feat!: 升级项目使用sa-token认证

Author: joey-zhou

database/migration_sa_token.sql

@@ -0,0 +1,68 @@
+-- ============================================================
+-- Sa-Token 认证系统重构 - 数据库迁移脚本
+-- 创建时间: 2025-12-01
+-- 说明: 创建sys_user_auth表并迁移现有微信数据
+-- ============================================================
+
+-- ============================================================
+-- 步骤1: 创建用户第三方认证表
+-- 功能: 支持一个用户绑定多个第三方平台(微信/QQ/支付宝等)
+-- ============================================================
+CREATE TABLE IF NOT EXISTS `sys_user_auth` (
+ `id` BIGINT NOT NULL AUTO_INCREMENT COMMENT '主键ID',
+ `user_id` INT NOT NULL COMMENT '用户ID,关联sys_user.user_id',
+ `open_id` VARCHAR(100) NOT NULL COMMENT '第三方平台的唯一标识(如微信openid)',
+ `union_id` VARCHAR(100) DEFAULT NULL COMMENT '微信unionid(用于同一主体的不同应用)',
+ `platform` VARCHAR(20) NOT NULL COMMENT '平台标识: wechat/qq/alipay/apple等',
+ `profile` TEXT DEFAULT NULL COMMENT '第三方返回的原始JSON数据',
+ `create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
+ `update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
+ PRIMARY KEY (`id`),
+ INDEX `idx_user_id` (`user_id`),
+ INDEX `idx_open_id` (`open_id`),
+ INDEX `idx_user_platform` (`user_id`, `platform`),
+ UNIQUE KEY `uk_platform_openid` (`platform`, `open_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户第三方认证信息表';
+
+-- ============================================================
+-- 步骤2: 迁移现有微信数据到新表
+-- ============================================================
+INSERT INTO sys_user_auth (user_id, open_id, union_id, platform, profile)
+SELECT
+ user_id,
+ wx_open_id AS open_id,
+ wx_union_id AS union_id,
+ 'wechat' AS platform,
+ JSON_OBJECT(
+ 'openid', wx_open_id,
+ 'unionid', wx_union_id,
+ 'migrated', true,
+ 'migrate_time', NOW()
+ ) AS profile
+FROM sys_user
+WHERE wx_open_id IS NOT NULL AND wx_open_id != '';
+
+-- ============================================================
+-- 步骤3: 验证数据迁移
+-- ============================================================
+SELECT
+ '原始微信数据数量' AS description,
+ COUNT(*) AS count
+FROM sys_user
+WHERE wx_open_id IS NOT NULL AND wx_open_id != ''
+UNION ALL
+SELECT
+ '迁移后数据数量' AS description,
+ COUNT(*) AS count
+FROM sys_user_auth
+WHERE platform = 'wechat';
+
+-- ============================================================
+-- 注意事项:
+-- 1. 本脚本会保留sys_user表的wx_open_id和wx_union_id字段
+-- 2. 稳定运行1-2周后,可以选择删除这些字段
+-- 3. 删除前请先备份数据库
+-- 4. 删除命令(暂不执行):
+-- ALTER TABLE sys_user DROP COLUMN wx_open_id;
+-- ALTER TABLE sys_user DROP COLUMN wx_union_id;
+-- ============================================================

pom.xml

@@ -282,6 +282,19 @@
  <artifactId>netty-all</artifactId>
  <version>4.1.110.Final</version>
  </dependency>
+ <!-- Sa-Token -->
+ <dependency>
+ <groupId>cn.dev33</groupId>
+ <artifactId>sa-token-spring-boot3-starter</artifactId>
+ <version>1.39.0</version>
+ </dependency>
+
+ <!-- Sa-Token Redis集成 (使用Jackson序列化) -->
+ <dependency>
+ <groupId>cn.dev33</groupId>
+ <artifactId>sa-token-redis-jackson</artifactId>
+ <version>1.39.0</version>
+ </dependency>
  </dependencies>
 
  <build>

src/main/java/com/xiaozhi/common/config/AuthUtilsConfig.java

@@ -0,0 +1,24 @@
+package com.xiaozhi.common.config;
+
+import com.xiaozhi.service.SysUserService;
+import com.xiaozhi.utils.AuthUtils;
+import jakarta.annotation.PostConstruct;
+import jakarta.annotation.Resource;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * 认证工具类配置
+ *
+ * @author Joey
+ */
+@Configuration
+public class AuthUtilsConfig {
+
+ @Resource
+ private SysUserService userService;
+
+ @PostConstruct
+ public void init() {
+ AuthUtils.setUserService(userService);
+ }
+}

src/main/java/com/xiaozhi/common/config/SaTokenConfig.java

@@ -0,0 +1,27 @@
+package com.xiaozhi.common.config;
+
+import cn.dev33.satoken.interceptor.SaInterceptor;
+import cn.dev33.satoken.stp.StpUtil;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ * Sa-Token 配置类
+ *
+ * @author Joey
+ */
+@Configuration
+public class SaTokenConfig implements WebMvcConfigurer {
+
+ /**
+ * 注册Sa-Token拦截器
+ */
+ @Override
+ public void addInterceptors(InterceptorRegistry registry) {
+ // 注册Sa-Token拦截器，拦截所有API请求
+ // 不需要登录的接口请使用 @SaIgnore 注解标注
+ registry.addInterceptor(new SaInterceptor(handle -> StpUtil.checkLogin()))
+ .addPathPatterns("/api/**");
+ }
+}

src/main/java/com/xiaozhi/common/config/WebMvcConfig.java

@@ -1,6 +1,5 @@
 package com.xiaozhi.common.config;
 
-import com.xiaozhi.common.interceptor.AuthenticationInterceptor;
 import com.xiaozhi.common.interceptor.LogInterceptor;
 
 import lombok.extern.slf4j.Slf4j;
@@ -23,26 +22,8 @@ public class WebMvcConfig implements WebMvcConfigurer { // 实现接口而不
  @Resource
  private LogInterceptor logInterceptor;
 
- @Resource
- private AuthenticationInterceptor authenticationInterceptor;
-
  @Override
  public void addInterceptors(InterceptorRegistry registry) {
- registry.addInterceptor(authenticationInterceptor)
- .addPathPatterns("/**")
- .excludePathPatterns(
- "/api/user/login",
- "/api/user/register",
- "/api/device/ota",
- "/audio/**",
- "/uploads/**",
- "/ws/**",
- // 添加 swagger 相关路径
- "/swagger-ui/**",
- "/v3/api-docs/**",
- "/swagger-resources/**",
- "/webjars/**"
- );
  }
 
  @Override

src/main/java/com/xiaozhi/common/exception/GlobalExceptionHandler.java

@@ -1,5 +1,8 @@
 package com.xiaozhi.common.exception;
 
+import cn.dev33.satoken.exception.NotLoginException;
+import cn.dev33.satoken.exception.NotPermissionException;
+import cn.dev33.satoken.exception.NotRoleException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
@@ -55,6 +58,36 @@ public ResultMessage handleUnauthorizedException(UnauthorizedException e, WebReq
  return ResultMessage.error(HttpStatus.FORBIDDEN.value(), e.getMessage());
  }
 
+ /**
+ * Sa-Token 未登录异常
+ */
+ @ExceptionHandler(NotLoginException.class)
+ @ResponseStatus(HttpStatus.UNAUTHORIZED)
+ public ResultMessage handleNotLoginException(NotLoginException e, WebRequest request) {
+ logger.warn("用户未登录或token已失效: {}", e.getMessage());
+ return ResultMessage.error(HttpStatus.UNAUTHORIZED.value(), "登录已过期，请重新登录");
+ }
+
+ /**
+ * Sa-Token 权限不足异常
+ */
+ @ExceptionHandler(NotPermissionException.class)
+ @ResponseStatus(HttpStatus.FORBIDDEN)
+ public ResultMessage handleNotPermissionException(NotPermissionException e, WebRequest request) {
+ logger.warn("权限不足: {}", e.getMessage());
+ return ResultMessage.error(HttpStatus.FORBIDDEN.value(), "权限不足");
+ }
+
+ /**
+ * Sa-Token 角色不足异常
+ */
+ @ExceptionHandler(NotRoleException.class)
+ @ResponseStatus(HttpStatus.FORBIDDEN)
+ public ResultMessage handleNotRoleException(NotRoleException e, WebRequest request) {
+ logger.warn("角色权限不足: {}", e.getMessage());
+ return ResultMessage.error(HttpStatus.FORBIDDEN.value(), "角色权限不足");
+ }
+
  /**
  * 资源不存在异常
  */