feat: add login API

Author: lu-yg

app/src/main/java/com/tinyengine/it/config/context/DefaultLoginUserContext.java

@@ -0,0 +1,33 @@
+drop table if exists `t_permission_role`;
+
+create table `t_permission_role`
+(
+    `id`                int          not null auto_increment comment '主键id',
+    `name`           varchar(255) not null comment '名称',
+    `description`       varchar(2000) comment '描述',
+    `created_by`        varchar(60)  not null comment '创建人',
+    `created_time`      timestamp    not null default current_timestamp comment '创建时间',
+    `last_updated_by`   varchar(60)  not null comment '最后修改人',
+    `last_updated_time` timestamp    not null default current_timestamp comment '更新时间',
+    primary key (`id`) using btree,
+    unique index `u_idx_permission_role` (`name_cn`) using btree
+) engine = innodb comment = '';
+
+drop table if exists `t_auth_usesr_units_roles`;
+
+create table `t_auth_users_units_roles`
+(
+    `id`                int          not null auto_increment comment '主键id',
+    `user_id`           int          not null comment '用户',
+    `unit_id`           int          not null comment '业务单元',
+    `unit_type`         int          not null comment '业务单元类型',
+    `tenant_id`         int          not null comment '组织id',
+    `role_id`           int          not null comment '角色id',
+    `expired_time`      timestamp  comment '过期时间',
+    `created_by`        varchar(60)  not null comment '创建人',
+    `created_time`      timestamp    not null default current_timestamp comment '创建时间',
+    `last_updated_by`   varchar(60)  not null comment '最后修改人',
+    `last_updated_time` timestamp    not null default current_timestamp comment '更新时间',
+    primary key (`id`) using btree,
+    unique index `u_idx_auth_users_units_roles` (`user_id, unit_id, unit_type`) using btree
+) engine = innodb comment = '';

app/src/main/resources/sql/mysql/create_permission_table_ddl_2025_1029.sql

@@ -11,3 +11,10 @@ INSERT INTO `t_business_category` (`id`, `code`, `name`, `business_group`, `tena
 INSERT INTO `t_business_category` (`id`, `code`, `name`, `business_group`, `tenant_id`, `renter_id`, `site_id`, `created_by`, `created_time`, `last_updated_by`, `last_updated_time`) VALUES (11, 'governmentAgency', '政府机构', '行业', '1', '1', '1', '1', '2025-10-14 00:26:27', '1', '2025-10-14 00:26:27');
 INSERT INTO `t_business_category` (`id`, `code`, `name`, `business_group`, `tenant_id`, `renter_id`, `site_id`, `created_by`, `created_time`, `last_updated_by`, `last_updated_time`) VALUES (12, 'Internet', '互联网', '行业', '1', '1', '1', '1', '2025-10-14 00:26:27', '1', '2025-10-14 00:26:27');
 INSERT INTO `t_business_category` (`id`, `code`, `name`, `business_group`, `tenant_id`, `renter_id`, `site_id`, `created_by`, `created_time`, `last_updated_by`, `last_updated_time`) VALUES (13, 'serviceTraining', '服务培训', '行业', '1', '1', '1', '1', '2025-10-14 00:26:27', '1', '2025-10-14 00:26:27');
+
+INSERT INTO `t_permission_role` (`id`, `name`, `description`, `created_by`, `created_time`, `last_updated_by`, `last_updated_time`) VALUES (1, 'Tinybuilder_Admin', '超级管理员', '1', '2025-10-29 01:37:10', '1', '2025-10-29 01:37:10');
+INSERT INTO `t_permission_role` (`id`, `name`, `description`, `created_by`, `created_time`, `last_updated_by`, `last_updated_time`) VALUES (2, 'Tinybuilder_Tenant_Admin', '组织管理员', '1', '2025-10-29 01:37:36', '1', '2025-10-29 01:37:36');
+INSERT INTO `t_permission_role` (`id`, `name`, `description`, `created_by`, `created_time`, `last_updated_by`, `last_updated_time`) VALUES (3, 'Tinybuilder_Platform_Admin', '设计器管理员', '1', '2025-10-29 01:38:00', '1', '2025-10-29 01:38:00');
+INSERT INTO `t_permission_role` (`id`, `name`, `description`, `created_by`, `created_time`, `last_updated_by`, `last_updated_time`) VALUES (4, 'Tinybuilder_App_Admin', '应用管理员', '1', '2025-10-29 01:39:06', '1', '2025-10-29 01:39:06');
+INSERT INTO `t_permission_role` (`id`, `name`, `description`, `created_by`, `created_time`, `last_updated_by`, `last_updated_time`) VALUES (5, 'Tinybuilder_App_Developer', '应用开发者', '1', '2025-10-29 01:39:26', '1', '2025-10-29 01:39:26');
+INSERT INTO `t_permission_role` (`id`, `name`, `description`, `created_by`, `created_time`, `last_updated_by`, `last_updated_time`) VALUES (6, 'Guest', '游客', '1', '2025-10-29 01:39:38', '1', '2025-10-29 01:39:38');

app/src/main/resources/sql/mysql/init_data_2025_1023.sql

@@ -17,4 +17,7 @@ ALTER TABLE t_app_extension ADD INDEX u_idx_app_extension (`tenant_id`, `platfor
 ALTER TABLE t_model ADD COLUMN app_id INT AFTER id;
 ALTER TABLE t_model ADD COLUMN platform_id INT AFTER app_id;
 ALTER TABLE t_model DROP INDEX u_idx_model;
-ALTER TABLE t_model ADD INDEX u_idx_model (`tenant_id`, `platform_id`, `app_id`, `name_cn`,`version`);
+ALTER TABLE t_model ADD INDEX u_idx_model (`tenant_id`, `platform_id`, `app_id`, `name_cn`,`version`);
+
+ALTER TABLE t_user ADD COLUMN password VARCHAR(200) AFTER username;
+ALTER TABLE t_user ADD COLUMN salt VARCHAR(200) AFTER password;

app/src/main/resources/sql/mysql/update_table_ddl_2025_1014.sql

@@ -34,12 +34,6 @@ public interface LoginUserContext {
      */
     String getRenterId();
 
-    /**
-     * 返回当前应用信息
-     * @return 应用ID
-     */
-    int getAppId();
-
     /**
      * 返回当前设计器信息
      * @return 设计器ID

base/src/main/java/com/tinyengine/it/common/context/LoginUserContext.java

@@ -187,7 +187,7 @@ public Result<Resource> createResource(@Valid @RequestBody Resource resource) th
     })
     @SystemControllerLog(description = "上传图片")
     @PostMapping("/resource/upload")
-    public Result<Resource> resourceUpload(@RequestParam MultipartFile file) throws Exception {
+    public Result<Resource> resourceUpload(@RequestParam MultipartFile file, Integer appId) throws Exception {
         // 获取文件的原始名称
         String fileName = StringUtils.cleanPath(java.util.Optional.ofNullable(file.getOriginalFilename()).orElse("image"));
 
@@ -202,7 +202,7 @@ public Result<Resource> resourceUpload(@RequestParam MultipartFile file) throws
         Resource resource = new Resource();
         resource.setName(fileName);
         resource.setResourceData(base64);
-        resource.setAppId(loginUserContext.getAppId());
+        resource.setAppId(appId);
         Resource result = resourceService.resourceUpload(resource);
         return Result.success(result);
     }

base/src/main/java/com/tinyengine/it/controller/ResourceController.java

@@ -0,0 +1,154 @@
+package com.tinyengine.it.login.Utils;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.SecretKey;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+@Component
+public class JwtUtil {
+
+    private static final long EXPIRATION_TIME = 3600000; // 1小时
+    private static final String SECRET_STRING = "your-secret-key-at-least-32-chars-long-here";
+    private static final SecretKey SECRET_KEY = Keys.hmacShaKeyFor(SECRET_STRING.getBytes());
+
+    /**
+     * 生成包含完整用户信息的 JWT Token
+     */
+    public String generateToken(String username, String roles, String userId,
+        String tenantId, String renterId, Integer platformId, String siteId) {
+        Map<String, Object> claims = new HashMap<>();
+        claims.put("username", username);
+        claims.put("roles", roles);
+        claims.put("userId", userId);
+        claims.put("tenantId", tenantId);
+        claims.put("renterId", renterId);
+        claims.put("platformId", platformId);
+        claims.put("siteId", siteId);
+
+        return Jwts.builder()
+                .claims(claims)
+                .subject(username)
+                .issuedAt(new Date())
+                .expiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
+                .signWith(SECRET_KEY)
+                .compact();
+    }
+
+    /**
+     * 从 Token 中获取用户名
+     */
+    public String getUsernameFromToken(String token) {
+        try {
+            Claims claims = Jwts.parser()
+                    .verifyWith(SECRET_KEY)
+                    .build()
+                    .parseSignedClaims(token)
+                    .getPayload();
+
+            return claims.getSubject();
+        } catch (Exception e) {
+            System.err.println("Failed to get username from token: " + e.getMessage());
+            return null;
+        }
+    }
+
+    /**
+     * 从 Token 中获取角色信息
+     */
+    public String getRolesFromToken(String token) {
+        return getClaimFromToken(token, "roles", String.class);
+    }
+
+    /**
+     * 从 Token 中获取用户ID
+     */
+    public String getUserIdFromToken(String token) {
+        return getClaimFromToken(token, "userId", String.class);
+    }
+
+    /**
+     * 从 Token 中获取租户ID
+     */
+    public String getTenantIdFromToken(String token) {
+        return getClaimFromToken(token, "tenantId", String.class);
+    }
+
+    /**
+     * 从 Token 中获取业务租户ID
+     */
+    public String getRenterIdFromToken(String token) {
+        return getClaimFromToken(token, "renterId", String.class);
+    }
+
+    /**
+     * 从 Token 中获取平台ID
+     */
+    public Integer getPlatformIdFromToken(String token) {
+        return getClaimFromToken(token, "platformId", Integer.class);
+    }
+
+    /**
+     * 从 Token 中获取站点ID
+     */
+    public String getSiteIdFromToken(String token) {
+        return getClaimFromToken(token, "siteId", String.class);
+    }
+
+    /**
+     * 通用的claim获取方法
+     */
+    private <T> T getClaimFromToken(String token, String claimName, Class<T> clazz) {
+        try {
+            Claims claims = Jwts.parser()
+                    .verifyWith(SECRET_KEY)
+                    .build()
+                    .parseSignedClaims(token)
+                    .getPayload();
+
+            return claims.get(claimName, clazz);
+        } catch (Exception e) {
+            System.err.println("Failed to get claim '" + claimName + "' from token: " + e.getMessage());
+            return null;
+        }
+    }
+
+    /**
+     * 验证 Token 是否有效
+     */
+    public boolean validateToken(String token) {
+        try {
+            Jwts.parser()
+                    .verifyWith(SECRET_KEY)
+                    .build()
+                    .parseSignedClaims(token);
+            return true;
+        } catch (Exception e) {
+            System.err.println("Token validation failed: " + e.getMessage());
+            return false;
+        }
+    }
+
+    /**
+     * 检查 Token 是否过期
+     */
+    public boolean isTokenExpired(String token) {
+        try {
+            Claims claims = Jwts.parser()
+                    .verifyWith(SECRET_KEY)
+                    .build()
+                    .parseSignedClaims(token)
+                    .getPayload();
+
+            return claims.getExpiration().before(new Date());
+        } catch (Exception e) {
+            return true;
+        }
+    }
+}

base/src/main/java/com/tinyengine/it/login/Utils/JwtUtil.java

@@ -0,0 +1,66 @@
+package com.tinyengine.it.login.Utils;
+
+import com.tinyengine.it.login.model.PasswordResult;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import java.security.MessageDigest;
+import java.security.Security;
+import java.util.UUID;
+
+/**
+ * SM3 密码哈希工具类
+ */
+public class SM3PasswordUtil {
+
+    static {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
+    private static final String SM3_ALGORITHM = "SM3";
+    private static final String PASSWORD_SALT_PREFIX = "SM3_";
+
+    /**
+     * SM3 哈希计算
+     */
+    public static String sm3Hash(String data, String salt) throws Exception {
+        MessageDigest md = MessageDigest.getInstance(SM3_ALGORITHM, "BC");
+        String dataWithSalt = data + salt;
+        byte[] hash = md.digest(dataWithSalt.getBytes("UTF-8"));
+        return bytesToHex(hash);
+    }
+
+    /**
+     * 创建用户密码
+     */
+    public static PasswordResult createPassword(String plainPassword) throws Exception {
+        String salt = generateSalt();
+        String passwordHash = sm3Hash(plainPassword, salt);
+        return new PasswordResult(passwordHash, salt);
+    }
+
+    /**
+     * 验证用户密码
+     */
+    public static boolean verifyPassword(String inputPassword, String storedHash, String salt) throws Exception {
+        String computedHash = sm3Hash(inputPassword, salt);
+        return computedHash.equals(storedHash);
+    }
+
+    /**
+     * 生成随机盐值
+     */
+    private static String generateSalt() {
+        return PASSWORD_SALT_PREFIX + UUID.randomUUID().toString().replace("-", "").substring(0, 16);
+    }
+
+    private static String bytesToHex(byte[] bytes) {
+        StringBuilder hexString = new StringBuilder();
+        for (byte b : bytes) {
+            String hex = Integer.toHexString(0xff & b);
+            if (hex.length() == 1) {
+                hexString.append('0');
+            }
+            hexString.append(hex);
+        }
+        return hexString.toString();
+    }
+}

base/src/main/java/com/tinyengine/it/login/Utils/SM3PasswordUtil.java

@@ -0,0 +1,33 @@
+package com.tinyengine.it.login.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class LoginConfig implements WebMvcConfigurer {
+
+    private final SSOInterceptor ssoInterceptor;
+
+    public LoginConfig(SSOInterceptor ssoInterceptor) {
+        this.ssoInterceptor = ssoInterceptor;
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(ssoInterceptor)
+                .addPathPatterns("/**")
+                .excludePathPatterns(
+                        // 注册相关
+                        "/register",
+                        "/platform-center/api/user/register",
+                        "/**/register",
+
+                        // 登录相关
+                        "/login",
+                        "/**/login"
+                );
+    }
+}
+
+