2025-10-24 15:22:14 +08:00
10 changed files with 294 additions and 201 deletions
--- a/pom.xml
+++ b/pom.xml
@ -58,11 +58,6 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <!-- OAuth2客户端 -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-client</artifactId>
        </dependency>
        <!-- Web相关依赖 -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
--- a/src/main/java/com/chinaweal/youfool/course/config/SaTokenConfig.java
+++ b/src/main/java/com/chinaweal/youfool/course/config/SaTokenConfig.java
@ -0,0 +1,34 @@
 package com.chinaweal.youfool.course.config;
 import cn.dev33.satoken.interceptor.SaInterceptor;
 import cn.dev33.satoken.router.SaRouter;
 import cn.dev33.satoken.stp.StpUtil;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 /**
 * Sa-Token配置
 *
 * @author lroyia
 * @since 2025/10/24
 **/
@Configuration
 public class SaTokenConfig implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        // 注册Sa-Token拦截器
        registry.addInterceptor(new SaInterceptor())
                .addPathPatterns("/**")
                .excludePathPatterns(
                        "/login", 
                        "/error", 
                        "/webjars/**", 
                        "/css/**", 
                        "/js/**",
                        "/user/auth/**",
                        "/oauth2/**"
                );
    }
 }
--- a/src/main/java/com/chinaweal/youfool/course/config/WebSecurityConfig.java
+++ b/src/main/java/com/chinaweal/youfool/course/config/WebSecurityConfig.java
@ -1,51 +0,0 @@
 package com.chinaweal.youfool.course.config;
 import com.chinaweal.youfool.course.security.OAuth2LoginFailureHandler;
 import com.chinaweal.youfool.course.security.OAuth2LoginSuccessHandler;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;
 /**
 * Web安全配置
 *
 * @author lroyia
 * @since 2025/10/24
 **/
@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {
    private final OAuth2LoginSuccessHandler oauth2LoginSuccessHandler;
    private final OAuth2LoginFailureHandler oauth2LoginFailureHandler;
    public WebSecurityConfig(OAuth2LoginSuccessHandler oauth2LoginSuccessHandler,
                            OAuth2LoginFailureHandler oauth2LoginFailureHandler) {
        this.oauth2LoginSuccessHandler = oauth2LoginSuccessHandler;
        this.oauth2LoginFailureHandler = oauth2LoginFailureHandler;
    }
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(authorize -> authorize
                .requestMatchers("/login", "/error", "/webjars/**", "/css/**", "/js/**").permitAll()
                .requestMatchers("/user/auth/**").permitAll()
                .anyRequest().authenticated()
            )
            .oauth2Login(oauth2 -> oauth2
                .loginPage("/login")
                .successHandler(oauth2LoginSuccessHandler)
                .failureHandler(oauth2LoginFailureHandler)
            )
            .csrf(csrf -> csrf.disable())
            .formLogin(form -> form
                .loginPage("/login")
                .permitAll()
            );
        return http.build();
    }
 }
--- a/src/main/java/com/chinaweal/youfool/course/controller/OAuth2Controller.java
+++ b/src/main/java/com/chinaweal/youfool/course/controller/OAuth2Controller.java
@ -0,0 +1,182 @@
 package com.chinaweal.youfool.course.controller;
 import cn.dev33.satoken.session.SaSession;
 import cn.dev33.satoken.stp.StpUtil;
 import com.chinaweal.youfool.framework.springboot.user.entity.UserBase;
 import com.chinaweal.youfool.course.common.constants.SessionConstants;
 import com.chinaweal.youfool.course.entity.SysUser;
 import com.chinaweal.youfool.course.service.SysUserService;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.servlet.view.RedirectView;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 /**
 * OAuth2控制器
 *
 * @author lroyia
 * @since 2025/10/24
 **/
@Slf4j
@Controller
@RequestMapping("/oauth2")
 public class OAuth2Controller {
    @Value("${gitea.client-id}")
    private String clientId;
    @Value("${gitea.client-secret}")
    private String clientSecret;
    @Value("${gitea.auth-url}")
    private String authUrl;
    @Value("${gitea.token-url}")
    private String tokenUrl;
    @Value("${gitea.user-url}")
    private String userUrl;
    @Value("${gitea.redirect-uri}")
    private String redirectUri;
    @Autowired
    private SysUserService sysUserService;
    /**
     * 跳转到Gitea授权页面
     *
     * @return 重定向到Gitea授权页面
     */
    @GetMapping("/gitea/authorize")
    public RedirectView authorize() {
        String state = String.valueOf(System.currentTimeMillis());
        String url = String.format("%s?client_id=%s&redirect_uri=%s&response_type=code&state=%s&scope=read:user",
                authUrl, clientId, redirectUri, state);
        return new RedirectView(url);
    }
    /**
     * Gitea回调处理
     *
     * @param code 授权码
     * @param state 状态
     * @return 重定向到首页
     */
    @GetMapping("/gitea/callback")
    public RedirectView callback(@RequestParam String code, @RequestParam String state) {
        try {
            // 获取访问令牌
            Map<String, String> tokenParams = new HashMap<>();
            tokenParams.put("client_id", clientId);
            tokenParams.put("client_secret", clientSecret);
            tokenParams.put("code", code);
            tokenParams.put("grant_type", "authorization_code");
            tokenParams.put("redirect_uri", redirectUri);
            RestTemplate restTemplate = new RestTemplate();
            Map<String, Object> tokenResponse = restTemplate.postForObject(tokenUrl, tokenParams, Map.class);
            if (tokenResponse == null || !tokenResponse.containsKey("access_token")) {
                throw new RuntimeException("获取access_token失败");
            }
            String accessToken = (String) tokenResponse.get("access_token");
            // 获取用户信息
            Map<String, Object> userInfo = getUserInfo(accessToken);
            // 处理用户登录
            handleUserLogin(userInfo);
            return new RedirectView("/course/");
        } catch (Exception e) {
            log.error("Gitea OAuth2回调处理失败", e);
            return new RedirectView("/course/login?error=true&message=" + e.getMessage());
        }
    }
    /**
     * 获取用户信息
     *
     * @param accessToken 访问令牌
     * @return 用户信息
     */
    private Map<String, Object> getUserInfo(String accessToken) {
        RestTemplate restTemplate = new RestTemplate();
        Map<String, String> headers = new HashMap<>();
        headers.put("Authorization", "token " + accessToken);
        org.springframework.http.HttpEntity<?> entity = new org.springframework.http.HttpEntity<>(headers);
        Map<String, Object> userInfo = restTemplate.exchange(userUrl, 
                org.springframework.http.HttpMethod.GET, entity, Map.class).getBody();
        return userInfo;
    }
    /**
     * 处理用户登录
     *
     * @param userInfo 用户信息
     */
    private void handleUserLogin(Map<String, Object> userInfo) {
        String username = (String) userInfo.get("username");
        String email = (String) userInfo.get("email");
        String avatarUrl = (String) userInfo.get("avatar_url");
        Integer id = (Integer) userInfo.get("id");
        log.info("Gitea用户登录成功: username={}, email={}, id={}", username, email, id);
        // 生成Gitea Open ID
        String giteaOpenId = String.valueOf(id);
        // 检查用户是否已存在
        SysUser sysUser = sysUserService.getUserByGiteaOpenId(giteaOpenId);
        // 如果用户不存在，则创建新用户
        if (sysUser == null) {
            sysUser = new SysUser();
            sysUser.setUsername(username);
            sysUser.setNickname(username);
            sysUser.setEmail(email);
            sysUser.setAvatar(avatarUrl);
            sysUser.setGiteaOpenId(giteaOpenId);
            sysUserService.save(sysUser);
        } else {
            // 更新用户信息
            sysUser.setEmail(email);
            sysUser.setAvatar(avatarUrl);
            sysUserService.updateById(sysUser);
        }
        // 使用Sa-Token登录
        StpUtil.login(sysUser.getUserId());
        SaSession session = StpUtil.getSession();
        // 构建用户信息
        UserBase userBase = new UserBase();
        userBase.setUsername(sysUser.getUsername());
        userBase.setEmail(sysUser.getEmail());
        userBase.setAvatarUrl(sysUser.getAvatar());
        userBase.setId(sysUser.getUserId());
        // 设置权限
        Set<String> permissionSet = new HashSet<>();
        permissionSet.add("user");
        userBase.setPermission(permissionSet);
        // 将用户信息存储至session
        session.set(SessionConstants.USER_KEY, userBase);
    }
 }
--- a/src/main/java/com/chinaweal/youfool/course/controller/PageController.java
+++ b/src/main/java/com/chinaweal/youfool/course/controller/PageController.java
@ -1,5 +1,6 @@
 package com.chinaweal.youfool.course.controller;
 import cn.dev33.satoken.stp.StpUtil;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
@ -29,6 +30,9 @@ public class PageController {
     */
    @GetMapping("/")
    public String index() {
        if (!StpUtil.isLogin()) {
            return "redirect:/course/login";
        }
        return "index";
    }
@ -39,6 +43,9 @@ public class PageController {
     */
    @GetMapping("/index")
    public String indexPage() {
        if (!StpUtil.isLogin()) {
            return "redirect:/course/login";
        }
        return "index";
    }
 }
--- a/src/main/java/com/chinaweal/youfool/course/controller/TestController.java
+++ b/src/main/java/com/chinaweal/youfool/course/controller/TestController.java
@ -0,0 +1,62 @@
 package com.chinaweal.youfool.course.controller;
 import cn.dev33.satoken.stp.StpUtil;
 import com.chinaweal.youfool.framework.springboot.rest.RestResult;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 /**
 * 测试控制器
 *
 * @author lroyia
 * @since 2025/10/24
 **/
@Slf4j
@RestController
@RequestMapping("/test")
 public class TestController {
    /**
     * 测试接口，需要登录
     *
     * @return 测试结果
     */
    @GetMapping("/hello")
    public RestResult<String> hello() {
        return RestResult.ok("Hello, " + StpUtil.getLoginIdAsString() + "!");
    }
    /**
     * 测试管理员权限
     *
     * @return 测试结果
     */
    @GetMapping("/admin")
    public RestResult<String> admin() {
        StpUtil.checkPermission("admin");
        return RestResult.ok("Admin access granted!");
    }
    /**
     * 测试用户权限
     *
     * @return 测试结果
     */
    @GetMapping("/user")
    public RestResult<String> user() {
        StpUtil.checkPermission("user");
        return RestResult.ok("User access granted!");
    }
    /**
     * 获取当前登录信息
     *
     * @return 登录信息
     */
    @GetMapping("/info")
    public RestResult<String> info() {
        return RestResult.ok("Current login id: " + StpUtil.getLoginIdAsString());
    }
 }
--- a/src/main/java/com/chinaweal/youfool/course/security/OAuth2LoginFailureHandler.java
+++ b/src/main/java/com/chinaweal/youfool/course/security/OAuth2LoginFailureHandler.java
@ -1,31 +0,0 @@
 package com.chinaweal.youfool.course.security;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.stereotype.Component;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 /**
 * OAuth2登录失败处理器
 *
 * @author lroyia
 * @since 2025/10/24
 **/
@Slf4j
@Component
 public class OAuth2LoginFailureHandler implements AuthenticationFailureHandler {
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
                                        AuthenticationException exception) throws IOException, ServletException {
        log.error("OAuth2登录失败: {}", exception.getMessage());
        // 重定向到登录页面，带上错误信息
        response.sendRedirect("/course/login?error=true&message=" + java.net.URLEncoder.encode(exception.getMessage(), "UTF-8"));
    }
 }
--- a/src/main/java/com/chinaweal/youfool/course/security/OAuth2LoginSuccessHandler.java
+++ b/src/main/java/com/chinaweal/youfool/course/security/OAuth2LoginSuccessHandler.java
@ -1,96 +0,0 @@
 package com.chinaweal.youfool.course.security;
 import cn.dev33.satoken.session.SaSession;
 import cn.dev33.satoken.stp.StpUtil;
 import com.chinaweal.youfool.framework.springboot.user.entity.UserBase;
 import com.chinaweal.youfool.course.common.constants.SessionConstants;
 import com.chinaweal.youfool.course.entity.SysUser;
 import com.chinaweal.youfool.course.service.SysUserService;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 /**
 * OAuth2登录成功处理器
 *
 * @author lroyia
 * @since 2025/10/24
 **/
@Slf4j
@Component
 public class OAuth2LoginSuccessHandler implements AuthenticationSuccessHandler {
    @Autowired
    private SysUserService sysUserService;
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                        Authentication authentication) throws IOException, ServletException {
        OAuth2User oauth2User = (OAuth2User) authentication.getPrincipal();
        Map<String, Object> attributes = oauth2User.getAttributes();
        // 获取Gitea用户信息
        String username = (String) attributes.get("username");
        String email = (String) attributes.get("email");
        String avatarUrl = (String) attributes.get("avatar_url");
        Integer id = (Integer) attributes.get("id");
        log.info("Gitea用户登录成功: username={}, email={}, id={}", username, email, id);
        // 生成Gitea Open ID
        String giteaOpenId = String.valueOf(id);
        // 检查用户是否已存在
        SysUser sysUser = sysUserService.getUserByGiteaOpenId(giteaOpenId);
        // 如果用户不存在，则创建新用户
        if (sysUser == null) {
            sysUser = new SysUser();
            sysUser.setUsername(username);
            sysUser.setNickname(username);
            sysUser.setEmail(email);
            sysUser.setAvatar(avatarUrl);
            sysUser.setGiteaOpenId(giteaOpenId);
            sysUserService.save(sysUser);
        } else {
            // 更新用户信息
            sysUser.setEmail(email);
            sysUser.setAvatar(avatarUrl);
            sysUserService.updateById(sysUser);
        }
        // 使用Sa-Token登录
        StpUtil.login(sysUser.getUserId());
        SaSession session = StpUtil.getSession();
        // 构建用户信息
        UserBase userBase = new UserBase();
        userBase.setUsername(sysUser.getUsername());
        userBase.setEmail(sysUser.getEmail());
        userBase.setAvatarUrl(sysUser.getAvatar());
        userBase.setId(sysUser.getUserId());
        // 设置权限
        Set<String> permissionSet = new HashSet<>();
        permissionSet.add("user");
        userBase.setPermission(permissionSet);
        // 将用户信息存储至session
        session.set(SessionConstants.USER_KEY, userBase);
        // 重定向到首页
        response.sendRedirect("/course/");
    }
 }
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -14,23 +14,14 @@ spring:
    suffix: .html
    encoding: UTF-8
    mode: HTML
-  # OAuth2配置
+  # Gitea OAuth2配置
  security:
    oauth2:
      client:
        registration:
  gitea:
    client-id: ${GITEA_CLIENT_ID:your-gitea-client-id}
    client-secret: ${GITEA_CLIENT_SECRET:your-gitea-client-secret}
-            authorization-grant-type: authorization_code
+    auth-url: ${GITEA_AUTH_URL:https://gitea.com/login/oauth/authorize}
-            redirect-uri: ${BASE_URL:http://localhost:8080}/course/login/oauth2/code/gitea
+    token-url: ${GITEA_TOKEN_URL:https://gitea.com/login/oauth/access_token}
-            scope: read:user
+    user-url: ${GITEA_USER_URL:https://gitea.com/api/v1/user}
-        provider:
+    redirect-uri: ${BASE_URL:http://localhost:8080}/course/oauth2/gitea/callback
          gitea:
            authorization-uri: ${GITEA_AUTH_URL:https://gitea.com/login/oauth/authorize}
            token-uri: ${GITEA_TOKEN_URL:https://gitea.com/login/oauth/access_token}
            user-info-uri: ${GITEA_USER_URL:https://gitea.com/api/v1/user}
            user-name-attribute: username
  datasource:
    dynamic:
      primary: master #设置默认的数据源或者数据源组,默认值即为master
--- a/src/main/resources/templates/login.html
+++ b/src/main/resources/templates/login.html
@ -136,7 +136,7 @@
            <span>或</span>
        </div>
-        <a href="/oauth2/authorization/gitea" class="gitea-login-btn">
+        <a href="/course/oauth2/gitea/authorize" class="gitea-login-btn">
            <svg class="gitea-icon" viewBox="0 0 24 24" fill="currentColor">
                <path d="M4.209 4.603c-.247 0-.525.02-.84.088-.333.07-1.28.283-2.054 1.027C-.403 7.25.035 9.685.089 10.052c.065.446.263 1.686 1.21 2.768 1.766 2.141 5.51 2.092 5.51 2.092s.462 1.103 1.168 2.119c.955 1.263 1.936 2.248 2.89 2.367 2.406 0 7.212-.004 7.212-.004s.458.004 1.08-.394c.535-.324 1.013-.893 1.013-.893s.492-.527 1.18-1.73c.21-.37.385-.729.538-1.068 0 0 2.107-4.471 2.107-8.823-.042-1.318-.367-1.55-.443-1.627-.156-.156-.366-.153-.366-.153s-4.475.252-6.792.306c-.508.011-1.012.023-1.512.027v4.474l-.634-.301c0-1.39-.004-4.17-.004-4.17-1.107.016-3.405-.084-3.405-.084s-5.399-.27-5.987-.324c-.112-.012-.263-.02-.42-.02zm.531 1.268c.163.011.405.027.658.054l.426.05 3.23.294c.407.038.848.072 1.295.104 0 0 .39.023.948.054.558.031 1.243.065 1.243.065.55.027 1.107.038 1.243.046.39.015.604.015.604.015l.007 4.586 2.394 1.135V6.324c.492-.004.983-.015 1.463-.023l.847-.015c1.18-.023 2.344-.07 2.344-.07l.273-.015c.156 0 .294-.004.422-.004.863 0 1.027.169 1.077.218.112.113.135.42.15.508.015.124.046.365.058.697.031 1.336-.218 3.098-.631 4.688-.073.28-.156.562-.248.836-.27.83-.956 2.478-.956 2.478-.14.352-.304.75-.499 1.169-.397.852-.82 1.627-.82 1.627s-.23.374-.615.665a2.525 2.525 0 0 1-.523.267c-.15.046-.306.02-.508.027l-.603.015c-.607.008-1.206.004-1.206.004H11.25c-1.278-.12-2.44-2.152-3.03-3.042-.793-1.224-1.549-3.12-1.549-3.12l-.812-.02c-.407-.008-.844-.02-1.203-.02-1.647 0-3.12-.52-3.87-1.399C.13 9.98-.191 7.767.652 6.564c.472-.677 1.2-1.06 1.845-1.24a4.45 4.45 0 0 1 1.243-.153z"/>
            </svg>