diff --git a/src/main/java/com/openisle/controller/AuthController.java b/src/main/java/com/openisle/controller/AuthController.java index cb3d2c170..43def2d0d 100644 --- a/src/main/java/com/openisle/controller/AuthController.java +++ b/src/main/java/com/openisle/controller/AuthController.java @@ -20,8 +20,19 @@ curl -X POST http://localhost:8080/api/auth/register \ "password": "password" }' +curl -X POST http://localhost:8080/api/auth/verify \ + -H "Content-Type: application/json" \ + -d '{ + "username": "test_user", + "code": "361332" + }' - +curl -X POST http://localhost:8080/api/auth/login \ + -H "Content-Type: application/json" \ + -d '{ + "username": "test_user", + "password": "password" + }' */ @RestController @@ -54,7 +65,7 @@ public class AuthController { if (user.isPresent()) { return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername()))); } else { - return ResponseEntity.badRequest().body(Map.of("error", "\"Invalid credentials or user not verified")); + return ResponseEntity.badRequest().body(Map.of("error", "Invalid credentials or user not verified")); } } diff --git a/src/main/java/com/openisle/controller/HelloController.java b/src/main/java/com/openisle/controller/HelloController.java index 11c808fb2..d22ceff83 100644 --- a/src/main/java/com/openisle/controller/HelloController.java +++ b/src/main/java/com/openisle/controller/HelloController.java @@ -4,12 +4,13 @@ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; import java.util.Map; +/* +curl http://localhost:8080/api/hello \ + -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0X3VzZXIiLCJpYXQiOjE3NTEyODAzMjksImV4cCI6MTc1MTM2NjcyOX0.XNDGTQd1H9u3ZOYtnJaU5fL5zhtwyZZm5aX3vL_my1c" + */ + @RestController public class HelloController { - /** - * curl http://localhost:8080/api/hello \ - * -H "Authorization: Bearer " - */ @GetMapping("/api/hello") public Map hello() { return Map.of("message", "Hello, Authenticated User"); diff --git a/src/main/java/com/openisle/service/JwtService.java b/src/main/java/com/openisle/service/JwtService.java index d27e13dac..bdd814e10 100644 --- a/src/main/java/com/openisle/service/JwtService.java +++ b/src/main/java/com/openisle/service/JwtService.java @@ -3,6 +3,8 @@ package com.openisle.service; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; +import io.jsonwebtoken.io.Decoders; +import io.jsonwebtoken.io.Encoders; import io.jsonwebtoken.security.Keys; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; @@ -12,7 +14,6 @@ import java.util.Date; @Service public class JwtService { - @Value("${app.jwt.secret}") private String secret; @@ -20,7 +21,8 @@ public class JwtService { private long expiration; private Key getSigningKey() { - return Keys.hmacShaKeyFor(secret.getBytes()); + byte[] keyBytes = Encoders.BASE64.encode(secret.getBytes()).getBytes(); + return Keys.hmacShaKeyFor(keyBytes); } public String generateToken(String subject) { @@ -30,7 +32,7 @@ public class JwtService { .setSubject(subject) .setIssuedAt(now) .setExpiration(expiryDate) - .signWith(getSigningKey(), SignatureAlgorithm.HS256) + .signWith(getSigningKey()) .compact(); } diff --git a/src/main/java/com/openisle/service/UserService.java b/src/main/java/com/openisle/service/UserService.java index b94af0c46..92ff79db6 100644 --- a/src/main/java/com/openisle/service/UserService.java +++ b/src/main/java/com/openisle/service/UserService.java @@ -17,19 +17,48 @@ public class UserService { private final PasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); public User register(String username, String email, String password) { - if (userRepository.findByUsername(username).isPresent() || userRepository.findByEmail(email).isPresent()) { - throw new IllegalStateException("User already exists"); + // ── 先按用户名查 ────────────────────────────────────────── + Optional byUsername = userRepository.findByUsername(username); + if (byUsername.isPresent()) { + User u = byUsername.get(); + if (u.isVerified()) { // 已验证 → 直接拒绝 + throw new IllegalStateException("User name already exists"); + } + // 未验证 → 允许“重注册”:覆盖必要字段并重新发验证码 + u.setEmail(email); // 若不允许改邮箱可去掉 + u.setPassword(passwordEncoder.encode(password)); + u.setVerificationCode(genCode()); + return userRepository.save(u); } + + // ── 再按邮箱查 ─────────────────────────────────────────── + Optional byEmail = userRepository.findByEmail(email); + if (byEmail.isPresent()) { + User u = byEmail.get(); + if (u.isVerified()) { // 已验证 → 直接拒绝 + throw new IllegalStateException("User email already exists"); + } + // 未验证 → 允许“重注册” + u.setUsername(username); // 若不允许改用户名可去掉 + u.setPassword(passwordEncoder.encode(password)); + u.setVerificationCode(genCode()); + return userRepository.save(u); + } + + // ── 完全新用户 ─────────────────────────────────────────── User user = new User(); user.setUsername(username); user.setEmail(email); user.setPassword(passwordEncoder.encode(password)); user.setVerified(false); - String code = String.format("%06d", new Random().nextInt(1000000)); - user.setVerificationCode(code); + user.setVerificationCode(genCode()); return userRepository.save(user); } + private String genCode() { + return String.format("%06d", new Random().nextInt(1000000)); + } + public boolean verifyCode(String username, String code) { Optional userOpt = userRepository.findByUsername(username); if (userOpt.isPresent() && code.equals(userOpt.get().getVerificationCode())) {