refactor: extract security requirement annotation

MaaAssistantArknights · Jan 20, 2024 · 673a709 · 673a709
1 parent 5fd1b7e
commit 673a709
Show file tree

Hide file tree

Showing 7 changed files with 47 additions and 37 deletions.
diff --git a/src/main/java/plus/maa/backend/config/doc/RequireJwt.java b/src/main/java/plus/maa/backend/config/doc/RequireJwt.java
@@ -0,0 +1,15 @@
+package plus.maa.backend.config.doc;
+
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+
+import java.lang.annotation.*;
+
+/**
+ * 指示需要 Jwt 认证
+ */
+@Target({ElementType.METHOD, ElementType.TYPE, ElementType.ANNOTATION_TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+@Inherited
+@SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_JWT)
+public @interface RequireJwt {
+}
diff --git a/...s/maa/backend/config/SpringDocConfig.java → ...a/backend/config/doc/SpringDocConfig.java b/...s/maa/backend/config/SpringDocConfig.java → ...a/backend/config/doc/SpringDocConfig.java
@@ -1,4 +1,4 @@
-package plus.maa.backend.config;
+package plus.maa.backend.config.doc;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.swagger.v3.core.jackson.ModelResolver;
@@ -38,7 +38,7 @@ public class SpringDocConfig {
     @Value("${maa-copilot.jwt.header}")
     private String securitySchemeHeader;
 
-    public static final String SECURITY_SCHEME_NAME = "Bearer";
+    public static final String SECURITY_SCHEME_JWT = "Jwt";
 
     @Bean
     public OpenAPI emergencyLogistics() {
@@ -48,7 +48,7 @@ public OpenAPI emergencyLogistics() {
                         .description("GitHub repo")
                         .url("https://github.com/MaaAssistantArknights/MaaBackendCenter"))
                 .components(new Components()
-                        .addSecuritySchemes(SECURITY_SCHEME_NAME,
+                        .addSecuritySchemes(SECURITY_SCHEME_JWT,
                                 new SecurityScheme()
                                         .type(SecurityScheme.Type.HTTP)
                                         .scheme("bearer")
@@ -68,13 +68,13 @@ public OperationCustomizer currentUserOperationCustomizer() {
                 if (parameter.hasParameterAnnotation(CurrentUser.class)) {
                     var security = Optional.ofNullable(operation.getSecurity());
                     // 已有 security scheme
-                    if (security.stream().flatMap(List::stream).anyMatch(s -> s.containsKey(SECURITY_SCHEME_NAME))) {
+                    if (security.stream().flatMap(List::stream).anyMatch(s -> s.containsKey(SECURITY_SCHEME_JWT))) {
                         break;
                     }
 
                     // 添加 security scheme
                     operation.setSecurity(security.orElseGet(ArrayList::new));
-                    operation.getSecurity().add(new SecurityRequirement().addList(SECURITY_SCHEME_NAME));
+                    operation.getSecurity().add(new SecurityRequirement().addList(SECURITY_SCHEME_JWT));
                     break;
                 }
             }

diff --git a/src/main/java/plus/maa/backend/controller/CommentsAreaController.java b/src/main/java/plus/maa/backend/controller/CommentsAreaController.java
@@ -3,15 +3,14 @@
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
-import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.NotBlank;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.*;
 import plus.maa.backend.common.annotation.JsonSchema;
 import plus.maa.backend.common.annotation.SensitiveWordDetection;
-import plus.maa.backend.config.SpringDocConfig;
+import plus.maa.backend.config.doc.RequireJwt;
 import plus.maa.backend.config.security.AuthenticationHelper;
 import plus.maa.backend.controller.request.comments.*;
 import plus.maa.backend.controller.response.MaaResult;
@@ -35,7 +34,7 @@ public class CommentsAreaController {
     @PostMapping("/add")
     @Operation(summary = "发送评论")
     @ApiResponse(description = "发送评论结果")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     public MaaResult<String> sendComments(
             @Parameter(description = "评论") @Valid @RequestBody CommentsAddDTO comments
     ) {
@@ -55,7 +54,7 @@ public MaaResult<CommentsAreaInfo> queriesCommentsArea(
     @PostMapping("/delete")
     @Operation(summary = "删除评论")
     @ApiResponse(description = "评论删除结果")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     public MaaResult<String> deleteComments(
             @Parameter(description = "评论删除对象") @Valid @RequestBody CommentsDeleteDTO comments
     ) {
@@ -66,7 +65,7 @@ public MaaResult<String> deleteComments(
     @JsonSchema
     @Operation(summary = "为评论点赞")
     @ApiResponse(description = "点赞结果")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @PostMapping("/rating")
     public MaaResult<String> ratesComments(
             @Parameter(description = "评论点赞对象") @Valid @RequestBody CommentsRatingDTO commentsRatingDTO
@@ -77,7 +76,7 @@ public MaaResult<String> ratesComments(
 
     @Operation(summary = "为评论置顶/取消置顶")
     @ApiResponse(description = "置顶/取消置顶结果")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @PostMapping("/topping")
     public MaaResult<String> toppingComments(
             @Parameter(description = "评论置顶对象") @Valid @RequestBody CommentsToppingDTO commentsToppingDTO
@@ -87,7 +86,7 @@ public MaaResult<String> toppingComments(
     }
 
     @Operation(summary = "设置通知接收状态")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @GetMapping("/status")
     public MaaResult<String> modifyStatus(@RequestParam @NotBlank String id, @RequestParam boolean status) {
         commentsAreaService.notificationStatus(authHelper.getUserId(), id, status);

diff --git a/src/main/java/plus/maa/backend/controller/CopilotController.java b/src/main/java/plus/maa/backend/controller/CopilotController.java
@@ -3,7 +3,6 @@
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
-import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.servlet.http.HttpServletResponse;
 import jakarta.validation.Valid;
@@ -13,7 +12,7 @@
 import org.springframework.web.bind.annotation.*;
 import plus.maa.backend.common.annotation.JsonSchema;
 import plus.maa.backend.common.annotation.SensitiveWordDetection;
-import plus.maa.backend.config.SpringDocConfig;
+import plus.maa.backend.config.doc.RequireJwt;
 import plus.maa.backend.config.security.AuthenticationHelper;
 import plus.maa.backend.controller.request.copilot.CopilotCUDRequest;
 import plus.maa.backend.controller.request.copilot.CopilotQueriesRequest;
@@ -39,7 +38,7 @@ public class CopilotController {
 
     @Operation(summary = "上传作业")
     @ApiResponse(description = "上传作业结果")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @JsonSchema
     @SensitiveWordDetection("#request.content != null ? #objectMapper.readTree(#request.content).get('doc')?.toString() : null")
     @PostMapping("/upload")
@@ -51,7 +50,7 @@ public MaaResult<Long> uploadCopilot(
 
     @Operation(summary = "删除作业")
     @ApiResponse(description = "删除作业结果")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @PostMapping("/delete")
     public MaaResult<Void> deleteCopilot(
             @Parameter(description = "作业操作请求") @RequestBody CopilotCUDRequest request
@@ -85,7 +84,7 @@ public MaaResult<CopilotPageInfo> queriesCopilot(
 
     @Operation(summary = "更新作业")
     @ApiResponse(description = "更新结果")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @JsonSchema
     @SensitiveWordDetection("#copilotCUDRequest.content != null ? #objectMapper.readTree(#copilotCUDRequest.content).get('doc')?.toString() : null")
     @PostMapping("/update")
@@ -107,7 +106,7 @@ public MaaResult<String> ratesCopilotOperation(
         return MaaResult.success("评分成功");
     }
 
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @Operation(summary = "修改通知状态")
     @ApiResponse(description = "success")
     @GetMapping("/status")

diff --git a/src/main/java/plus/maa/backend/controller/CopilotSetController.java b/src/main/java/plus/maa/backend/controller/CopilotSetController.java
@@ -3,12 +3,11 @@
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
-import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.*;
-import plus.maa.backend.config.SpringDocConfig;
+import plus.maa.backend.config.doc.RequireJwt;
 import plus.maa.backend.config.security.AuthenticationHelper;
 import plus.maa.backend.controller.request.CommonIdReq;
 import plus.maa.backend.controller.request.CopilotSetQuery;
@@ -51,15 +50,15 @@ public MaaResult<CopilotSetRes> getSet(@RequestParam @Parameter(description = "
 
     @Operation(summary = "创建作业集")
     @ApiResponse(description = "作业集id")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @PostMapping("/create")
     public MaaResult<Long> createSet(
             @Parameter(description = "作业集新增请求") @Valid @RequestBody CopilotSetCreateReq req) {
         return MaaResult.success(service.create(req, helper.getUserId()));
     }
 
     @Operation(summary = "添加作业集作业列表")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @PostMapping("/add")
     public MaaResult<Void> addCopilotIds(
             @Parameter(description = "作业集中加入新作业请求") @Valid @RequestBody CopilotSetModCopilotsReq req) {
@@ -68,7 +67,7 @@ public MaaResult<Void> addCopilotIds(
     }
 
     @Operation(summary = "添加作业集作业列表")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @PostMapping("/remove")
     public MaaResult<Void> removeCopilotIds(
             @Parameter(description = "作业集中删除作业请求") @Valid @RequestBody CopilotSetModCopilotsReq req) {
@@ -77,7 +76,7 @@ public MaaResult<Void> removeCopilotIds(
     }
 
     @Operation(summary = "更新作业集信息")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @PostMapping("/update")
     public MaaResult<Void> updateCopilotSet(
             @Parameter(description = "更新作业集信息请求") @Valid @RequestBody CopilotSetUpdateReq req) {
@@ -86,7 +85,7 @@ public MaaResult<Void> updateCopilotSet(
     }
 
     @Operation(summary = "删除作业集")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @PostMapping("/delete")
     public MaaResult<Void> deleteCopilotSet(
             @Parameter(description = "删除作业集信息请求") @Valid @RequestBody CommonIdReq<Long> req) {

diff --git a/src/main/java/plus/maa/backend/controller/UserController.java b/src/main/java/plus/maa/backend/controller/UserController.java
@@ -3,7 +3,6 @@
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
-import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.validation.Valid;
 import lombok.Data;
@@ -14,7 +13,7 @@
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
-import plus.maa.backend.config.SpringDocConfig;
+import plus.maa.backend.config.doc.RequireJwt;
 import plus.maa.backend.config.external.MaaCopilotProperties;
 import plus.maa.backend.config.security.AuthenticationHelper;
 import plus.maa.backend.controller.request.user.*;
@@ -52,7 +51,7 @@ public class UserController {
      */
     @Operation(summary = "修改当前用户密码", description = "根据原密码")
     @ApiResponse(description = "修改密码结果")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @PostMapping("/update/password")
     public MaaResult<Void> updatePassword(
             @Parameter(description = "修改密码请求") @RequestBody @Valid PasswordUpdateDTO updateDTO
@@ -69,7 +68,7 @@ public MaaResult<Void> updatePassword(
      */
     @Operation(summary = "更新用户详细信息")
     @ApiResponse(description = "更新结果")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @PostMapping("/update/info")
     public MaaResult<Void> updateInfo(
             @Parameter(description = "更新用户详细信息请求") @Valid @RequestBody UserInfoUpdateDTO updateDTO

diff --git a/src/main/java/plus/maa/backend/controller/file/FileController.java b/src/main/java/plus/maa/backend/controller/file/FileController.java
@@ -6,15 +6,14 @@
 import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
-import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import jakarta.servlet.http.HttpServletResponse;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import plus.maa.backend.common.annotation.AccessLimit;
-import plus.maa.backend.config.SpringDocConfig;
+import plus.maa.backend.config.doc.RequireJwt;
 import plus.maa.backend.config.security.AuthenticationHelper;
 import plus.maa.backend.controller.response.MaaResult;
 import plus.maa.backend.service.FileService;
@@ -55,7 +54,7 @@ public MaaResult<String> uploadFile(
             responseCode = "200",
             content = @Content(mediaType = "application/zip", schema = @Schema(type = "string", format = "binary"))
     )
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @AccessLimit
     @GetMapping("/download")
     public void downloadSpecifiedDateFile(
@@ -72,7 +71,7 @@ public void downloadSpecifiedDateFile(
             responseCode = "200",
             content = @Content(mediaType = "application/zip", schema = @Schema(type = "string", format = "binary"))
     )
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @PostMapping("/download")
     public void downloadFile(@RequestBody @Valid
                              ImageDownloadDTO imageDownloadDTO,
@@ -81,22 +80,22 @@ public void downloadFile(@RequestBody @Valid
     }
 
     @Operation(summary = "设置上传文件功能状态")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @PostMapping("/upload_ability")
     public MaaResult<Void> setUploadAbility(@RequestBody UploadAbility request) {
         fileService.setUploadEnabled(request.enabled);
         return MaaResult.success();
     }
 
     @Operation(summary = "获取上传文件功能状态")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @GetMapping("/upload_ability")
     public MaaResult<UploadAbility> getUploadAbility() {
         return MaaResult.success(new UploadAbility(fileService.isUploadEnabled()));
     }
 
     @Operation(summary = "关闭uploadfile接口")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @PostMapping("/disable")
     public MaaResult<String> disable(@RequestBody boolean status) {
         if (!status) {
@@ -106,7 +105,7 @@ public MaaResult<String> disable(@RequestBody boolean status) {
     }
 
     @Operation(summary = "开启uploadfile接口")
-    @SecurityRequirement(name = SpringDocConfig.SECURITY_SCHEME_NAME)
+    @RequireJwt
     @PostMapping("/enable")
     public MaaResult<String> enable(@RequestBody boolean status) {
         if (!status) {