-    public Result<AuthToken> smsLogin(
-            @Parameter(description = "手机号", example = "18888888888") @RequestParam String mobile,
-            @Parameter(description = "验证码", example = "123456") @RequestParam String code
-    ) {
-        AuthToken loginResult = authService.smsLogin(mobile, code);
-        return Result.success(loginResult);
-    }
-
-    @Operation(summary = "短信验证码登录发送短信")
-    @PostMapping("/sms-login/verify-code")
+    @Operation(summary = "发送登录短信验证码")
+    @PostMapping("/login/sms/code")
     public Result<?> sendLoginVerifyCode(
-            @Parameter(description = "手机号", example = "18888888888") @RequestParam String mobile
+            @Parameter(description = "手机号", example = "18812345678") @RequestParam String mobile
     ) {
-        authService.sendLoginVerifyCode(mobile);
+        authService.sendSmsLoginCode(mobile);
         return Result.success();
     }
+
+    @Operation(summary = "短信验证码登录")
+    @PostMapping("/login/sms")
+    @Log(value = "短信验证码登录", module = LogModuleEnum.LOGIN)
+    public Result<AuthenticationToken> loginBySms(
+            @Parameter(description = "手机号", example = "18812345678") @RequestParam String mobile,
+            @Parameter(description = "验证码", example = "123456") @RequestParam String code
+    ) {
+        AuthenticationToken loginResult = authService.loginBySms(mobile, code);
+        return Result.success(loginResult);
+    }
 }

src/main/java/com/youlai/boot/shared/auth/model/CaptchaInfo.java

@@ -5,17 +5,17 @@ import lombok.Builder;
 import lombok.Data;
 
 /**
- * 验证码响应对象
+ * 验证码信息
  *
- * @author Ray Hao
+ * @author Ray。Hao
  * @since 2023/03/24
  */
-@Schema(description = "验证码响应对象")
+@Schema(description = "验证码信息")
 @Data
 @Builder
-public class CaptchaResponse {
+public class CaptchaInfo {
 
-    @Schema(description = "验证码ID")
+    @Schema(description = "验证码缓存 Key")
     private String captchaKey;
 
     @Schema(description = "验证码图片Base64字符串")

src/main/java/com/youlai/boot/shared/auth/model/RefreshTokenRequest.java

@@ -1,21 +0,0 @@
-package com.youlai.boot.shared.auth.model;
-
-import io.swagger.v3.oas.annotations.media.Schema;
-import jakarta.validation.constraints.NotBlank;
-import lombok.Data;
-
-/**
- * 刷新令牌请求参数
- *
- * @author haoxr
- * @since 2024/11/11
- */
-@Schema(description = "刷新令牌请求参数")
-@Data
-public class RefreshTokenRequest {
-
-    @Schema(description = "刷新令牌")
-    @NotBlank(message = "刷新令牌不能为空")
-    private String refreshToken;
-
-}

src/main/java/com/youlai/boot/shared/auth/service/AuthService.java

@@ -1,13 +1,12 @@
 package com.youlai.boot.shared.auth.service;
 
-import com.youlai.boot.shared.auth.model.CaptchaResponse;
-import com.youlai.boot.core.security.model.AuthToken;
-import com.youlai.boot.shared.auth.model.RefreshTokenRequest;
+import com.youlai.boot.shared.auth.model.CaptchaInfo;
+import com.youlai.boot.core.security.model.AuthenticationToken;
 
 /**
  * 认证服务接口
  *
- * @author haoxr
+ * @author Ray.Hao
  * @since 2.4.0
  */
 public interface AuthService {
@@ -19,7 +18,7 @@ public interface AuthService {
      * @param password 密码
      * @return 登录结果
      */
-    AuthToken login(String username, String password);
+    AuthenticationToken login(String username, String password);
 
     /**
      * 登出
@@ -31,15 +30,15 @@ public interface AuthService {
      *
      * @return 验证码
      */
-    CaptchaResponse getCaptcha();
+    CaptchaInfo getCaptcha();
 
     /**
      * 刷新令牌
      *
-     * @param request 刷新令牌请求参数
+     * @param refreshToken 刷新令牌
      * @return 登录结果
      */
-    AuthToken refreshToken(RefreshTokenRequest request);
+    AuthenticationToken refreshToken(String refreshToken);
 
     /**
      * 微信小程序登录
@@ -47,12 +46,21 @@ public interface AuthService {
      * @param code 微信登录code
      * @return 登录结果
      */
-    AuthToken wechatLogin(String code);
+    AuthenticationToken loginByWechat(String code);
 
     /**
      * 发送短信验证码
      *
      * @param mobile 手机号
      */
-    void sendLoginVerifyCode(String mobile);
+    void sendSmsLoginCode(String mobile);
+
+    /**
+     * 短信验证码登录
+     *
+     * @param mobile 手机号
+     * @param code   验证码
+     * @return 登录结果
+     */
+    AuthenticationToken loginBySms(String mobile, String code);
 }

src/main/java/com/youlai/boot/shared/auth/service/impl/AuthServiceImpl.java

@@ -5,16 +5,17 @@ import cn.hutool.captcha.CaptchaUtil;
 import cn.hutool.captcha.generator.CodeGenerator;
 import cn.hutool.core.util.IdUtil;
 import cn.hutool.core.util.StrUtil;
+import com.youlai.boot.common.constant.RedisConstants;
 import com.youlai.boot.common.constant.SecurityConstants;
 import com.youlai.boot.common.exception.BusinessException;
 import com.youlai.boot.common.result.ResultCode;
 import com.youlai.boot.config.property.CaptchaProperties;
-import com.youlai.boot.core.security.extension.WechatAuthenticationToken;
+import com.youlai.boot.core.security.extension.sms.SmsAuthenticationToken;
+import com.youlai.boot.core.security.extension.wechat.WechatAuthenticationToken;
 import com.youlai.boot.core.security.util.SecurityUtils;
 import com.youlai.boot.shared.auth.enums.CaptchaTypeEnum;
-import com.youlai.boot.core.security.model.AuthToken;
-import com.youlai.boot.shared.auth.model.CaptchaResponse;
-import com.youlai.boot.shared.auth.model.RefreshTokenRequest;
+import com.youlai.boot.core.security.model.AuthenticationToken;
+import com.youlai.boot.shared.auth.model.CaptchaInfo;
 import com.youlai.boot.shared.auth.service.AuthService;
 import com.youlai.boot.core.security.manager.TokenManager;
 import com.youlai.boot.shared.sms.enums.SmsTypeEnum;
@@ -29,12 +30,14 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 
 import java.awt.*;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
 /**
  * 认证服务实现类
  *
- * @author haoxr
+ * @author Ray.Hao
  * @since 2.4.0
  */
 @Service
@@ -43,14 +46,16 @@ import java.util.concurrent.TimeUnit;
 public class AuthServiceImpl implements AuthService {
 
     private final AuthenticationManager authenticationManager;
-    private final RedisTemplate<String, Object> redisTemplate;
-    private final CodeGenerator codeGenerator;
-    private final Font captchaFont;
-    private final CaptchaProperties captchaProperties;
     private final TokenManager tokenManager;
 
+    private final Font captchaFont;
+    private final CaptchaProperties captchaProperties;
+    private final CodeGenerator codeGenerator;
+
     private final SmsService smsService;
 
+    private final RedisTemplate<String, Object> redisTemplate;
+
     /**
      * 用户名密码登录
      *
@@ -59,7 +64,7 @@ public class AuthServiceImpl implements AuthService {
      * @return 访问令牌
      */
     @Override
-    public AuthToken login(String username, String password) {
+    public AuthenticationToken login(String username, String password) {
         // 1. 创建用于密码认证的令牌（未认证）
         UsernamePasswordAuthenticationToken authenticationToken =
                 new UsernamePasswordAuthenticationToken(username.trim(), password);
@@ -68,10 +73,10 @@ public class AuthServiceImpl implements AuthService {
         Authentication authentication = authenticationManager.authenticate(authenticationToken);
 
         // 3. 认证成功后生成 JWT 令牌，并存入 Security 上下文，供登录日志 AOP 使用（已认证）
-        AuthToken authTokenResponse =
+        AuthenticationToken authenticationTokenResponse =
                 tokenManager.generateToken(authentication);
         SecurityContextHolder.getContext().setAuthentication(authentication);
-        return authTokenResponse;
+        return authenticationTokenResponse;
     }
 
     /**
@@ -81,42 +86,69 @@ public class AuthServiceImpl implements AuthService {
      * @return 访问令牌
      */
     @Override
-    public AuthToken wechatLogin(String code) {
+    public AuthenticationToken loginByWechat(String code) {
         // 1. 创建用户微信认证的令牌（未认证）
-        WechatAuthenticationToken authenticationToken = new WechatAuthenticationToken(code);
+        WechatAuthenticationToken wechatAuthenticationToken = new WechatAuthenticationToken(code);
 
         // 2. 执行认证（认证中）
-        Authentication authentication = authenticationManager.authenticate(authenticationToken);
+        Authentication authentication = authenticationManager.authenticate(wechatAuthenticationToken);
 
         // 3. 认证成功后生成 JWT 令牌，并存入 Security 上下文，供登录日志 AOP 使用（已认证）
-        AuthToken authTokenResponse = tokenManager.generateToken(authentication);
+        AuthenticationToken authenticationToken = tokenManager.generateToken(authentication);
         SecurityContextHolder.getContext().setAuthentication(authentication);
 
-        return authTokenResponse;
+        return authenticationToken;
     }
 
-
     /**
      * 发送短信验证码
      *
      * @param mobile 手机号
      */
     @Override
-    public void sendLoginVerifyCode(String mobile) {
+    public void sendSmsLoginCode(String mobile) {
 
         // 随机生成4位验证码
-        String verifyCode = String.valueOf((int) ((Math.random() * 9 + 1) * 1000));
+        // String code = String.valueOf((int) ((Math.random() * 9 + 1) * 1000));
+        // TODO 为了方便测试，验证码固定为 1234，实际开发中在配置了厂商短信服务后，可以使用上面的随机验证码
+        String code = "1234";
+
         // 发送短信验证码
-        smsService.sendSms(mobile, SmsTypeEnum.LOGIN, verifyCode);
-
-
-
-
-
+        Map<String, String> templateParams = new HashMap<>();
+        templateParams.put("code", code);
+        try {
+            smsService.sendSms(mobile, SmsTypeEnum.LOGIN, templateParams);
+        } catch (Exception e) {
+            log.error("发送短信验证码失败", e);
+        }
+        // 缓存验证码至Redis，用于登录校验
+        redisTemplate.opsForValue().set(RedisConstants.SMS_LOGIN_CODE_PREFIX + mobile, code, 5, TimeUnit.MINUTES);
     }
 
     /**
-     * 注销
+     * 短信验证码登录
+     *
+     * @param mobile 手机号
+     * @param code   验证码
+     * @return 访问令牌
+     */
+    @Override
+    public AuthenticationToken loginBySms(String mobile, String code) {
+        // 1. 创建用户微信认证的令牌（未认证）
+        SmsAuthenticationToken smsAuthenticationToken = new SmsAuthenticationToken(mobile, code);
+
+        // 2. 执行认证（认证中）
+        Authentication authentication = authenticationManager.authenticate(smsAuthenticationToken);
+
+        // 3. 认证成功后生成 JWT 令牌，并存入 Security 上下文，供登录日志 AOP 使用（已认证）
+        AuthenticationToken authenticationToken = tokenManager.generateToken(authentication);
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+
+        return authenticationToken;
+    }
+
+    /**
+     * 注销登录
      */
     @Override
     public void logout() {
@@ -136,7 +168,7 @@ public class AuthServiceImpl implements AuthService {
      * @return 验证码
      */
     @Override
-    public CaptchaResponse getCaptcha() {
+    public CaptchaInfo getCaptcha() {
 
         String captchaType = captchaProperties.getType();
         int width = captchaProperties.getWidth();
@@ -168,30 +200,27 @@ public class AuthServiceImpl implements AuthService {
         redisTemplate.opsForValue().set(SecurityConstants.CAPTCHA_CODE_PREFIX + captchaKey, captchaCode,
                 captchaProperties.getExpireSeconds(), TimeUnit.SECONDS);
 
-        return CaptchaResponse.builder()
+        return CaptchaInfo.builder()
                 .captchaKey(captchaKey)
                 .captchaBase64(imageBase64Data)
                 .build();
     }
 
     /**
-     * 刷新令牌
+     * 刷新token
      *
-     * @param request 刷新令牌请求参数
+     * @param refreshToken 刷新令牌
      * @return 新的访问令牌
      */
     @Override
-    public AuthToken refreshToken(RefreshTokenRequest request) {
+    public AuthenticationToken refreshToken(String refreshToken) {
         // 验证刷新令牌
-
-        String refreshToken = request.getRefreshToken();
-
         boolean isValidate = tokenManager.validateToken(refreshToken);
 
         if (!isValidate) {
             throw new BusinessException(ResultCode.REFRESH_TOKEN_INVALID);
         }
-
+        // 刷新令牌有效，生成新的访问令牌
         return tokenManager.refreshToken(refreshToken);
     }
 

src/main/java/com/youlai/boot/shared/sms/enums/SmsTypeEnum.java

@@ -5,12 +5,29 @@ import lombok.Getter;
 
 /**
  * 短信类型枚举
+ * <p>
+ * value 值对应 application-*.yml 中的 sms.templates.* 配置
+ *
+ * @author Ray.Hao
+ * @since 2.21.0
  */
 @Getter
 public enum SmsTypeEnum implements IBaseEnum<String> {
+
+    /**
+     * 注册短信验证码
+     */
     REGISTER("register", "注册短信验证码"),
+
+    /**
+     * 登录短信验证码
+     */
     LOGIN("login", "登录短信验证码"),
-    RESET_PASSWORD("reset-password", "重置密码短信验证码");
+
+    /**
+     * 修改手机号短信验证码
+     */
+    CHANGE_MOBILE("change-mobile", "修改手机号短信验证码");
 
     private final String value;
     private final String label;

src/main/java/com/youlai/boot/shared/sms/service/SmsService.java

@@ -2,6 +2,8 @@ package com.youlai.boot.shared.sms.service;
 
 import com.youlai.boot.shared.sms.enums.SmsTypeEnum;
 
+import java.util.Map;
+
 /**
  * 短信服务接口层
  *
@@ -13,10 +15,10 @@ public interface SmsService {
     /**
      * 发送短信
      *
-     * @param mobile        手机号 13388886666
-     * @param smsType  短信模板 SMS_194640010
-     * @param templateParam 模板参数 "[{"code":"123456"}]"
+     * @param mobile         手机号 13388886666
+     * @param smsType        短信模板 SMS_194640010，模板内容：您的验证码为：${code}，请在5分钟内使用
+     * @param templateParams 模板参数 [{"code":"123456"}] ，用于替换短信模板中的变量
      * @return boolean 是否发送成功
      */
-    boolean sendSms(String mobile, SmsTypeEnum smsType, String templateParam);
+    boolean sendSms(String mobile, SmsTypeEnum smsType, Map<String, String> templateParams);
 }

src/main/java/com/youlai/boot/shared/sms/service/impl/AliyunSmsService.java

@@ -1,11 +1,11 @@
 package com.youlai.boot.shared.sms.service.impl;
 
+import cn.hutool.json.JSONUtil;
 import com.aliyuncs.CommonRequest;
 import com.aliyuncs.CommonResponse;
 import com.aliyuncs.DefaultAcsClient;
 import com.aliyuncs.IAcsClient;
 import com.aliyuncs.exceptions.ClientException;
-import com.aliyuncs.exceptions.ServerException;
 import com.aliyuncs.http.MethodType;
 import com.aliyuncs.profile.DefaultProfile;
 import com.youlai.boot.config.property.AliyunSmsProperties;
@@ -14,11 +14,13 @@ import com.youlai.boot.shared.sms.service.SmsService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 
+import java.util.Map;
+
 /**
  * 阿里云短信业务类
- * 
+ *
  * @author Ray
- * @since  2024/8/17
+ * @since 2024/8/17
  */
 @Service
 @RequiredArgsConstructor
@@ -29,14 +31,13 @@ public class AliyunSmsService implements SmsService {
     /**
      * 发送短信验证码
      *
-     * @param mobile   手机号 13388886666
-     * @param smsType  短信模板 SMS_194640010
-     * @param templateParam 模板参数 [{"code":"123456"}]
-     *
-     * @return  boolean 是否发送成功
+     * @param mobile         手机号 13388886666
+     * @param smsType        短信模板 SMS_194640010
+     * @param templateParams 模板参数 [{"code":"123456"}]
+     * @return boolean 是否发送成功
      */
     @Override
-    public boolean sendSms(String mobile, SmsTypeEnum smsType, String templateParam) {
+    public boolean sendSms(String mobile, SmsTypeEnum smsType, Map<String, String> templateParams) {
 
         String templateCode = aliyunSmsProperties.getTemplates().get(smsType.getValue());
 
@@ -63,7 +64,7 @@ public class AliyunSmsService implements SmsService {
         // 您申请的模板 code
         request.putQueryParameter("TemplateCode", templateCode);
 
-        request.putQueryParameter("TemplateParam", templateParam);
+        request.putQueryParameter("TemplateParam", JSONUtil.toJsonStr(templateParams));
 
         try {
             CommonResponse response = client.getCommonResponse(request);