feat: 实现基于JSON的登录API和安全认证

refactor: 重构登录逻辑和会话管理 fix: 修复会话ID类型和WebSocket连接问题 build: 更新项目版本号和添加Servlet API依赖 style: 清理无用导入和注释代码
2025-09-08 17:46:48 +08:00
parent 3b90db0450
commit 23e1f98ae5
17 changed files with 477 additions and 223 deletions
--- a/server/src/main/java/com/ecep/contract/config/GlobalExceptionHandler.java
+++ b/server/src/main/java/com/ecep/contract/config/GlobalExceptionHandler.java
@@ -15,13 +15,15 @@ import org.springframework.web.method.annotation.MethodArgumentTypeMismatchExcep
 import org.springframework.web.servlet.NoHandlerFoundException;
 import org.springframework.web.servlet.mvc.support.DefaultHandlerExceptionResolver;

+import java.io.PrintWriter;
+import java.io.StringWriter;
 import java.util.HashMap;
 import java.util.Map;

 /**
 * 全局异常处理器，捕获并处理所有Controller层抛出的异常，将错误信息以JSON格式返回给前端
 */
-// @RestControllerAdvice
+@RestControllerAdvice
 public class GlobalExceptionHandler {

    private static final Logger logger = LoggerFactory.getLogger(GlobalExceptionHandler.class);
@@ -36,9 +38,24 @@ public class GlobalExceptionHandler {
        result.put("code", 500);
        result.put("message", "系统内部错误：" + e.getMessage());
        result.put("errorType", e.getClass().getName());
+        result.put("stackTrace", getStackTraceAsString(e));
        result.put("success", false);
        return new ResponseEntity<>(result, HttpStatus.INTERNAL_SERVER_ERROR);
    }
+    
+    /**
+     * 将异常堆栈转换为字符串
+     */
+    private String getStackTraceAsString(Throwable throwable) {
+        StringWriter sw = new StringWriter();
+        PrintWriter pw = new PrintWriter(sw);
+        try {
+            throwable.printStackTrace(pw);
+            return sw.toString();
+        } finally {
+            pw.close();
+        }
+    }

    /**
     * 处理运行时异常
@@ -50,6 +67,7 @@ public class GlobalExceptionHandler {
        result.put("code", 500);
        result.put("message", "运行时错误：" + e.getMessage());
        result.put("errorType", e.getClass().getName());
+        result.put("stackTrace", getStackTraceAsString(e));
        result.put("success", false);
        return new ResponseEntity<>(result, HttpStatus.INTERNAL_SERVER_ERROR);
    }
--- a/server/src/main/java/com/ecep/contract/config/SecurityConfig.java
+++ b/server/src/main/java/com/ecep/contract/config/SecurityConfig.java
@@ -51,8 +51,8 @@ public class SecurityConfig {
        http
                .authorizeHttpRequests(authorize -> authorize
                        .requestMatchers("/login.html", "/css/**", "/js/**", "/images/**", "/webjars/**", "/login",
-                                "/error")
-                        .permitAll() // 允许静态资源、登录页面和错误页面访问
+                                "/error", "/api/login")
+                        .permitAll() // 允许静态资源、登录页面、错误页面和JSON登录API访问
                        .anyRequest().authenticated() // 其他所有请求需要认证
                )
                .csrf(AbstractHttpConfigurer::disable) // 禁用CSRF保护，适合开发环境