tongtong/youlai-boot
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: 移除匿名访问的设计,还原常用的白名单配置方案

Browse Source
This commit is contained in:
Ray.Hao
2024-12-25 22:38:15 +08:00
parent 1859a75819
commit eaf03138b9
14 changed files with 67 additions and 527 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/main/java/com/youlai/boot/common/annotation/AnonymousAccess.java
View File

@@ -1,11 +0,0 @@
package com.youlai.boot.common.annotation;
import java.lang.annotation.*;
/// 标记匿名访问
@Inherited
@Documented
@Target({ElementType.METHOD, ElementType.ANNOTATION_TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface AnonymousAccess {
}

67
src/main/java/com/youlai/boot/common/annotation/methods/AnonymousDeleteMapping.java
View File

@@ -1,67 +0,0 @@
package com.youlai.boot.common.annotation.methods;
import com.youlai.boot.common.annotation.AnonymousAccess;
import org.springframework.core.annotation.AliasFor;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import java.lang.annotation.*;
/**
* Annotation for mapping HTTP {@code DELETE} requests onto specific handler
* methods.
* <p>
* 支持匿名访问 DeleteMapping
*
* @see RequestMapping
*/
@AnonymousAccess
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
@RequestMapping(method = RequestMethod.DELETE)
public @interface AnonymousDeleteMapping {
/**
* Alias for {@link RequestMapping#name}.
*/
@AliasFor(annotation = RequestMapping.class)
String name() default "";
/**
* Alias for {@link RequestMapping#value}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] value() default {};
/**
* Alias for {@link RequestMapping#path}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] path() default {};
/**
* Alias for {@link RequestMapping#params}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] params() default {};
/**
* Alias for {@link RequestMapping#headers}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] headers() default {};
/**
* Alias for {@link RequestMapping#consumes}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] consumes() default {};
/**
* Alias for {@link RequestMapping#produces}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] produces() default {};
}

67
src/main/java/com/youlai/boot/common/annotation/methods/AnonymousGetMapping.java
View File

@@ -1,67 +0,0 @@
package com.youlai.boot.common.annotation.methods;
import com.youlai.boot.common.annotation.AnonymousAccess;
import org.springframework.core.annotation.AliasFor;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import java.lang.annotation.*;
/**
* Annotation for mapping HTTP {@code GET} requests onto specific handler
* methods.
* <p>
* 支持匿名访问 GetMapping
*
* @see RequestMapping
*/
@AnonymousAccess
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
@RequestMapping(method = RequestMethod.GET)
public @interface AnonymousGetMapping {
/**
* Alias for {@link RequestMapping#name}.
*/
@AliasFor(annotation = RequestMapping.class)
String name() default "";
/**
* Alias for {@link RequestMapping#value}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] value() default {};
/**
* Alias for {@link RequestMapping#path}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] path() default {};
/**
* Alias for {@link RequestMapping#params}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] params() default {};
/**
* Alias for {@link RequestMapping#headers}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] headers() default {};
/**
* Alias for {@link RequestMapping#consumes}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] consumes() default {};
/**
* Alias for {@link RequestMapping#produces}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] produces() default {};
}

67
src/main/java/com/youlai/boot/common/annotation/methods/AnonymousPatchMapping.java
View File

@@ -1,67 +0,0 @@
package com.youlai.boot.common.annotation.methods;
import com.youlai.boot.common.annotation.AnonymousAccess;
import org.springframework.core.annotation.AliasFor;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import java.lang.annotation.*;
/**
* Annotation for mapping HTTP {@code PATCH} requests onto specific handler
* methods.
* <p>
* 支持匿名访问 PatchMapping
*
* @see RequestMapping
*/
@AnonymousAccess
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
@RequestMapping(method = RequestMethod.PATCH)
public @interface AnonymousPatchMapping {
/**
* Alias for {@link RequestMapping#name}.
*/
@AliasFor(annotation = RequestMapping.class)
String name() default "";
/**
* Alias for {@link RequestMapping#value}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] value() default {};
/**
* Alias for {@link RequestMapping#path}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] path() default {};
/**
* Alias for {@link RequestMapping#params}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] params() default {};
/**
* Alias for {@link RequestMapping#headers}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] headers() default {};
/**
* Alias for {@link RequestMapping#consumes}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] consumes() default {};
/**
* Alias for {@link RequestMapping#produces}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] produces() default {};
}

67
src/main/java/com/youlai/boot/common/annotation/methods/AnonymousPostMapping.java
View File

@@ -1,67 +0,0 @@
package com.youlai.boot.common.annotation.methods;
import com.youlai.boot.common.annotation.AnonymousAccess;
import org.springframework.core.annotation.AliasFor;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import java.lang.annotation.*;
/**
* Annotation for mapping HTTP {@code POST} requests onto specific handler
* methods.
* <p>
* 支持匿名访问 PostMapping
*
* @see RequestMapping
*/
@AnonymousAccess
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
@RequestMapping(method = RequestMethod.POST)
public @interface AnonymousPostMapping {
/**
* Alias for {@link RequestMapping#name}.
*/
@AliasFor(annotation = RequestMapping.class)
String name() default "";
/**
* Alias for {@link RequestMapping#value}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] value() default {};
/**
* Alias for {@link RequestMapping#path}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] path() default {};
/**
* Alias for {@link RequestMapping#params}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] params() default {};
/**
* Alias for {@link RequestMapping#headers}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] headers() default {};
/**
* Alias for {@link RequestMapping#consumes}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] consumes() default {};
/**
* Alias for {@link RequestMapping#produces}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] produces() default {};
}

67
src/main/java/com/youlai/boot/common/annotation/methods/AnonymousPutMapping.java
View File

@@ -1,67 +0,0 @@
package com.youlai.boot.common.annotation.methods;
import com.youlai.boot.common.annotation.AnonymousAccess;
import org.springframework.core.annotation.AliasFor;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import java.lang.annotation.*;
/**
* Annotation for mapping HTTP {@code PUT} requests onto specific handler
* methods.
* <p>
* 支持匿名访问 PutMapping
*
* @see RequestMapping
*/
@AnonymousAccess
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
@RequestMapping(method = RequestMethod.PUT)
public @interface AnonymousPutMapping {
/**
* Alias for {@link RequestMapping#name}.
*/
@AliasFor(annotation = RequestMapping.class)
String name() default "";
/**
* Alias for {@link RequestMapping#value}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] value() default {};
/**
* Alias for {@link RequestMapping#path}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] path() default {};
/**
* Alias for {@link RequestMapping#params}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] params() default {};
/**
* Alias for {@link RequestMapping#headers}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] headers() default {};
/**
* Alias for {@link RequestMapping#consumes}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] consumes() default {};
/**
* Alias for {@link RequestMapping#produces}.
*/
@AliasFor(annotation = RequestMapping.class)
String[] produces() default {};
}

91
src/main/java/com/youlai/boot/common/util/AnonymousUtils.java
View File

@@ -1,91 +0,0 @@
package com.youlai.boot.common.util;
import com.youlai.boot.common.annotation.AnonymousAccess;
import com.youlai.boot.common.enums.RequestMethodEnum;
import org.springframework.context.ApplicationContext;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
import java.util.*;
import java.util.stream.Collectors;
public class AnonymousUtils {
/**
* 获取所有匿名标记URL不区分请求方式
*/
public static Set<String> getAnonymousUrls(ApplicationContext applicationContext) {
return getAllAnonymousUrls(applicationContext).values().stream().flatMap(Collection::stream).collect(Collectors.toSet());
}
/**
* 获取所有被标记的匿名类集合
*
* @return /
*/
public static Map<String, Set<String>> getAllAnonymousUrls(ApplicationContext applicationContext) {
// 搜索匿名标记
RequestMappingHandlerMapping requestMappingHandlerMapping = (RequestMappingHandlerMapping) applicationContext.getBean("requestMappingHandlerMapping");
Map<RequestMappingInfo, HandlerMethod> handlerMethodMap = requestMappingHandlerMapping.getHandlerMethods();
// 获取所以被标记的匿名类集合
return getAnonymousUrl(handlerMethodMap);
}
/**
* 获取所有被标记的匿名类集合
*
* @param handlerMethodMap 请求映射信息集合
* @return /
*/
public static Map<String, Set<String>> getAnonymousUrl(Map<RequestMappingInfo, HandlerMethod> handlerMethodMap) {
Set<String> get = new HashSet<>();
Set<String> post = new HashSet<>();
Set<String> put = new HashSet<>();
Set<String> patch = new HashSet<>();
Set<String> delete = new HashSet<>();
Set<String> all = new HashSet<>();
handlerMethodMap.forEach((key, value) -> {
AnonymousAccess anonymousAccess = value.getMethodAnnotation(AnonymousAccess.class);
if (anonymousAccess != null) {
ArrayList<RequestMethod> requestMethods = new ArrayList<>(key.getMethodsCondition().getMethods());
RequestMethodEnum request = RequestMethodEnum.find(requestMethods.isEmpty() ? RequestMethodEnum.ALL.getType() : requestMethods.get(0).name());
switch (Objects.requireNonNull(request)) {
case GET:
get.addAll(key.getDirectPaths());
break;
case POST:
post.addAll(key.getDirectPaths());
break;
case PUT:
put.addAll(key.getDirectPaths());
break;
case PATCH:
patch.addAll(key.getDirectPaths());
break;
case DELETE:
delete.addAll(key.getDirectPaths());
break;
default:
all.addAll(key.getDirectPaths());
}
}
});
return Map.ofEntries(
entry(RequestMethodEnum.GET.getType(), get),
entry(RequestMethodEnum.POST.getType(), post),
entry(RequestMethodEnum.PUT.getType(), put),
entry(RequestMethodEnum.PATCH.getType(), patch),
entry(RequestMethodEnum.DELETE.getType(), delete),
entry(RequestMethodEnum.ALL.getType(), all)
);
}
public static Map.Entry<String, Set<String>> entry(String key, Collection<String> collection) {
return Map.entry(key, collection.stream().filter(it -> !it.isEmpty()).collect(Collectors.toUnmodifiableSet()));
}
}

83
src/main/java/com/youlai/boot/config/SecurityConfig.java
View File

@@ -2,9 +2,7 @@ package com.youlai.boot.config;
import cn.binarywang.wx.miniapp.api.WxMaService;
import cn.hutool.captcha.generator.CodeGenerator;
import cn.hutool.core.collection.CollectionUtil;
import com.youlai.boot.common.enums.RequestMethodEnum;
import com.youlai.boot.common.util.AnonymousUtils;
import cn.hutool.core.util.ArrayUtil;
import com.youlai.boot.config.property.SecurityProperties;
import com.youlai.boot.core.filter.RateLimiterFilter;
import com.youlai.boot.core.security.exception.MyAccessDeniedHandler;
@@ -17,11 +15,9 @@ import com.youlai.boot.shared.auth.service.impl.JwtTokenService;
import com.youlai.boot.system.service.ConfigService;
import com.youlai.boot.system.service.UserService;
import lombok.RequiredArgsConstructor;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
@@ -36,9 +32,6 @@ import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import java.util.Map;
import java.util.Set;
/**
* Spring Security 安全配置
*
@@ -60,64 +53,61 @@ public class SecurityConfig {
private final SysUserDetailsService userDetailsService;
private final CodeGenerator codeGenerator;
private final SecurityProperties securityProperties;
private final ConfigService configService;
private final SecurityProperties securityProperties;
private final MyAuthenticationEntryPoint authenticationEntryPoint; // 项目内安全类
private final MyAccessDeniedHandler accessDeniedHandler;
private final ApplicationContext applicationContext;
/**
* 配置安全过滤链 SecurityFilterChain
*/
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// 获取所有匿名访问路径
Map<String, Set<String>> anonymousUrls = AnonymousUtils.getAllAnonymousUrls(applicationContext);
http
.authorizeHttpRequests(requestMatcherRegistry ->
requestMatcherRegistry
// GET
.requestMatchers(HttpMethod.GET, anonymousUrls.get(RequestMethodEnum.GET.getType()).toArray(new String[0])).permitAll()
// POST
.requestMatchers(HttpMethod.POST, anonymousUrls.get(RequestMethodEnum.POST.getType()).toArray(new String[0])).permitAll()
// PUT
.requestMatchers(HttpMethod.PUT, anonymousUrls.get(RequestMethodEnum.PUT.getType()).toArray(new String[0])).permitAll()
// PATCH
.requestMatchers(HttpMethod.PATCH, anonymousUrls.get(RequestMethodEnum.PATCH.getType()).toArray(new String[0])).permitAll()
// DELETE
.requestMatchers(HttpMethod.DELETE, anonymousUrls.get(RequestMethodEnum.DELETE.getType()).toArray(new String[0])).permitAll()
// 所有类型的接口都放行
.requestMatchers(anonymousUrls.get(RequestMethodEnum.ALL.getType()).toArray(new String[0])).permitAll()
.anyRequest().authenticated()
return http
.authorizeHttpRequests(requestMatcherRegistry -> {
// 忽略认证的 URI 地址
String[] ignoreUrls = securityProperties.getIgnoreUrls();
if (ArrayUtil.isNotEmpty(ignoreUrls)) {
requestMatcherRegistry.requestMatchers(ignoreUrls).permitAll();
}
// 其他请求都需要认证
requestMatcherRegistry.anyRequest().authenticated();
}
)
.exceptionHandling(httpSecurityExceptionHandlingConfigurer ->
httpSecurityExceptionHandlingConfigurer
.authenticationEntryPoint(authenticationEntryPoint)
.accessDeniedHandler(accessDeniedHandler)
.exceptionHandling(configurer ->
configurer
.authenticationEntryPoint(new MyAuthenticationEntryPoint()) // 未认证异常处理器
.accessDeniedHandler(new MyAccessDeniedHandler()) // 无权限访问异常处理器
)
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.csrf(AbstractHttpConfigurer::disable)
// 禁用默认的 Spring Security 特性,适用于前后端分离架构
.sessionManagement(configurer ->
configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 无状态认证,不使用 Session
)
.csrf(AbstractHttpConfigurer::disable) // 禁用 CSRF 防护,前后端分离无需此防护机制
.formLogin(AbstractHttpConfigurer::disable) // 禁用默认的表单登录功能,前后端分离采用 Token 认证方式
.httpBasic(AbstractHttpConfigurer::disable) // 禁用 HTTP Basic 认证,避免弹窗式登录
// 禁用 X-Frame-Options 响应头,允许页面被嵌套到 iframe 中
.headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
// 限流过滤器
.addFilterBefore(new RateLimiterFilter(redisTemplate, configService), UsernamePasswordAuthenticationFilter.class)
// 验证码校验过滤器
.addFilterBefore(new CaptchaValidationFilter(redisTemplate, codeGenerator), UsernamePasswordAuthenticationFilter.class)
// JWT 验证和解析过滤器
.addFilterBefore(new JwtAuthenticationFilter(jwtTokenService), UsernamePasswordAuthenticationFilter.class);
return http.build();
.addFilterBefore(new JwtAuthenticationFilter(jwtTokenService), UsernamePasswordAuthenticationFilter.class)
.build();
}
/**
* 不走过滤器链的放行配置
* 配置Web安全自定义器以忽略特定请求路径的安全性检查。
* <p>
* 该配置用于指定哪些请求路径不经过Spring Security过滤器链。通常用于静态资源文件。
*/
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> {
if (CollectionUtil.isNotEmpty(securityProperties.getIgnoreUrls())) {
web.ignoring().requestMatchers(securityProperties.getIgnoreUrls().toArray(new String[0]));
String[] unsecuredUrls = securityProperties.getUnsecuredUrls();
if (ArrayUtil.isNotEmpty(unsecuredUrls)) {
web.ignoring().requestMatchers(unsecuredUrls);
}
};
}
@@ -130,7 +120,6 @@ public class SecurityConfig {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
return daoAuthenticationProvider;
}

4
src/main/java/com/youlai/boot/config/property/SecurityProperties.java
View File

@@ -28,7 +28,9 @@ public class SecurityProperties {
/**
* 白名单 URL 集合
*/
private List<String> ignoreUrls;
private String[] ignoreUrls;
private String[] unsecuredUrls;
/**
* 会话属性

22
src/main/java/com/youlai/boot/core/aspect/LogAspect.java
View File

@@ -8,7 +8,6 @@ import cn.hutool.http.useragent.UserAgentUtil;
import cn.hutool.json.JSONUtil;
import com.aliyun.oss.HttpMethod;
import com.youlai.boot.common.enums.LogModuleEnum;
import com.youlai.boot.common.util.AnonymousUtils;
import com.youlai.boot.common.util.IPUtils;
import com.youlai.boot.core.security.util.SecurityUtils;
import com.youlai.boot.system.model.entity.Log;
@@ -22,7 +21,6 @@ import org.aspectj.lang.annotation.AfterReturning;
import org.aspectj.lang.annotation.AfterThrowing;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
@@ -31,12 +29,11 @@ import org.springframework.web.servlet.HandlerMapping;
import java.util.Collection;
import java.util.Map;
import java.util.Set;
/**
* 日志切面
*
* @author Ray
* @author Ray.Hao
* @since 2024/6/25
*/
@Aspect
@@ -46,7 +43,6 @@ import java.util.Set;
public class LogAspect {
private final LogService logService;
private final HttpServletRequest request;
private final ApplicationContext applicationContext;
@Pointcut("@annotation(com.youlai.boot.common.annotation.Log)")
public void logPointcut() {
@@ -80,16 +76,6 @@ public class LogAspect {
private void saveLog(final JoinPoint joinPoint, final Exception e, Object jsonResult, com.youlai.boot.common.annotation.Log logAnnotation) {
String requestURI = request.getRequestURI();
Long userId = null;
// 获取所有匿名标记
Set<String> anonymousUrls = AnonymousUtils.getAnonymousUrls(applicationContext);
// 非登录请求获取用户ID登录请求在登录成功后(joinPoint.proceed())获取用户ID
if (!anonymousUrls.contains(requestURI)) {
userId = SecurityUtils.getUserId();
}
TimeInterval timer = DateUtil.timer();
// 执行方法
long executionTime = timer.interval();
@@ -113,12 +99,8 @@ public class LogAspect {
log.setResponseContent(JSONUtil.toJsonStr(jsonResult));
}
}
log.setRequestUri(requestURI);
// 登录方法需要在登录成功后获取用户ID
if (userId == null) {
userId = SecurityUtils.getUserId();
}
Long userId = SecurityUtils.getUserId();
log.setCreateBy(userId);
String ipAddr = IPUtils.getIpAddr(request);
if (StrUtil.isNotBlank(ipAddr)) {

7
src/main/java/com/youlai/boot/shared/auth/controller/AuthController.java
View File

@@ -1,6 +1,5 @@
package com.youlai.boot.shared.auth.controller;
import com.youlai.boot.common.annotation.methods.AnonymousPostMapping;
import com.youlai.boot.common.enums.LogModuleEnum;
import com.youlai.boot.common.result.Result;
import com.youlai.boot.shared.auth.model.RefreshTokenRequest;
@@ -31,7 +30,7 @@ public class AuthController {
private final AuthService authService;
@Operation(summary = "登录")
@AnonymousPostMapping("/login")
@PostMapping("/login")
@Log(value = "登录", module = LogModuleEnum.LOGIN)
public Result<AuthTokenResponse> login(
@Parameter(description = "用户名", example = "admin") @RequestParam String username,
@@ -59,12 +58,12 @@ public class AuthController {
@Operation(summary = "刷新token")
@PostMapping("/refresh-token")
public Result<?> refreshToken(@RequestBody RefreshTokenRequest request) {
AuthTokenResponse authTokenResponse = authService.refreshToken(request);
AuthTokenResponse authTokenResponse = authService.refreshToken(request);
return Result.success(authTokenResponse);
}
@Operation(summary = "微信登录")
@AnonymousPostMapping("/wechat-login")
@PostMapping("/wechat-login")
@Log(value = "微信登录", module = LogModuleEnum.LOGIN)
public Result<AuthTokenResponse> wechatLogin(
@Parameter(description = "微信授权码", example = "code") @RequestParam String code