feat(usr): jjwt deps + login DTO/VO + error codes REQ-USR-004

zichun
1 parent 3be59f71
Showing 6 changed files with 129 additions and 0 deletions
backend/pom.xml
backend/src/main/java/com/xly/erp/common/response/ErrorCode.java
backend/src/main/java/com/xly/erp/module/usr/dto/LoginDTO.java
backend/src/main/java/com/xly/erp/module/usr/vo/LoginResultVO.java
backend/src/test/java/com/xly/erp/common/response/ApiResponseTest.java
backend/src/test/java/com/xly/erp/module/usr/dto/LoginDTOValidationTest.java
@@ -82,6 +82,25 @@
             <version>${hutool.version}</version>
         </dependency>
+        <!-- REQ-USR-004 JWT (jjwt 0.12.x) -->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>0.12.6</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>0.12.6</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>0.12.6</version>
+            <scope>runtime</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
@@ -6,6 +6,8 @@ import lombok.Getter;
 public enum ErrorCode {
     SUCCESS(200, "操作成功"),
     PARAM_INVALID(40010, "参数错误"),
+    LOGIN_INVALID_CREDENTIALS(40101, "用户名或密码错误"),
+    LOGIN_ACCOUNT_LOCKED(40301, "账号已临时锁定"),
     MOD_PARENT_NOT_FOUND(40411, "父模块不存在或已删除"),
     MOD_NOT_FOUND(40421, "模块不存在或已删除"),
     STAFF_NOT_FOUND(40421, "职员不存在或已删除"),
+package com.xly.erp.module.usr.dto;
+
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.Pattern;
+import jakarta.validation.constraints.Size;
+import lombok.Data;
+
+/** REQ-USR-004 用户登录入参 */
+@Data
+public class LoginDTO {
+
+    @NotBlank
+    @Size(max = 50)
+    private String sUserName;
+
+    @NotBlank
+    @Size(max = 100)
+    private String sPassword;
+
+    @NotBlank
+    @Pattern(regexp = "^standard$", message = "sVersion 仅支持 standard")
+    private String sVersion;
+}
+package com.xly.erp.module.usr.vo;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/** REQ-USR-004 登录结果 VO（含 JWT + 用户基本信息） */
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+public class LoginResultVO {
+    private String accessToken;
+    private long expiresIn;
+    private LoginUserInfo user;
+
+    @Data
+    @NoArgsConstructor
+    @AllArgsConstructor
+    public static class LoginUserInfo {
+        private Integer iIncrement;
+        private String sUserNo;
+        private String sUserName;
+        private String sUserType;
+        private String sLanguage;
+    }
+}
@@ -55,5 +55,7 @@ class ApiResponseTest {
         assertThat(ErrorCode.PERM_CATEGORY_NOT_FOUND.getCode()).isEqualTo(40422);
         assertThat(ErrorCode.USR_USER_NAME_OR_NO_DUP.getCode()).isEqualTo(40921);
         assertThat(ErrorCode.USR_NOT_FOUND.getCode()).isEqualTo(40431);
+        assertThat(ErrorCode.LOGIN_INVALID_CREDENTIALS.getCode()).isEqualTo(40101);
+        assertThat(ErrorCode.LOGIN_ACCOUNT_LOCKED.getCode()).isEqualTo(40301);
     }
 }
+package com.xly.erp.module.usr.dto;
+
+import jakarta.validation.ConstraintViolation;
+import jakarta.validation.Validation;
+import jakarta.validation.Validator;
+import jakarta.validation.ValidatorFactory;
+import org.junit.jupiter.api.Test;
+
+import java.util.Set;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class LoginDTOValidationTest {
+
+    private static final ValidatorFactory FACTORY = Validation.buildDefaultValidatorFactory();
+    private final Validator validator = FACTORY.getValidator();
+
+    private LoginDTO valid() {
+        LoginDTO d = new LoginDTO();
+        d.setSUserName("alice");
+        d.setSPassword("666666");
+        d.setSVersion("standard");
+        return d;
+    }
+
+    @Test
+    void allValid_yieldsNoViolations() {
+        Set<ConstraintViolation<LoginDTO>> v = validator.validate(valid());
+        assertThat(v).isEmpty();
+    }
+
+    @Test
+    void blankRequiredFields_yieldsViolations() {
+        LoginDTO d = new LoginDTO();
+        Set<ConstraintViolation<LoginDTO>> v = validator.validate(d);
+        assertThat(v).extracting(cv -> cv.getPropertyPath().toString())
+                .contains("sUserName", "sPassword", "sVersion");
+    }
+
+    @Test
+    void invalidVersion_yieldsViolation() {
+        LoginDTO d = valid();
+        d.setSVersion("experimental");
+        Set<ConstraintViolation<LoginDTO>> v = validator.validate(d);
+        assertThat(v).extracting(cv -> cv.getPropertyPath().toString()).contains("sVersion");
+    }
+
+    @Test
+    void overSized_yieldsViolation() {
+        LoginDTO d = valid();
+        d.setSUserName("a".repeat(51));
+        d.setSPassword("p".repeat(101));
+        Set<ConstraintViolation<LoginDTO>> v = validator.validate(d);
+        assertThat(v).extracting(cv -> cv.getPropertyPath().toString())
+                .contains("sUserName", "sPassword");
+    }
+}