feat: add test case

src/main/java/com/openisle/controller/AuthController.java

@@ -20,8 +20,19 @@ curl -X POST http://localhost:8080/api/auth/register \
         "password": "password"
       }'
 
+curl -X POST http://localhost:8080/api/auth/verify \
+  -H "Content-Type: application/json" \
+  -d '{
+        "username": "test_user",
+        "code":    "361332"
+      }'
 
-
+curl -X POST http://localhost:8080/api/auth/login \
+  -H "Content-Type: application/json" \
+  -d '{
+        "username": "test_user",
+        "password":    "password"
+      }'
  */
 
 @RestController
@@ -54,7 +65,7 @@ public class AuthController {
         if (user.isPresent()) {
             return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
         } else {
-            return ResponseEntity.badRequest().body(Map.of("error", "\"Invalid credentials or user not verified"));
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid credentials or user not verified"));
         }
     }
 

src/main/java/com/openisle/controller/HelloController.java

@@ -4,12 +4,13 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import java.util.Map;
 
+/*
+curl http://localhost:8080/api/hello \
+    -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0X3VzZXIiLCJpYXQiOjE3NTEyODAzMjksImV4cCI6MTc1MTM2NjcyOX0.XNDGTQd1H9u3ZOYtnJaU5fL5zhtwyZZm5aX3vL_my1c"
+ */
+
 @RestController
 public class HelloController {
-    /**
-     * curl http://localhost:8080/api/hello \
-     *   -H "Authorization: Bearer <jwt-token>"
-     */
     @GetMapping("/api/hello")
     public Map<String, String> hello() {
         return Map.of("message", "Hello, Authenticated User");

src/main/java/com/openisle/service/JwtService.java

@@ -3,6 +3,8 @@ package com.openisle.service;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.io.Encoders;
 import io.jsonwebtoken.security.Keys;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
@@ -12,7 +14,6 @@ import java.util.Date;
 
 @Service
 public class JwtService {
-
     @Value("${app.jwt.secret}")
     private String secret;
 
@@ -20,7 +21,8 @@ public class JwtService {
     private long expiration;
 
     private Key getSigningKey() {
-        return Keys.hmacShaKeyFor(secret.getBytes());
+        byte[] keyBytes = Encoders.BASE64.encode(secret.getBytes()).getBytes();
+        return Keys.hmacShaKeyFor(keyBytes);
     }
 
     public String generateToken(String subject) {
@@ -30,7 +32,7 @@ public class JwtService {
                 .setSubject(subject)
                 .setIssuedAt(now)
                 .setExpiration(expiryDate)
-                .signWith(getSigningKey(), SignatureAlgorithm.HS256)
+                .signWith(getSigningKey())
                 .compact();
     }
 

src/main/java/com/openisle/service/UserService.java

@@ -17,19 +17,48 @@ public class UserService {
     private final PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
 
     public User register(String username, String email, String password) {
-        if (userRepository.findByUsername(username).isPresent() || userRepository.findByEmail(email).isPresent()) {
-            throw new IllegalStateException("User already exists");
+        // ── 先按用户名查 ──────────────────────────────────────────
+        Optional<User> byUsername = userRepository.findByUsername(username);
+        if (byUsername.isPresent()) {
+            User u = byUsername.get();
+            if (u.isVerified()) {                           // 已验证 → 直接拒绝
+                throw new IllegalStateException("User name already exists");
+            }
+            // 未验证 → 允许“重注册”：覆盖必要字段并重新发验证码
+            u.setEmail(email);                              // 若不允许改邮箱可去掉
+            u.setPassword(passwordEncoder.encode(password));
+            u.setVerificationCode(genCode());
+            return userRepository.save(u);
         }
+
+        // ── 再按邮箱查 ───────────────────────────────────────────
+        Optional<User> byEmail = userRepository.findByEmail(email);
+        if (byEmail.isPresent()) {
+            User u = byEmail.get();
+            if (u.isVerified()) {                           // 已验证 → 直接拒绝
+                throw new IllegalStateException("User email already exists");
+            }
+            // 未验证 → 允许“重注册”
+            u.setUsername(username);                        // 若不允许改用户名可去掉
+            u.setPassword(passwordEncoder.encode(password));
+            u.setVerificationCode(genCode());
+            return userRepository.save(u);
+        }
+
+        // ── 完全新用户 ───────────────────────────────────────────
         User user = new User();
         user.setUsername(username);
         user.setEmail(email);
         user.setPassword(passwordEncoder.encode(password));
         user.setVerified(false);
-        String code = String.format("%06d", new Random().nextInt(1000000));
-        user.setVerificationCode(code);
+        user.setVerificationCode(genCode());
         return userRepository.save(user);
     }
 
+    private String genCode() {
+        return String.format("%06d", new Random().nextInt(1000000));
+    }
+
     public boolean verifyCode(String username, String code) {
         Optional<User> userOpt = userRepository.findByUsername(username);
         if (userOpt.isPresent() && code.equals(userOpt.get().getVerificationCode())) {