feat: add Google login support

README.md

@@ -19,6 +19,7 @@ OpenIsle 基于 Spring Boot 构建，提供社区后台常见的注册、登录
 
 * **用户体系**：注册、登录，密码使用 BCrypt 加密
 * **JWT 认证**：登录后获得 Token，接口通过 `Authorization: Bearer` 认证
+* **Google 登录**：支持使用 Google OAuth 登录
 * **邮件通知**：抽象 `EmailSender`，默认实现基于 Resend
 * **角色权限**：内置 `ADMIN` 与 `USER`，管理员接口以 `/api/admin/**` 提供
 * **文章与评论**：支持分类、评论及多级回复
@@ -43,6 +44,7 @@ OpenIsle 基于 Spring Boot 构建，提供社区后台常见的注册、登录
    - `MYSQL_PASSWORD`：数据库密码
    - `RESEND_API_KEY`：Resend 邮件服务 API Key
    - `COS_BASE_URL`：腾讯云 COS 访问域名
+   - `GOOGLE_CLIENT_ID`：Google OAuth 客户端 ID
    - `JWT_SECRET`：JWT 签名密钥
    - `JWT_EXPIRATION`：JWT 过期时间（毫秒）
    - `PASSWORD_STRENGTH`：密码强度（LOW、MEDIUM、HIGH）
@@ -62,6 +64,7 @@ mvn spring-boot:run
 
 - `POST /api/auth/register`：注册新用户
 - `POST /api/auth/login`：登录并获取 Token
+- `POST /api/auth/google`：Google 登录并获取 Token
 - `GET /api/config`：查看验证码开关配置
 - 需要认证的接口示例：`GET /api/hello`（需 `Authorization` 头）
 - 管理员接口示例：`GET /api/admin/hello`

pom.xml

@@ -66,6 +66,11 @@
       <artifactId>lombok</artifactId>
       <optional>true</optional>
     </dependency>
+    <dependency>
+      <groupId>com.google.api-client</groupId>
+      <artifactId>google-api-client</artifactId>
+      <version>2.2.0</version>
+    </dependency>
     <dependency>
       <groupId>com.qcloud</groupId>
       <artifactId>cos_api</artifactId>

src/main/java/com/openisle/controller/AuthController.java

@@ -5,6 +5,7 @@ import com.openisle.service.EmailSender;
 import com.openisle.service.JwtService;
 import com.openisle.service.UserService;
 import com.openisle.service.CaptchaService;
+import com.openisle.service.GoogleAuthService;
 import lombok.Data;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
@@ -21,6 +22,7 @@ public class AuthController {
     private final JwtService jwtService;
     private final EmailSender emailService;
     private final CaptchaService captchaService;
+    private final GoogleAuthService googleAuthService;
 
     @Value("${app.captcha.enabled:false}")
     private boolean captchaEnabled;
@@ -63,6 +65,15 @@ public class AuthController {
         }
     }
 
+    @PostMapping("/google")
+    public ResponseEntity<?> loginWithGoogle(@RequestBody GoogleLoginRequest req) {
+        Optional<User> user = googleAuthService.authenticate(req.getIdToken());
+        if (user.isPresent()) {
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+        }
+        return ResponseEntity.badRequest().body(Map.of("error", "Invalid google token"));
+    }
+
     @GetMapping("/check")
     public ResponseEntity<?> checkToken() {
         return ResponseEntity.ok(Map.of("valid", true));
@@ -83,6 +94,11 @@ public class AuthController {
         private String captcha;
     }
 
+    @Data
+    private static class GoogleLoginRequest {
+        private String idToken;
+    }
+
     @Data
     private static class VerifyRequest {
         private String username;

src/main/java/com/openisle/service/GoogleAuthService.java

@@ -0,0 +1,69 @@
+package com.openisle.service;
+
+import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
+import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
+import com.google.api.client.http.javanet.NetHttpTransport;
+import com.google.api.client.json.jackson2.JacksonFactory;
+import com.openisle.model.Role;
+import com.openisle.model.User;
+import com.openisle.repository.UserRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+import java.util.Optional;
+
+@Service
+@RequiredArgsConstructor
+public class GoogleAuthService {
+
+    private final UserRepository userRepository;
+
+    @Value("${google.client-id:}")
+    private String clientId;
+
+    public Optional<User> authenticate(String idTokenString) {
+        GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), new JacksonFactory())
+                .setAudience(Collections.singletonList(clientId))
+                .build();
+        try {
+            GoogleIdToken idToken = verifier.verify(idTokenString);
+            if (idToken == null) {
+                return Optional.empty();
+            }
+            GoogleIdToken.Payload payload = idToken.getPayload();
+            String email = payload.getEmail();
+            String name = (String) payload.get("name");
+            return Optional.of(processUser(email, name));
+        } catch (Exception e) {
+            return Optional.empty();
+        }
+    }
+
+    private User processUser(String email, String name) {
+        Optional<User> existing = userRepository.findByEmail(email);
+        if (existing.isPresent()) {
+            User user = existing.get();
+            if (!user.isVerified()) {
+                user.setVerified(true);
+                user.setVerificationCode(null);
+                userRepository.save(user);
+            }
+            return user;
+        }
+        User user = new User();
+        String baseUsername = email.split("@")[0];
+        String username = baseUsername;
+        int suffix = 1;
+        while (userRepository.findByUsername(username).isPresent()) {
+            username = baseUsername + suffix++;
+        }
+        user.setUsername(username);
+        user.setEmail(email);
+        user.setPassword("");
+        user.setRole(Role.USER);
+        user.setVerified(true);
+        return userRepository.save(user);
+    }
+}

src/main/resources/application.properties

@@ -41,3 +41,6 @@ cos.secret-key=${COS_SECRET_KEY:}
 cos.region=${COS_REGION:ap-guangzhou}
 cos.bucket-name=${COS_BUCKET_NAME:}
 # your image upload services: ...
+
+# Google OAuth configuration
+google.client-id=${GOOGLE_CLIENT_ID:}