feat(auth): harden token lifecycle and password policy

2026-03-19 14:51:18 +08:00
parent 41a83d2805
commit a78d0dc2db
26 changed files with 1047 additions and 53 deletions
--- a/backend/src/main/java/com/yoyuzh/common/GlobalExceptionHandler.java
+++ b/backend/src/main/java/com/yoyuzh/common/GlobalExceptionHandler.java
@@ -1,15 +1,19 @@
 package com.yoyuzh.common;

+import jakarta.validation.ConstraintViolation;
 import jakarta.validation.ConstraintViolationException;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.validation.ObjectError;
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;

+import java.util.Objects;
+
@Slf4j
@RestControllerAdvice
 public class GlobalExceptionHandler {
@@ -27,7 +31,27 @@ public class GlobalExceptionHandler {

    @ExceptionHandler({MethodArgumentNotValidException.class, ConstraintViolationException.class})
    public ResponseEntity<ApiResponse<Void>> handleValidationException(Exception ex) {
-        return ResponseEntity.badRequest().body(ApiResponse.error(ErrorCode.UNKNOWN, ex.getMessage()));
+        if (ex instanceof MethodArgumentNotValidException validationException) {
+            String message = validationException.getBindingResult().getAllErrors().stream()
+                    .map(ObjectError::getDefaultMessage)
+                    .filter(Objects::nonNull)
+                    .map(String::trim)
+                    .filter(msg -> !msg.isEmpty())
+                    .findFirst()
+                    .orElse("请求参数不合法");
+            return ResponseEntity.badRequest().body(ApiResponse.error(ErrorCode.UNKNOWN, message));
+        }
+        if (ex instanceof ConstraintViolationException validationException) {
+            String message = validationException.getConstraintViolations().stream()
+                    .map(ConstraintViolation::getMessage)
+                    .filter(Objects::nonNull)
+                    .map(String::trim)
+                    .filter(msg -> !msg.isEmpty())
+                    .findFirst()
+                    .orElse("请求参数不合法");
+            return ResponseEntity.badRequest().body(ApiResponse.error(ErrorCode.UNKNOWN, message));
+        }
+        return ResponseEntity.badRequest().body(ApiResponse.error(ErrorCode.UNKNOWN, "请求参数不合法"));
    }

    @ExceptionHandler(AccessDeniedException.class)