admin/craftlabs-authorization-sdk
1
0
Fork 0
mirror of https://github.com/hpd840321/craftlabs-authorization-sdk.git synced 2026-06-09 10:00:30 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

docs: add AGENTS.md, code audit reports, and implementation plans

Browse Source 
Added hierarchical AGENTS.md files for root, java, native, services, web modules. Added comprehensive audit reports covering PRD progress, UI audit, full version gap analysis, code audit findings, and ONLYOFFICE status.

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
This commit is contained in:
huangping
2026-05-27 08:37:24 +08:00
parent b2968dc327
commit 1333cb38d6
14 changed files with 3110 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/superpowers/plans/2026-05-26-i10-p0-baseline-alignment.md
+450
View File
@@ -0,0 +1,450 @@
# Mid I10 — P0 基线对齐实现计划
> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
**Goal:** 补齐原型复盘发现的 P0 缺口:文档对齐 + 客户详情聚合视图 + 会话空闲超时拦截。
**Architecture:** 三项独立任务并行执行:(1) 纯文档更新,(2) 后端 CustomerService 聚合查询 + 前端详情页摘要区块,(3) 纯前端路由守卫 idle 检测。无需新增数据库表或后端端点(M1-F03 修复已有端点)。
**Tech Stack:** Spring Boot 3.x + MyBatis-Plus (Java) / Vue 3 + Composition API + vue-router (JS)
**Gap Analysis Reference:** `docs/superpowers/specs/2026-05-26-prototype-gap-analysis.md`
---
## 文件结构
```
# Task 0 — 文档更新
Modify: docs/chuangfei-platform-product-modules.md # 刷新 M1-M11 全部实现状态列
# Task 1 — M1-F03 客户详情聚合视图
Modify: services/.../api/service/CustomerService.java # 修复 getCustomerSummary() 真实查询合同/SN 计数
Modify: web/.../src/views/CustomerDetailView.vue # 新增聚合摘要区块
# Task 2 — M11-F03 会话空闲超时
Modify: web/.../src/router/index.js # 路由守卫注入 idle 检测
Modify: web/.../src/stores/auth.js # 新增 lastActivity + checkSessionTimeout
Create: web/.../src/utils/idleTimer.js # idle 计时器工具
```
---
### Task 0: 更新产品模块文档状态列
**Files:**
- Modify: `docs/chuangfei-platform-product-modules.md`
**依据:** 代码审计显示大量功能点实际实现早于文档标记。需刷新状态列,使文档成为可靠 SSOT。
**状态映射规则:**
| 文档标记 | 实际代码状态 | 新标记 | 条件 |
|---------|-------------|--------|------|
| ○ | 后端+前端均实现 | ✅ | 前后端代码确认存在 |
| ○ | 后端实现,前端缺失 | ◐ | 端点就绪但无 UI |
| ○ | 均有且功能完整 | ✅ | 包含 CRUD + 列表 + 详情 |
| ◐ | 功能已补全 | ✅ | 确认字段/流程完整 |
- [ ] **Step 1: 读取当前文档状态**
Read: `docs/chuangfei-platform-product-modules.md`
对照 gap analysis `docs/superpowers/specs/2026-05-26-prototype-gap-analysis.md` 中的「代码领先文档」差异表,确认每个模块需要变更的行。
- [ ] **Step 2: 批量更新 M1-M6 状态列**
基于以下已知差异编辑文档:
| 模块 | 功能点 | 旧标记 | 新标记 | 原因 |
|------|--------|--------|--------|------|
| M1-F06 | 项目干系人 | ○ | ◐ | 后端 CRUD 就绪,前端口 |
| M1-F07 | 冻结解冻 | ○ | ◐ | 后端端点就绪,前端口 |
| M2-F05 | 合同附件 | ○ | ◐ | 后端上传端点就绪 |
| M2-F07 | 合同变更 | ○ | ◐ | 后端 changes/complete 就绪 |
| M4-F01 | SN 批量导入 | ○ | ◐ | 后端 batch-import 就绪 |
| M4-F07 | 批量 SN 操作 | ○ | ◐ | 后端就绪 |
| M6-F03 | 比特 ID 映射 | ○ | ✅ | 前后端均已实现 |
| M6-F04 | 特征映射 | ○ | ✅ | 同上 |
| M6-F05 | JSON 模板 | ○ | ◐ | 前后端实现,缺 Schema 校验关联 |
- [ ] **Step 3: 批量更新 M7-M11 状态列**
| 模块 | 旧标记 | 新标记 | 原因 |
|------|--------|--------|------|
| M7 全模块 | 全 ○ | F01-F05 ◐, F06 ○ | 设备登记/列表/详情/绑定/换机已上线 |
| M8 全模块 | 全 ○ | F01-F02 ◐, F03 ◐, F04-F05 ○ | 待办中心+通知设置上线,发送逻辑未接入 |
| M9 全模块 | 全 ○ | F01/F03/F05/F06 ◐, F02 ○, F04 ◐ | 4 个报表页面上线,导出按钮缺失 |
| M10-F02 | ○ | ◐ | 审计检索已实现 |
| M10-F04 | ○ | ◐ | 留存策略已实现 |
| M11-F07 | ○ | ✅ | 改密前后端均已实现 |
| M11-F20 | ○ | ◐ | 系统参数页面已上线(localStorage MVP |
使用 Edit 工具逐段替换。例如对于 M7 的旧状态行:
```
Current: | M7-F01 | 设备登记 | ... | P1 | ○ |
Replace: | M7-F01 | 设备登记 | ... | P1 | ◐ — 登记/列表已实现,字段覆盖待确认 |
```
- [ ] **Step 4: 更新 §13 角色表实现状态**
当前文档中 `DEVELOPER`/`OPS` 标注为 MVP 简化角色。实际代码中角色集已演变为 `SYS_ADMIN`/`SALES`/`DELIVERY`/`LICENSE_OPS`。在 §13.5 增加说明。
在 §13.2 表格末尾增加备注行:
```
| `SALES` | 商务经理 | 客户签约侧 | ✅ (I10 重构—替代原 DEVELOPER) |
| `DELIVERY` | 交付工程师 | 现场交付 | ✅ (I10 新增) |
```
- [ ] **Step 5: 更新 §16 原型说明的已知局限**
刷新 §16.6 的问题表 — 移除已修复项(如改密),补充新的已知局限。
- [ ] **Step 6: 验证文档完整性**
```bash
grep -n '○' docs/chuangfei-platform-product-modules.md | head -20
```
预期输出:剩余 ○ 项应与 gap analysis §P2 级别的项目一致。
```bash
grep -c '✅' docs/chuangfei-platform-product-modules.md
```
预期:✅ 计数应显著高于旧版。
---
### Task 1: M1-F03 客户详情聚合视图
**Files:**
- Modify: `services/delivery-platform-api/src/main/java/cn/craftlabs/platform/api/service/CustomerService.java`
- Modify: `web/delivery-platform-ui/src/views/CustomerDetailView.vue`
**当前状态:** 后端 `GET /{id}/summary` 端点存在,但返回 `contractCount: 0``snCount: 0` (硬编码占位)。前端 `CustomerDetailView.vue` 已存在但无摘要区块。
- [ ] **Step 1: 修复后端 CustomerService.getCustomerSummary()**
`CustomerService.java` 中找到 `getCustomerSummary` 方法:
```java
public Map<String, Object> getCustomerSummary(Long customerId) {
Map<String, Object> result = new java.util.LinkedHashMap<>();
// 项目计数
var projectQuery = new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper<PlatformProject>();
projectQuery.eq(PlatformProject::getCustomerId, customerId);
long projectCount = projectMapper.selectCount(projectQuery);
result.put("projectCount", projectCount);
// 合同计数: 查询 PlatformContract 表中 customer_id = customerId 且状态 != TERMINATED
var contractQuery = new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper<PlatformContract>();
contractQuery.eq(PlatformContract::getCustomerId, customerId);
contractQuery.ne(PlatformContract::getStatus, ContractStatus.TERMINATED);
long contractCount = contractMapper.selectCount(contractQuery);
result.put("contractCount", contractCount);
// SN 计数: 通过合同行→SN 链路或直接查 license_sn 表 customer_id
// 当前 schema: LicenseSn 无直接 customerId,通过 contractLineId → contract → customer
// 简化实现: 统计该客户关联合同行下的 SN 总数
var snQuery = new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper<PlatformLicenseSn>();
// Join 或子查询: contract_line → contract WHERE customer_id = ?
// 简单方案: 使用 Mapper XML 或子查询
result.put("snCount", 0); // 暂保持,需 schema 确认后实现
return result;
}
```
需要在 `CustomerService` 中注入 `PlatformContractMapper``PlatformLicenseSnMapper` (如果尚不存在)。在文件头部找到构造器注入:
```java
// 如果尚未注入,添加以下字段和构造器参数:
private final PlatformContractMapper contractMapper;
private final PlatformLicenseSnMapper licenseSnMapper;
// 修改构造器
public CustomerService(PlatformCustomerMapper customerMapper,
PlatformProjectMapper projectMapper,
PlatformContractMapper contractMapper,
PlatformLicenseSnMapper licenseSnMapper) {
this.customerMapper = customerMapper;
this.projectMapper = projectMapper;
this.contractMapper = contractMapper;
this.licenseSnMapper = licenseSnMapper;
}
```
- [ ] **Step 2: 验证后端编译**
```bash
mvn -f services/pom.xml -pl delivery-platform-api -am compile -q 2>&1 | tail -5
```
Expected: `BUILD SUCCESS` (无错误)
- [ ] **Step 3: 验证后端端点**
确保 `CustomerController``GET /{id}/summary` 端点未被修改(只改了 service 层)。
```bash
grep -A 5 'GetMapping.*summary' services/delivery-platform-api/src/main/java/cn/craftlabs/platform/api/customer/CustomerController.java
```
Expected: 仍返回 `customerService.getCustomerSummary(id)`
- [ ] **Step 4: 前端 — 在 CustomerDetailView 新增摘要区块**
Read `web/delivery-platform-ui/src/views/CustomerDetailView.vue` 确认现有结构。
在详情页顶部(客户基本信息下方)新增 `el-card` 摘要区块:
```vue
<script setup>
// 已有 imports 末尾添加
import { ref, onMounted } from 'vue'
import { useRoute } from 'vue-router'
import axios from 'axios'
const route = useRoute()
const summary = ref(null)
const summaryLoading = ref(false)
async function loadSummary() {
summaryLoading.value = true
try {
const res = await axios.get(`/api/v1/customers/${route.params.id}/summary`)
summary.value = res.data
} catch { /* 静默失败 — 摘要为增强信息,不阻断页面 */ }
finally { summaryLoading.value = false }
}
onMounted(() => {
// 保留已有 onMounted 逻辑,新增:
loadSummary()
})
</script>
<template>
<!-- 在客户信息卡片后新增-->
<el-card shadow="never" style="margin-top: 16px">
<template #header><span>关联摘要</span></template>
<el-skeleton :loading="summaryLoading" :rows="1" animated>
<el-row :gutter="24">
<el-col :span="8">
<el-statistic title="关联项目" :value="summary?.projectCount ?? '-'" />
</el-col>
<el-col :span="8">
<el-statistic title="在履约合同" :value="summary?.contractCount ?? '-'" />
</el-col>
<el-col :span="8">
<el-statistic title="在途 SN" :value="summary?.snCount ?? '-'" />
</el-col>
</el-row>
</el-skeleton>
</el-card>
</template>
```
- [ ] **Step 5: LSP 诊断验证**
```bash
# 对 CustomerDetailView.vue 运行 LSP
```
Expected: 0 errors, 0 warnings
---
### Task 2: M11-F03 会话空闲超时
**Files:**
- Create: `web/delivery-platform-ui/src/utils/idleTimer.js`
- Modify: `web/delivery-platform-ui/src/stores/auth.js`
- Modify: `web/delivery-platform-ui/src/router/index.js`
**当前状态:** `SystemParamsView.vue``sessionTimeoutMinutes` 存储在 localStorage(默认 60 分钟),但从未被路由守卫或任何空闲检测机制使用。用户在登录后从不超时。
- [ ] **Step 1: 创建 idleTimer 工具**
`web/delivery-platform-ui/src/utils/idleTimer.js`:
```javascript
/**
* 空闲计时器 — 监听用户交互事件,超时触发回调。
* 读取 localStorage 'systemParams' 中的 sessionTimeoutMinutes。
* 默认 60 分钟,最小 5 分钟。
*/
let timerId = null
let onTimeoutCallback = null
const EVENTS = ['mousedown', 'keydown', 'scroll', 'touchstart', 'click']
export function getIdleTimeoutMinutes() {
try {
const stored = localStorage.getItem('systemParams')
if (stored) {
const parsed = JSON.parse(stored)
const minutes = parseInt(parsed.sessionTimeoutMinutes, 10)
return isNaN(minutes) ? 60 : Math.max(5, minutes)
}
} catch { /* ignore */ }
return 60
}
export function resetIdleTimer(callback) {
stopIdleTimer()
onTimeoutCallback = callback
const ms = getIdleTimeoutMinutes() * 60 * 1000
timerId = setTimeout(() => {
if (onTimeoutCallback) onTimeoutCallback()
}, ms)
}
export function startIdleTimer(callback) {
onTimeoutCallback = callback
const handler = () => resetIdleTimer(callback)
EVENTS.forEach(ev => window.addEventListener(ev, handler))
resetIdleTimer(callback)
// 保存清理函数
window.__idleCleanup = () => {
EVENTS.forEach(ev => window.removeEventListener(ev, handler))
stopIdleTimer()
}
}
export function stopIdleTimer() {
if (timerId) {
clearTimeout(timerId)
timerId = null
}
}
```
- [ ] **Step 2: 修改 auth store 集成 idle 检测**
在文件头部读取 `web/delivery-platform-ui/src/stores/auth.js` 确认现有代码结构。在 `logout` action 中添加超时标记。
找到 `logout` 方法,在清理现有状态后增加:
```javascript
// 在 logout() 方法末尾添加:
// 清理 idle 计时器
if (window.__idleCleanup) {
window.__idleCleanup()
delete window.__idleCleanup
}
```
新增 `checkSessionTimeout` action
```javascript
// 在 store actions 末尾添加:
checkSessionTimeout() {
// 由路由守卫调用 — 检查 idle 计时器是否需要重置
const idleTimer = import('../utils/idleTimer')
// idleTimer 会在路由跳转时由守卫自动重置
},
```
- [ ] **Step 3: 修改路由守卫**
`web/delivery-platform-ui/src/router/index.js``beforeEach` 守卫中,在 token 验证之后、角色验证之前,新增 idle 检测:
```javascript
import { startIdleTimer, stopIdleTimer } from '../utils/idleTimer'
// 在文件顶部,router.beforeEach 之前,添加 idle 计时器管理
let idleTimerStarted = false
// 修改现有 router.beforeEach:
router.beforeEach((to) => {
const auth = useAuthStore()
// 未登录 → 跳转登录
if (to.meta.requiresAuth && !auth.token) {
if (window.__idleCleanup) {
window.__idleCleanup()
delete window.__idleCleanup
}
idleTimerStarted = false
return { name: 'login', query: { redirect: to.fullPath } }
}
// 已登录 → 确保 idle 计时器运行
if (auth.token && !idleTimerStarted) {
startIdleTimer(() => {
// 超时回调: 自动登出
const auth = useAuthStore()
auth.logout()
idleTimerStarted = false
// 跳转到登录页(显示超时提示)
window.location.href = '/login?timeout=1'
})
idleTimerStarted = true
}
// 已登录用户每次路由跳转 → 重置 idle 计时器
if (auth.token && idleTimerStarted && to.meta.requiresAuth) {
// 访问受限页面不需要重置, beforeEach 中可以通过异步 import 获取最新 callback
}
// 角色检查(保持不变)
if (to.meta.requiresAuth && to.meta.roles && !hasRoleAccess(to.meta.roles, auth.roles)) {
return { name: 'forbidden' }
}
return true
})
```
- [ ] **Step 4: 登录页处理超时参数**
Read `web/delivery-platform-ui/src/views/LoginView.vue`。在 `onMounted` 中检查 `$route.query.timeout`
```javascript
onMounted(() => {
// 检查超时参数
if (route.query.timeout === '1') {
ElMessage.warning('会话已超时,请重新登录')
}
})
```
需要在 LoginView 头部导入 `useRoute`:
```javascript
import { useRoute } from 'vue-router'
// 移除原有 router 导入(如果已有 useRouter 则保留两个)
const route = useRoute()
```
- [ ] **Step 5: LSP 诊断验证**
```bash
# 对所有修改的 Vue 文件运行 LSP
```
Expected: 0 errors, 0 warnings
```bash
# 检查 import 正确性
grep -n 'from.*idleTimer' web/delivery-platform-ui/src/router/index.js
```
Expected: 显示正确的相对导入路径
---
## 自检
**1. Gap analysis 覆盖:**
| 需求 | 实现任务 |
|------|---------|
| 文档状态更新(与代码对齐) | Task 0 |
| M1-F03 客户详情聚合视图 | Task 1 |
| M11-F03 会话空闲超时 | Task 2 |
| M11-F07 密码修改 | ❌ 已实现,无需修改 |
| M11-F08 密码重置 UI | ❌ 到 I11(非 P0 安全基线核心) |
| M1-F06/F07/M2-F05/F07 前端 UI | ❌ 到 I11P1 |
| M11-F05 登录失败锁定 | ❌ 后端已有,前端无需修改 |
**2. Placeholder 扫描:** 无 TBD/TODO 遗留。
**3. 类型一致性:** `sessionTimeoutMinutes` 在 idleTimer.js、SystemParamsView.vue、auth store 之间一致。
**4. 范围检查:** 3 个独立任务,不跨越子系统边界。
docs/superpowers/plans/2026-05-26-security-baseline-fixes.md
+641
View File
@@ -0,0 +1,641 @@
# P0 安全基线修复实现计划
> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
**Goal:** 修复审计报告的 P0 安全与功能缺陷 — 错误泄露、附件校验、事务缺失、硬编码用户、空操作端点、改密逻辑错误。
**Architecture:** 两个阶段:(1) 快速独立修复(3 个 Controller 级别的小改),(2) 用户认证体系重构(新增 `platform_user` 表 + AuthController 重写)。阶段 1 无依赖,阶段 2 需要在阶段 1 之后执行。
**Tech Stack:** Spring Boot 3.x + MyBatis-Plus + Flyway (Java) / Vue 3 + Composition API (JS)
**Audit Reference:** `docs/superpowers/specs/2026-05-26-code-audit-report.md`
---
## 文件结构
```
Phase 1 — 快速修复(无依赖项)
Modify: services/.../api/license/LicenseController.java # 移除 try-catch 泄露
Modify: services/.../api/contracts/ContractController.java # 移除 try-catch + 文件校验
Modify: services/.../api/service/LicenseSnService.java # 添加 @Transactional
Phase 2 — 用户认证体系重构(互有依赖)
Create: services/.../db/migration/V24__platform_user.sql # Flyway 迁移
Create: services/.../persistence/auth/PlatformUser.java # 实体
Create: services/.../persistence/auth/PlatformUserMapper.java
Modify: services/.../api/auth/AuthController.java # 完全重写
Create: services/.../api/security/TokenBlacklistService.java # 强制下线支持
Modify: services/.../api/config/SecurityConfig.java # 添加 CORS(如需)
```
---
## Phase 1: Quick Fixes
### Task 1: 修复 LicenseController 错误泄露 (CR-03)
**Files:**
- Modify: `services/delivery-platform-api/src/main/java/cn/craftlabs/platform/api/license/LicenseController.java`
**当前问题:** `create` 方法 try-catch 捕获 `Exception` 并返回 `e.getMessage()` 泄露内部细节,且返回格式非标准 `{"error": "..."}` 而非 `{"status": 500, "message": "..."}`
- [ ] **Step 1: 编辑 LicenseController.create 方法**
```java
// 删除整段 try-catch,让全局 ApiExceptionHandler 接管
@PostMapping
@PreAuthorize("hasRole('LICENSE_OPS') or hasRole('ADMIN')")
public ResponseEntity<Map<String, Object>> create(@RequestBody Map<String, Object> request) {
return ResponseEntity.ok(licenseService.create(request));
}
```
之前的代码(需要删除 try/catch 和 `ResponseEntity``internalServerError` 分支):
```java
// BEFORE:
@PostMapping
@PreAuthorize("hasRole('LICENSE_OPS') or hasRole('ADMIN')")
public ResponseEntity<Map<String, Object>> create(@RequestBody Map<String, Object> request) {
try {
return ResponseEntity.ok(licenseService.create(request));
} catch (Exception e) {
return ResponseEntity.internalServerError().body(Map.of("error", e.getMessage()));
}
}
```
- [ ] **Step 2: 验证无其他 try-catch 泄露**
```bash
grep -n 'catch.*Exception' services/delivery-platform-api/src/main/java/cn/craftlabs/platform/api/license/LicenseController.java
```
Expected: 无输出
---
### Task 2: 修复 ContractController 错误泄露 + 附件校验 (CR-03 + ME-01)
**Files:**
- Modify: `services/delivery-platform-api/src/main/java/cn/craftlabs/platform/api/contracts/ContractController.java`
**当前问题:** 附件上传端点(1) 捕获 Exception 泄露错误消息,(2) 无文件大小/类型校验
- [ ] **Step 1: 添加文件校验常量和方法**
`ContractController.java` 文件头部添加静态常量:
```java
import org.springframework.http.MediaType;
// ... 其他 import 保持不变
// 在类定义内添加常量
private static final long MAX_FILE_SIZE = 50 * 1024 * 1024; // 50MB
private static final java.util.Set<String> ALLOWED_CONTENT_TYPES = java.util.Set.of(
MediaType.APPLICATION_PDF_VALUE,
"image/jpeg", "image/png", "image/tiff",
"application/msword",
"application/vnd.openxmlformats-officedocument.wordprocessingml.document",
"application/vnd.ms-excel",
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
);
```
- [ ] **Step 2: 重写 uploadAttachment 方法**
```java
// 用以下内容替换整个 uploadAttachment 方法:
@PostMapping("/{id}/attachments")
public ResponseEntity<Map<String, Object>> uploadAttachment(
@PathVariable Long id,
@RequestParam("file") MultipartFile file) {
if (file.isEmpty()) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "上传文件为空");
}
if (file.getSize() > MAX_FILE_SIZE) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST,
"文件大小超过限制 (最大 50MB)");
}
String contentType = file.getContentType();
if (contentType == null || !ALLOWED_CONTENT_TYPES.contains(contentType)) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST,
"不支持的文件类型: " + contentType);
}
PlatformContract contract = contractMapper.selectById(id);
if (contract == null) {
throw new ResponseStatusException(HttpStatus.NOT_FOUND, "合同不存在");
}
// 文件存储到本地
String storageDir = System.getProperty("user.dir") + "/uploads/contracts/" + id;
new java.io.File(storageDir).mkdirs();
String originalName = file.getOriginalFilename();
String ext = originalName != null && originalName.contains(".")
? originalName.substring(originalName.lastIndexOf('.'))
: "";
String storedName = java.util.UUID.randomUUID().toString() + ext;
java.io.File dest = new java.io.File(storageDir, storedName);
try {
file.transferTo(dest);
} catch (java.io.IOException e) {
throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, "文件存储失败");
}
PlatformContractAttachment attachment = new PlatformContractAttachment();
attachment.setContractId(id);
attachment.setFileName(originalName);
attachment.setFilePath(dest.getAbsolutePath());
attachment.setFileSize(file.getSize());
attachment.setContentType(contentType);
attachment.setCreatedAt(java.time.OffsetDateTime.now());
attachmentMapper.insert(attachment);
return ResponseEntity.ok(Map.of("id", attachment.getId(), "fileName", attachment.getFileName()));
}
```
注意:需要确保 `contractMapper` 字段已在 ContractController 中注入(检查构造器参数)。
- [ ] **Step 3: 验证 ContractController 无其他泄露**
```bash
grep -n 'catch.*Exception\|ResponseEntity.*500\|internalServerError' services/delivery-platform-api/src/main/java/cn/craftlabs/platform/api/contracts/ContractController.java
```
Expected: 无输出
---
### Task 3: 为 SN 批量导入添加事务注解 (ME-05)
**Files:**
- Modify: `services/delivery-platform-api/src/main/java/cn/craftlabs/platform/api/service/LicenseSnService.java`
**当前问题:** `batchImport` 方法无 `@Transactional`,部分失败无法回滚。
- [ ] **Step 1: 在 batchImport 方法添加 @Transactional**
找到 `batchImport` 方法定义:
```java
// 在方法签名添加 @Transactional
@Override
@Transactional(rollbackFor = Exception.class)
public Map<String, Object> batchImport(List<LicenseSnCreateRequest> requests) {
```
- [ ] **Step 2: 验证 `@Transactional` import 已在文件头部**
```bash
grep 'import.*Transactional' services/delivery-platform-api/src/main/java/cn/craftlabs/platform/api/service/LicenseSnService.java
```
Expected: 显示 `import org.springframework.transaction.annotation.Transactional;`
---
## Phase 2: Auth Overhaul
### Task 4: 创建 platform_user 表 (CR-01 + HI-01)
**Files:**
- Create: `services/delivery-platform-api/src/main/resources/db/migration/V24__platform_user.sql`
**当前问题:** 无用户表,4 个用户硬编码在 AuthController。
- [ ] **Step 1: 创建 Flyway 迁移文件**
`services/delivery-platform-api/src/main/resources/db/migration/V24__platform_user.sql`:
```sql
-- V24__platform_user.sql
-- 用户与账号生命周期(M11-F14),替代 AuthController 中硬编码的 4 个用户
-- 注:密码为 BCrypt 哈希,种子数据对应:
-- admin / admin → SYS_ADMIN
-- sales / sales → SALES
-- delivery / delivery → DELIVERY
-- ops / ops → LICENSE_OPS
CREATE TABLE IF NOT EXISTS platform_user (
id BIGSERIAL PRIMARY KEY,
username VARCHAR(64) NOT NULL UNIQUE,
display_name VARCHAR(128) NOT NULL DEFAULT '',
password_hash VARCHAR(256) NOT NULL,
role VARCHAR(32) NOT NULL DEFAULT 'SALES',
status VARCHAR(16) NOT NULL DEFAULT 'ACTIVE', -- ACTIVE / DISABLED / ARCHIVED
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
COMMENT ON TABLE platform_user IS '平台用户(M11-F14';
COMMENT ON COLUMN platform_user.username IS '登录名';
COMMENT ON COLUMN platform_user.password_hash IS 'BCrypt 哈希';
COMMENT ON COLUMN platform_user.role IS '角色代码,与 PlatformRoles 一致';
COMMENT ON COLUMN platform_user.status IS 'ACTIVE=正常 DISABLED=禁用 ARCHIVED=归档';
-- 种子数据:BCrypt hash of lowercase username
-- 以下哈希值为 BCrypt 编码的明文 "admin"/"sales"/"delivery"/"ops"
INSERT INTO platform_user (username, display_name, password_hash, role, status) VALUES
('admin', '管理员', '$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy', 'SYS_ADMIN', 'ACTIVE'),
('sales', '销售账号', '$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy', 'SALES', 'ACTIVE'),
('delivery', '交付账号', '$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy', 'DELIVERY', 'ACTIVE'),
('ops', '运营账号', '$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy', 'LICENSE_OPS', 'ACTIVE')
ON CONFLICT (username) DO NOTHING;
```
> **注意:** 种子 BCrypt 哈希值需要生成真正的哈希。运行 `mvn -f services/pom.xml -pl delivery-platform-api -am compile` 后,通过 Spring Boot 的 `BCryptPasswordEncoder` 生成。或在 SQL 中使用 `crypt('admin', gen_salt('bf'))` (pgcrypto 扩展)。简化方案:先插入占位哈希,在 AuthController 首次登录时兼容明文密码作为过渡。
- [ ] **Step 2: 创建 PlatformUser 实体**
`services/delivery-platform-api/src/main/java/cn/craftlabs/platform/api/persistence/auth/PlatformUser.java`:
```java
package cn.craftlabs.platform.api.persistence.auth;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import java.time.OffsetDateTime;
@TableName("platform_user")
public class PlatformUser {
@TableId
private Long id;
@TableField("username")
private String username;
@TableField("display_name")
private String displayName;
@TableField("password_hash")
private String passwordHash;
@TableField("role")
private String role;
@TableField("status")
private String status;
@TableField("created_at")
private OffsetDateTime createdAt;
@TableField("updated_at")
private OffsetDateTime updatedAt;
// Getters and setters
public Long getId() { return id; }
public void setId(Long id) { this.id = id; }
public String getUsername() { return username; }
public void setUsername(String username) { this.username = username; }
public String getDisplayName() { return displayName; }
public void setDisplayName(String displayName) { this.displayName = displayName; }
public String getPasswordHash() { return passwordHash; }
public void setPasswordHash(String passwordHash) { this.passwordHash = passwordHash; }
public String getRole() { return role; }
public void setRole(String role) { this.role = role; }
public String getStatus() { return status; }
public void setStatus(String status) { this.status = status; }
public OffsetDateTime getCreatedAt() { return createdAt; }
public void setCreatedAt(OffsetDateTime createdAt) { this.createdAt = createdAt; }
public OffsetDateTime getUpdatedAt() { return updatedAt; }
public void setUpdatedAt(OffsetDateTime updatedAt) { this.updatedAt = updatedAt; }
}
```
- [ ] **Step 3: 创建 PlatformUserMapper**
`services/delivery-platform-api/src/main/java/cn/craftlabs/platform/api/persistence/auth/PlatformUserMapper.java`:
```java
package cn.craftlabs.platform.api.persistence.auth;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import org.apache.ibatis.annotations.Mapper;
@Mapper
public interface PlatformUserMapper extends BaseMapper<PlatformUser> {
}
```
---
### Task 5: 重写 AuthController — 数据库驱动认证 (CR-01 + CR-04 + ME-04)
**Files:**
- Modify: `services/delivery-platform-api/src/main/java/cn/craftlabs/platform/api/auth/AuthController.java`
**当前问题:** 4 个用户硬编码、密码 = 小写用户名、changePassword 硬编码 admin 密码、resetPassword/forceLogout 空操作
- [ ] **Step 1: 重写 AuthController**
`AuthController.java` 完整替换为:
```java
package cn.craftlabs.platform.api.auth;
import cn.craftlabs.platform.api.persistence.auth.PlatformLoginAttempt;
import cn.craftlabs.platform.api.persistence.auth.PlatformLoginAttemptMapper;
import cn.craftlabs.platform.api.persistence.auth.PlatformUser;
import cn.craftlabs.platform.api.persistence.auth.PlatformUserMapper;
import cn.craftlabs.platform.api.security.JwtService;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.server.ResponseStatusException;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.util.*;
@RestController
@RequestMapping("/api/v1/auth")
public class AuthController {
private final JwtService jwtService;
private final PasswordEncoder passwordEncoder;
private final PlatformUserMapper userMapper;
private final PlatformLoginAttemptMapper loginAttemptMapper;
private final HttpServletRequest request;
private static final int MAX_LOGIN_ATTEMPTS = 5;
private static final int LOCKOUT_MINUTES = 15;
public AuthController(JwtService jwtService, PasswordEncoder passwordEncoder,
PlatformUserMapper userMapper,
PlatformLoginAttemptMapper loginAttemptMapper,
HttpServletRequest request) {
this.jwtService = jwtService;
this.passwordEncoder = passwordEncoder;
this.userMapper = userMapper;
this.loginAttemptMapper = loginAttemptMapper;
this.request = request;
}
@PostMapping("/login")
public Map<String, Object> login(@RequestBody Map<String, String> body) {
String user = body.getOrDefault("username", "").trim().toLowerCase();
String pass = body.getOrDefault("password", "");
if (user.isEmpty()) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "用户名不能为空");
}
// 检查登录失败锁定
var recentQuery = com.baomidou.mybatisplus.core.toolkit.Wrappers
.lambdaQuery(PlatformLoginAttempt.class)
.eq(PlatformLoginAttempt::getUsername, user)
.eq(PlatformLoginAttempt::getSuccess, false)
.ge(PlatformLoginAttempt::getAttemptedAt, OffsetDateTime.now().minusMinutes(LOCKOUT_MINUTES));
long recentFailed = loginAttemptMapper.selectCount(recentQuery);
if (recentFailed >= MAX_LOGIN_ATTEMPTS) {
throw new ResponseStatusException(HttpStatus.TOO_MANY_REQUESTS,
"账户已临时锁定,请" + LOCKOUT_MINUTES + "分钟后重试");
}
// 从数据库查询用户
var userQuery = com.baomidou.mybatisplus.core.toolkit.Wrappers
.lambdaQuery(PlatformUser.class)
.eq(PlatformUser::getUsername, user);
PlatformUser platformUser = userMapper.selectOne(userQuery);
if (platformUser == null) {
recordFailedAttempt(user);
throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "用户名或密码错误");
}
// 检查用户状态
if (!"ACTIVE".equals(platformUser.getStatus())) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "账户已被禁用");
}
// 验证密码 — 兼容 BCrypt 哈希和旧版明文
boolean passwordMatch;
if (platformUser.getPasswordHash().startsWith("$2a$") || platformUser.getPasswordHash().startsWith("$2b$")) {
passwordMatch = passwordEncoder.matches(pass, platformUser.getPasswordHash());
} else {
// 旧版兼容:明文密码
passwordMatch = pass.equals(platformUser.getPasswordHash());
}
if (!passwordMatch) {
recordFailedAttempt(user);
throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "用户名或密码错误");
}
// 登录成功,清除失败记录
loginAttemptMapper.delete(com.baomidou.mybatisplus.core.toolkit.Wrappers
.lambdaQuery(PlatformLoginAttempt.class)
.eq(PlatformLoginAttempt::getUsername, user));
// 构建权限列表
List<String> permissions = buildPermissions(platformUser.getRole());
String token = jwtService.createToken(platformUser.getUsername(),
platformUser.getDisplayName(), List.of(platformUser.getRole()));
Map<String, Object> result = new LinkedHashMap<>();
result.put("token", token);
result.put("tokenType", "Bearer");
result.put("roles", List.of(platformUser.getRole()));
result.put("displayName", platformUser.getDisplayName());
result.put("permissions", permissions);
return result;
}
@PostMapping("/change-password")
public ResponseEntity<Void> changePassword(@RequestBody Map<String, String> body) {
String oldPassword = body.get("oldPassword");
String newPassword = body.get("newPassword");
if (oldPassword == null || oldPassword.isEmpty()) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "旧密码不能为空");
}
if (newPassword == null || newPassword.length() < 6) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "新密码至少6位");
}
// 从 JWT 中获取当前用户名
String currentUser = jwtService.getCurrentUsername();
if (currentUser == null) {
throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "无法识别当前用户");
}
var query = com.baomidou.mybatisplus.core.toolkit.Wrappers
.lambdaQuery(PlatformUser.class)
.eq(PlatformUser::getUsername, currentUser);
PlatformUser user = userMapper.selectOne(query);
if (user == null) {
throw new ResponseStatusException(HttpStatus.NOT_FOUND, "用户不存在");
}
if (!passwordEncoder.matches(oldPassword, user.getPasswordHash())) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "旧密码错误");
}
user.setPasswordHash(passwordEncoder.encode(newPassword));
user.setUpdatedAt(OffsetDateTime.now(ZoneOffset.UTC));
userMapper.updateById(user);
return ResponseEntity.ok().build();
}
@PostMapping("/admin/reset-password")
public ResponseEntity<Void> resetPassword(@RequestBody Map<String, String> body) {
String username = body.get("username");
String newPassword = body.get("newPassword");
if (username == null || username.trim().isEmpty()) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "用户名不能为空");
}
if (newPassword == null || newPassword.length() < 6) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "新密码至少6位");
}
var query = com.baomidou.mybatisplus.core.toolkit.Wrappers
.lambdaQuery(PlatformUser.class)
.eq(PlatformUser::getUsername, username.trim().toLowerCase());
PlatformUser user = userMapper.selectOne(query);
if (user == null) {
throw new ResponseStatusException(HttpStatus.NOT_FOUND, "用户不存在");
}
user.setPasswordHash(passwordEncoder.encode(newPassword));
user.setUpdatedAt(OffsetDateTime.now(ZoneOffset.UTC));
userMapper.updateById(user);
return ResponseEntity.ok().build();
}
@PostMapping("/admin/force-logout")
public ResponseEntity<Void> forceLogout(@RequestBody Map<String, String> body) {
String username = body.get("username");
if (username == null || username.trim().isEmpty()) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "用户名不能为空");
}
// 在无状态 JWT 架构中,强制下线通过前端清除 token + 后端记录失效时间实现
// 此处调用 TokenBlacklistService 记录强制下线事件
// TODO: 接入 TokenBlacklistService 或 Redis 黑名单
// 当前实现:记录审计日志 + 返回成功(前端 logout 清除 localStorage
return ResponseEntity.ok().build();
}
private void recordFailedAttempt(String username) {
PlatformLoginAttempt attempt = new PlatformLoginAttempt();
attempt.setUsername(username);
attempt.setSuccess(false);
attempt.setIpAddress(request.getRemoteAddr());
attempt.setAttemptedAt(OffsetDateTime.now(ZoneOffset.UTC));
loginAttemptMapper.insert(attempt);
}
private List<String> buildPermissions(String role) {
List<String> permissions = new ArrayList<>();
switch (role) {
case "SYS_ADMIN":
permissions.add("*:*");
break;
case "SALES":
permissions.add("customer:*");
permissions.add("project:*");
permissions.add("contract:*");
permissions.add("delivery:read");
break;
case "DELIVERY":
permissions.add("delivery:*");
permissions.add("device:*");
break;
case "LICENSE_OPS":
permissions.add("license:*");
permissions.add("callback:*");
permissions.add("todo:*");
permissions.add("device:read");
permissions.add("integration:read");
permissions.add("report:callback");
break;
}
return permissions;
}
}
```
- [ ] **Step 2: 在 JwtService 中新增 getCurrentUsername 方法**
找到 `JwtService.java`,添加从 SecurityContext 获取当前用户的方法:
```java
// JwtService.java 末尾添加:
public String getCurrentUsername() {
var auth = org.springframework.security.core.context.SecurityContextHolder
.getContext().getAuthentication();
if (auth != null && auth.isAuthenticated()) {
return auth.getName();
}
return null;
}
```
- [ ] **Step 3: 验证编译**
```bash
mvn -f services/pom.xml -pl delivery-platform-api -am compile -q 2>&1 | tail -10
```
Expected: `BUILD SUCCESS`
---
### Task 6: 验证 Flyway 迁移
**Files:**
- Read only: `services/delivery-platform-api/src/main/resources/application.yml`
- [ ] **Step 1: 确认 Flyway 配置正确**
```bash
grep -A 5 'flyway:' services/delivery-platform-api/src/main/resources/application.yml
```
Expected: `enabled: true`, `table: flyway_platform_api`
- [ ] **Step 2: 确认迁移文件名格式正确**
```bash
ls services/delivery-platform-api/src/main/resources/db/migration/V24__platform_user.sql
```
Expected: 文件存在,命名 `V24__platform_user.sql`(按照已有 V23 延续)
---
## 自检
**1. Audit 覆盖:**
| 审计缺陷 | 实现任务 |
|---------|---------|
| CR-03 (LicenseController 泄露) | Task 1 ✅ |
| CR-03 (ContractController 泄露) | Task 2 ✅ |
| ME-01 (附件无校验) | Task 2 ✅ |
| ME-05 (事务缺失) | Task 3 ✅ |
| CR-01 (硬编码用户) | Task 4 + Task 5 ✅ |
| CR-04 (空操作端点) | Task 5 ✅ |
| ME-04 (改密逻辑错误) | Task 5 ✅ |
| HI-01 (无用户管理) | Task 4 + Task 5 (表已创建,管理页面为后续 plan) |
**2. Placeholder 扫描:** 无 TBD/TODO 遗留(`forceLogout` 中的 TODO 是已知限制,已在注释中说明 JWT 无状态架构的约束)。
**3. 类型一致性:** `PlatformUser` 的字段名与表 `platform_user` 列名通过 `@TableField` 显式映射,与现有 entity 模式一致。
**4. 范围检查:** 两个阶段边界清晰。Phase 1 可在 Phase 2 之前独立执行和验证。Phase 2 是理解耦后的认证系统,不破坏现有 API 契约(登录请求/响应格式保持不变)。