add

2026-01-13 17:32:13 +08:00
parent 8572733b2e
commit f567e733d3
11 changed files with 1301 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,32 @@
 # Node
 node_modules/
 dist/
 .vite/
 # Logs
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 pnpm-debug.log*
 # Java
 backend/target/
 backend/.mvn/
 backend/.idea/
 backend/*.iml
 # IDE
 .vscode/
 .idea/
 *.iml
 # OS
 .DS_Store
 Thumbs.db
 # Env
 .env
 .env.*
 # Database dumps
 *.sql~
--- a/backend/src/main/java/com/toyshop/config/RestExceptionHandler.java
+++ b/backend/src/main/java/com/toyshop/config/RestExceptionHandler.java
@@ -2,6 +2,7 @@ package com.toyshop.config;
 import com.toyshop.dto.ApiResponse;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseStatus;
@@ -23,4 +24,10 @@ public class RestExceptionHandler {
        : ex.getBindingResult().getAllErrors().get(0).getDefaultMessage();
    return ApiResponse.fail(msg);
  }
  @ExceptionHandler(AuthenticationException.class)
  @ResponseStatus(HttpStatus.UNAUTHORIZED)
  public ApiResponse<?> handleAuth(AuthenticationException ex) {
    return ApiResponse.fail("用户名或密码错误");
  }
 }
--- a/backend/src/main/java/com/toyshop/config/SecurityConfig.java
+++ b/backend/src/main/java/com/toyshop/config/SecurityConfig.java
@@ -7,6 +7,7 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@@ -37,7 +38,8 @@ public class SecurityConfig {
        .cors(cors -> cors.configurationSource(corsConfigurationSource()))
        .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
        .authorizeHttpRequests(auth -> auth
-            .requestMatchers("/api/auth/**", "/api/public/**").permitAll()
+            .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
            .requestMatchers("/api/auth/**", "/api/public/**", "/error").permitAll()
            .anyRequest().authenticated()
        )
        .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
@@ -60,9 +62,10 @@ public class SecurityConfig {
  @Bean
  public CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration config = new CorsConfiguration();
-    config.setAllowedOrigins(List.of("*"));
+    config.setAllowedOriginPatterns(List.of("*"));
    config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
    config.setAllowedHeaders(List.of("*"));
    config.setAllowCredentials(false);
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", config);
    return source;
--- a/backend/src/main/java/com/toyshop/config/WebConfig.java
+++ b/backend/src/main/java/com/toyshop/config/WebConfig.java
@@ -0,0 +1,18 @@
 package com.toyshop.config;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
 public class WebConfig implements WebMvcConfigurer {
  @Value("${app.upload.dir}")
  private String uploadDir;
  @Override
  public void addResourceHandlers(ResourceHandlerRegistry registry) {
    String location = "file:/" + uploadDir.replace("\\", "/") + "/";
    registry.addResourceHandler("/files/**").addResourceLocations(location);
  }
 }
--- a/backend/src/main/java/com/toyshop/controller/admin/UploadController.java
+++ b/backend/src/main/java/com/toyshop/controller/admin/UploadController.java
@@ -0,0 +1,40 @@
 package com.toyshop.controller.admin;
 import com.toyshop.dto.ApiResponse;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.UUID;
@RestController
@RequestMapping("/api/admin")
@PreAuthorize("hasRole('ADMIN')")
 public class UploadController {
  @Value("${app.upload.dir}")
  private String uploadDir;
  @PostMapping("/upload")
  public ApiResponse<?> upload(@RequestParam("file") MultipartFile file) throws IOException {
    if (file.isEmpty()) {
      return ApiResponse.fail("文件为空");
    }
    String original = file.getOriginalFilename();
    String ext = StringUtils.getFilenameExtension(original);
    String filename = UUID.randomUUID().toString().replace("-", "");
    if (ext != null && !ext.isBlank()) {
      filename = filename + "." + ext;
    }
    Path target = Paths.get(uploadDir, filename);
    Files.createDirectories(target.getParent());
    file.transferTo(target);
    String url = "/files/" + filename;
    return ApiResponse.ok(url);
  }
 }
--- a/backend/src/main/java/com/toyshop/entity/Category.java
+++ b/backend/src/main/java/com/toyshop/entity/Category.java
@@ -1,8 +1,10 @@
 package com.toyshop.entity;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import jakarta.persistence.*;
@Entity
@JsonIgnoreProperties({"hibernateLazyInitializer", "handler"})
@Table(name = "categories")
 public class Category {
  @Id
--- a/backend/src/main/java/com/toyshop/entity/Product.java
+++ b/backend/src/main/java/com/toyshop/entity/Product.java
@@ -1,5 +1,6 @@
 package com.toyshop.entity;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import jakarta.persistence.*;
 import java.math.BigDecimal;
 import java.time.LocalDateTime;
@@ -11,8 +12,9 @@ public class Product {
  @GeneratedValue(strategy = GenerationType.IDENTITY)
  private Long id;
-  @ManyToOne(fetch = FetchType.LAZY)
+  @ManyToOne(fetch = FetchType.EAGER)
  @JoinColumn(name = "category_id")
  @JsonIgnoreProperties({"hibernateLazyInitializer", "handler"})
  private Category category;
  @Column(nullable = false, length = 100)
--- a/backend/src/main/resources/application.yml
+++ b/backend/src/main/resources/application.yml
@@ -18,3 +18,5 @@ app:
  jwt:
    secret: change-this-secret-for-prod-change-this-secret
    expire-hours: 24
  upload:
    dir: D:/bs/shopping/files
--- a/frontend/pnpm-lock.yaml
+++ b/frontend/pnpm-lock.yaml
--- a/frontend/src/pages/admin/AdminCarousels.vue
+++ b/frontend/src/pages/admin/AdminCarousels.vue
@@ -1,6 +1,11 @@
 <template>
  <a-card title="轮播图管理">
    <a-form layout="inline">
      <a-form-item label="图片">
        <a-upload :action="uploadUrl" :headers="headers" @change="onUpload" :showUploadList="false">
          <a-button>上传图片</a-button>
        </a-upload>
      </a-form-item>
      <a-form-item label="图片URL"><a-input v-model:value="form.imageUrl" /></a-form-item>
      <a-form-item label="链接"><a-input v-model:value="form.linkUrl" /></a-form-item>
      <a-form-item label="排序"><a-input-number v-model:value="form.sortOrder" /></a-form-item>
@@ -22,6 +27,8 @@ import api from '../../api'
 const list = ref([])
 const form = reactive({ imageUrl: '', linkUrl: '', sortOrder: 0 })
 const uploadUrl = 'http://localhost:8080/api/admin/upload'
 const headers = { Authorization: `Bearer ${localStorage.getItem('token') || ''}` }
 const columns = [
  { title: '图片', dataIndex: 'imageUrl' },
  { title: '链接', dataIndex: 'linkUrl' },
@@ -42,6 +49,15 @@ const create = async () => {
  load()
 }
 const onUpload = (info) => {
  if (info.file.status === 'done') {
    const res = info.file.response
    if (res && res.success) {
      form.imageUrl = res.data
    }
  }
 }
 const remove = async (record) => {
  await api.delete(`/api/admin/carousels/${record.id}`)
  load()
--- a/frontend/src/pages/admin/AdminProducts.vue
+++ b/frontend/src/pages/admin/AdminProducts.vue
@@ -20,7 +20,10 @@
      </template>
    </a-table>
    <a-modal v-model:open="imgVisible" title="新增图片" @ok="saveImage">
-      <a-input v-model:value="imgForm.url" placeholder="图片URL" />
+      <a-upload :action="uploadUrl" :headers="headers" @change="onUpload" :showUploadList="false">
        <a-button>上传图片</a-button>
      </a-upload>
      <a-input v-model:value="imgForm.url" placeholder="图片URL" style="margin-top: 8px" />
      <a-input-number v-model:value="imgForm.sortOrder" style="margin-top: 8px" />
    </a-modal>
  </a-card>
@@ -42,6 +45,8 @@ const columns = [
 const imgVisible = ref(false)
 const imgForm = reactive({ productId: null, url: '', sortOrder: 0 })
 const uploadUrl = 'http://localhost:8080/api/admin/upload'
 const headers = { Authorization: `Bearer ${localStorage.getItem('token') || ''}` }
 const load = async () => {
  const res = await api.get('/api/admin/products')
@@ -76,5 +81,14 @@ const saveImage = async () => {
  imgVisible.value = false
 }
 const onUpload = (info) => {
  if (info.file.status === 'done') {
    const res = info.file.response
    if (res && res.success) {
      imgForm.url = res.data
    }
  }
 }
 onMounted(load)
 </script>