update AccountRole

account/account-service/src/main/java/cn/reghao/tnb/account/app/db/repository/AccountRepository.java

@@ -8,6 +8,7 @@ import cn.reghao.tnb.account.app.model.po.UserAccount;
 import cn.reghao.tnb.account.app.model.po.UserRole;
 import cn.reghao.tnb.account.app.model.po.UserAuthority;
 import cn.reghao.tnb.account.app.model.po.UserRegistry;
+import cn.reghao.tnb.account.app.model.vo.LoginAccount;
 import cn.reghao.tnb.common.auth.AccountRole;
 import cn.reghao.tnb.common.util.ConstantId;
 import org.springframework.cache.annotation.CacheEvict;
@@ -17,6 +18,7 @@ import org.springframework.transaction.annotation.Transactional;
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Locale;
 import java.util.Set;
 import java.util.stream.Collectors;
 
@@ -86,6 +88,14 @@ public class AccountRepository {
         return accountInfo;
     }
 
+    public LoginAccount getLoginAccount(long userId) {
+        AccountInfo accountInfo = userAccountMapper.findAccountInfo(userId);
+        List<String> roles = getUserRoles(userId).stream()
+                .map(role -> role.replace("ROLE_", "").toLowerCase(Locale.ROOT))
+                .collect(Collectors.toList());
+        return new LoginAccount(accountInfo, roles);
+    }
+
     /**
      * 获取某个 user 拥有的所有 role
      *

account/account-service/src/main/java/cn/reghao/tnb/account/app/model/po/UserAccount.java

@@ -73,7 +73,7 @@ public class UserAccount extends BaseObject<Integer> implements UserDetails {
         this.locked = false;
         this.screenName = this.username;
         this.avatarUrl = ConstantId.AVATAR_URL;
-        this.email = "";
+        this.email = String.format("tnb_%s@reghao.cn", userId);
         this.authorities = Set.of(new UserAuthority());
     }
 
@@ -88,7 +88,7 @@ public class UserAccount extends BaseObject<Integer> implements UserDetails {
         this.locked = false;
         this.screenName = this.username;
         this.avatarUrl = ConstantId.AVATAR_URL;
-        this.email = "";
+        this.email = String.format("tnb_%s@reghao.cn", userId);
         this.authorities = authorities;
     }
 

account/account-service/src/main/java/cn/reghao/tnb/account/app/model/vo/AccountLoginRet.java

@@ -15,7 +15,7 @@ import java.io.Serializable;
 public class AccountLoginRet implements Serializable {
     private static final long serialVersionUID = 1L;
 
-    private AccountInfo accountInfo;
+    private LoginAccount accountInfo;
     private AccountToken accountToken;
     private String userId;
     private String sessId;
@@ -26,8 +26,8 @@ public class AccountLoginRet implements Serializable {
         this.redirectPath = redirectPath;
     }
 
-    public AccountLoginRet(AccountInfo accountInfo, AccountToken accountToken, String redirectPath) {
-        this.accountInfo = accountInfo;
+    public AccountLoginRet(LoginAccount loginAccount, AccountToken accountToken, String redirectPath) {
+        this.accountInfo = loginAccount;
         this.accountToken = accountToken;
         this.redirectPath = redirectPath;
     }

account/account-service/src/main/java/cn/reghao/tnb/account/app/model/vo/LoginAccount.java

@@ -0,0 +1,39 @@
+package cn.reghao.tnb.account.app.model.vo;
+
+import cn.reghao.tnb.account.api.dto.AccountInfo;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.util.List;
+
+/**
+ * @author reghao
+ * @date 2025-12-08 15:56:24
+ */
+@AllArgsConstructor
+@NoArgsConstructor
+@Setter
+@Getter
+public class LoginAccount {
+    private long userId;
+    private String userIdStr;
+    private String screenName;
+    private String avatarUrl;
+    private String username;
+    private String mobile;
+    private String email;
+    private List<String> roles;
+
+    public LoginAccount(AccountInfo accountInfo, List<String> roles) {
+        this.userId = accountInfo.getUserId();
+        this.userIdStr = accountInfo.getUserIdStr();
+        this.screenName = accountInfo.getScreenName();
+        this.avatarUrl = accountInfo.getAvatarUrl();
+        this.username = accountInfo.getUsername();
+        this.mobile = accountInfo.getMobile();
+        this.email = accountInfo.getEmail();
+        this.roles = roles;
+    }
+}

account/account-service/src/main/java/cn/reghao/tnb/account/app/security/handler/AuthSuccessHandlerImpl.java

@@ -1,5 +1,6 @@
 package cn.reghao.tnb.account.app.security.handler;
 
+import cn.reghao.tnb.account.app.model.vo.LoginAccount;
 import cn.reghao.tnb.common.web.WebResult;
 import cn.reghao.tnb.common.web.ServletUtil;
 import cn.reghao.tnb.account.api.iface.AccountQuery;
@@ -65,11 +66,11 @@ public class AuthSuccessHandlerImpl implements AuthenticationSuccessHandler {
 
         AccountLoginRet accountLoginRet = new AccountLoginRet(redirectPath);
         if (LoginPlat.rest.getValue() == plat) {
-            AccountInfo accountInfo = accountRepository.getAccountInfo(userId);
-            String userIdStr = accountQuery.getUserIdStr(accountInfo.getUserId());
-            accountInfo.setUserIdStr(userIdStr);
+            LoginAccount loginAccount = accountRepository.getLoginAccount(userId);
+            String userIdStr = accountQuery.getUserIdStr(loginAccount.getUserId());
+            loginAccount.setUserIdStr(userIdStr);
             AccountToken accountToken = accountTokenService.grantUserToken(authToken);
-            accountLoginRet = new AccountLoginRet(accountInfo, accountToken, redirectPath);
+            accountLoginRet = new AccountLoginRet(loginAccount, accountToken, redirectPath);
         } else if (LoginPlat.web.getValue() == plat) {
             accountTokenService.setCookie(authToken, timeout);
             String userIdStr = accountQuery.getUserIdStr(userId);

account/account-service/src/main/java/cn/reghao/tnb/account/app/service/impl/AccountRegistryServiceImpl.java

@@ -86,11 +86,11 @@ public class AccountRegistryServiceImpl implements AccountRegistryService {
         long userId = accountRepository.getNextUserId();
         String salt = RandomString.getSalt(64);
         String encodedPassword = passwordEncoder.encode(decryptCredential + salt);
-        Set<UserAuthority> authorities = Set.of(new UserAuthority());
+        Set<UserAuthority> authorities;
         if (userId == ConstantId.START_USER_ID) {
-            authorities = Set.of(
-                    new UserAuthority(AccountRole.admin.getValue()),
-                    new UserAuthority(AccountRole.oss.getValue()));
+            authorities = Set.of(new UserAuthority(AccountRole.admin.getValue()));
+        } else {
+            authorities = Set.of(new UserAuthority());
         }
 
         if (StringRegexp.matchMobile(principal)) {

common/src/main/java/cn/reghao/tnb/common/auth/AccountRole.java

@@ -5,10 +5,6 @@ package cn.reghao.tnb.common.auth;
  * @date 2024-02-14 19:13:18
  */
 public enum AccountRole {
-    oss("ROLE_TNB_OSS", "tnb_oss"),
-    exam("ROLE_TNB_EXAM", "tnb_exam"),
-    examUser("ROLE_TNB_EXAM_USER", "tnb_exam_user"),
-    examAdmin("ROLE_TNB_EXAM_ADMIN", "tnb_exam_admin"),
     disk("ROLE_TNB_DISK", "tnb_disk"),
     user("ROLE_TNB_USER", "tnb_user"),
     admin("ROLE_TNB_ADMIN", "tnb_admin");

content/content-service/src/main/java/cn/reghao/tnb/content/app/config/web/UserRoleInterceptor.java

@@ -28,7 +28,7 @@ public class UserRoleInterceptor implements HandlerInterceptor {
             throws Exception {
         String uri = request.getRequestURI();
         String method = request.getMethod();
-        if (uri.startsWith("/api/content/exam")) {
+        /*if (uri.startsWith("/api/content/exam")) {
             if (uri.startsWith("/api/content/exam/subject")
                     || uri.startsWith("/api/content/exam/question")
                     || uri.startsWith("/api/content/exam/paper")) {
@@ -45,14 +45,7 @@ public class UserRoleInterceptor implements HandlerInterceptor {
                 writeResponse(response, msg);
                 return false;
             }
-        }
-
-        if (uri.startsWith("/api/content/disk")
-                && !UserContext.getUserRoles().contains(AccountRole.disk.getValue())) {
-            String msg = String.format("current user not grant %s role", AccountRole.disk.getDesc());
-            writeResponse(response, msg);
-            return false;
-        }
+        }*/
         return true;
     }
 

content/content-service/src/main/java/cn/reghao/tnb/content/app/exam/controller/ExamController.java

@@ -41,11 +41,11 @@ public class ExamController {
     @GetMapping(value = "/list", produces = MediaType.APPLICATION_JSON_VALUE)
     public String getExams(PaperQuery paperQuery) {
         int role = -1;
-        if (UserContext.getUserRoles().contains(AccountRole.examAdmin.getValue())) {
+        /*if (UserContext.getUserRoles().contains(AccountRole.examAdmin.getValue())) {
             role = 1;
         } else if (UserContext.getUserRoles().contains(AccountRole.examUser.getValue())) {
             role = 2;
-        }
+        }*/
 
         paperQuery.setScope(role);
         PageList<EvalPaper> pageList1 = paperService.getEvalPapers(paperQuery);

content/content-service/src/main/java/cn/reghao/tnb/content/app/exam/service/PaperViewService.java

@@ -43,11 +43,11 @@ public class PaperViewService {
 
     private int getRole() {
         int role = -1;
-        if (UserContext.getUserRoles().contains(AccountRole.examAdmin.getValue())) {
+        /*if (UserContext.getUserRoles().contains(AccountRole.examAdmin.getValue())) {
             role = 1;
         } else if (UserContext.getUserRoles().contains(AccountRole.examUser.getValue())) {
             role = 2;
-        }
+        }*/
         return role;
     }
 

file/file-service/src/main/java/cn/reghao/tnb/file/app/config/web/OssSdkInterceptor.java

@@ -4,6 +4,7 @@ import cn.reghao.jutil.jdk.http.HeaderNames;
 import cn.reghao.tnb.common.web.ServletUtil;
 import cn.reghao.tnb.common.auth.LoginUser;
 import cn.reghao.tnb.common.auth.UserContext;
+import cn.reghao.tnb.common.web.WebResult;
 import cn.reghao.tnb.file.app.zoss.service.UserKeyService;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.lang.Nullable;
@@ -13,6 +14,9 @@ import org.springframework.web.servlet.ModelAndView;
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+
+import java.io.IOException;
+import java.io.PrintWriter;
 import java.util.UUID;
 
 /**
@@ -63,6 +67,14 @@ public class OssSdkInterceptor implements HandlerInterceptor {
         return true;
     }
 
+    private void writeResponse(HttpServletResponse response, String msg) throws IOException {
+        String retJson = WebResult.failWithMsg(msg);
+        response.setStatus(HttpServletResponse.SC_OK);
+        response.setContentType("application/json; charset=utf-8");
+        PrintWriter printWriter = response.getWriter();
+        printWriter.write(retJson);
+    }
+
     @Override
     public void postHandle(HttpServletRequest request, HttpServletResponse response,
                            Object handler, @Nullable ModelAndView modelAndView) throws Exception {

file/file-service/src/main/java/cn/reghao/tnb/file/app/service/StoreConfigService.java

@@ -23,7 +23,7 @@ public class StoreConfigService {
 
     @Cacheable(cacheNames = "tnb:file:oss_user", key = "'local_oss_user'", unless = "#result == null")
     public Integer getOssUser() {
-        long ossUser = accountQuery.getByRole(AccountRole.oss.getValue());
+        long ossUser = accountQuery.getByRole(AccountRole.admin.getValue());
         if (ossUser != ConstantId.ANONYMOUS_USER_ID) {
             return (int) ossUser;
         }

gateway/src/main/resources/application.yml

@@ -202,7 +202,7 @@ eureka:
     fetch-registry: true
 app:
   resources:
-    _api_admin_: role_admin
-    _api_oss_: role_oss
-    _api_disk_: role_disk
-    _api_content_exam_: role_exam
+    _api_admin_: role_tnb_admin
+    _api_oss_: role_tnb_admin
+    _api_blog_bg_: role_tnb_admin
+    _api_disk_: role_tnb_disk