refactor(auth): remove unused ObjectMapper from JwtAuthInterceptor

- Drop ObjectMapper dependency that was no longer needed - Simplify KDoc to remove redundant format details - Reorder imports alphabetically
2026-05-21 19:08:52 +08:00
parent ca7788899a
commit d809cf00ab
1 changed files with 10 additions and 12 deletions
@@ -1,11 +1,10 @@
 package com.msksbr.bookmgr.interceptor
 import com.fasterxml.jackson.databind.ObjectMapper
 import com.msksbr.bookmgr.config.JwtUtils
 import com.msksbr.bookmgr.script.log
 import com.msksbr.bookmgr.template.Result
 import jakarta.servlet.http.HttpServletRequest
 import jakarta.servlet.http.HttpServletResponse
 import org.springframework.http.HttpStatus
 import org.springframework.stereotype.Component
 import org.springframework.web.servlet.HandlerInterceptor
@@ -13,17 +12,16 @@ import org.springframework.web.servlet.HandlerInterceptor
 * JWT 鉴权拦截器
 * 在每个受保护的 API 请求到达 Controller 之前执行，从 Authorization 头提取并校验 JWT
 *
-* 校验失败时直接返回 401 JSON 响应（使用 Result.unauthorized），请求不会到达 Controller
+* 校验失败时直接返回 401 JSON 响应（使用 Result.unauthorized 格式），请求不会到达 Controller
 * 校验成功后从 token 中提取 username 和 role，写入 request attribute，后续可通过 @RequestAttribute 获取
 *
-* 返回体格式（与 Result.unauthorized 一致）：
+* 返回体格式：
 *   {"code":401,"message":"Missing Authorization header"}
 *   {"code":401,"message":"Invalid token format"}
 *   {"code":401,"message":"Token invalid or expired"}
 */
@Component
 class JwtAuthInterceptor(
    private val objectMapper: ObjectMapper,
    private val jwtUtils: JwtUtils
 ) : HandlerInterceptor {
@@ -34,19 +32,19 @@ class JwtAuthInterceptor(
    ): Boolean {
        // 1. 检查 Authorization 头是否存在
        val authHeader = request.getHeader("Authorization") ?: run {
-            writeJson(response, Result.unauthorized("Missing Authorization header"))
+            writeUnauthorized(response, "Missing Authorization header")
            return false
        }
        // 2. 检查前缀是否为 "Bearer "
        if (!authHeader.startsWith("Bearer ")) {
-            writeJson(response, Result.unauthorized("Invalid token format"))
+            writeUnauthorized(response, "Invalid token format")
            return false
        }
        // 3. 解析并验证 token
        val token = authHeader.removePrefix("Bearer ")
        val claims = jwtUtils.parseToken(token)
        if (claims == null) {
-            writeJson(response, Result.unauthorized("Token invalid or expired"))
+            writeUnauthorized(response, "Token invalid or expired")
            return false
        }
        // 4. 校验通过，用户信息写入 request attribute
@@ -57,11 +55,11 @@ class JwtAuthInterceptor(
    }
    /*
-    * 写入 401 响应，使用 ObjectMapper 序列化保证与 Controller 一致的 JSON 格式（snake_case / non_null 等）
+    * 写入 401 响应，message 字段按 JSON 字符串规范转义
    */
-    private fun writeJson(response: HttpServletResponse, result: Result<*>) {
+    private fun writeUnauthorized(response: HttpServletResponse, message: String) {
-        response.status = HttpServletResponse.SC_UNAUTHORIZED
+        response.status = HttpStatus.UNAUTHORIZED.value()
        response.contentType = "application/json;charset=UTF-8"
-        objectMapper.writeValue(response.writer, result)
+        response.writer.write("""{"code":401,"message":"${message.replace("\\", "\\\\").replace("\"", "\\\"")}"}""")
    }
 }