feat:token校验

pom.xml

@@ -75,6 +75,12 @@
             <artifactId>xservice-parent-starter</artifactId>
             <version>2.0</version>
         </dependency>
+
+        <dependency>
+            <groupId>com.xiang</groupId>
+            <artifactId>xservice-security-starter</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
     </dependencies>
 
     <build>

xs-server/src/main/resources/application.yml

@@ -6,3 +6,6 @@ spring:
     active: local
   main:
     web-application-type: reactive
+
+auth:
+  jwk-set-uri: http://api-auth/oauth2/jwks

xs-service/src/main/java/com/xiang/xservice/gateway/service/config/GatewaySecurityConfig.java

@@ -0,0 +1,24 @@
+package com.xiang.xservice.gateway.service.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+
+@Configuration
+@EnableWebFluxSecurity
+public class GatewaySecurityConfig {
+
+    @Bean
+    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
+        http
+                .authorizeExchange(exchanges -> exchanges
+                        // ✅ 网关全放行
+                        .anyExchange().permitAll()
+                )
+                .csrf(ServerHttpSecurity.CsrfSpec::disable); // 禁用 CSRF
+
+        return http.build();
+    }
+}

xs-service/src/main/java/com/xiang/xservice/gateway/service/core/AuthGlobalFilter.java

@@ -1,6 +1,8 @@
 package com.xiang.xservice.gateway.service.core;
 
+import com.xiang.xservice.security.utils.TokenUtils;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 import org.springframework.cloud.gateway.filter.GlobalFilter;
 import org.springframework.core.Ordered;
@@ -15,12 +17,15 @@ import reactor.core.publisher.Mono;
 @Component
 public class AuthGlobalFilter implements GlobalFilter, Ordered {
 
+    @Autowired
+    private TokenUtils tokenUtils;
+
     @Override
     public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
         ServerHttpRequest request = exchange.getRequest();
         String path = request.getURI().getPath();
         // 放行 /public/** 和 /login
-        if (path.contains("/public/") || path.contains("/login")) {
+        if (path.contains("/public/") || path.contains("/login") || path.contains("/logout") || path.contains("/oauth2")) {
             log.debug("跳过 Token 校验: {}", path);
             return chain.filter(exchange);
         }
@@ -35,9 +40,7 @@ public class AuthGlobalFilter implements GlobalFilter, Ordered {
         }
 
         try {
-            // TODO: 这里换成你自己的 JwtUtil.verify(token)
-//            boolean valid = JwtUtil.verify(token);
-            if (false) {
+            if (!tokenUtils.validateToken(token)) {
                 log.warn("❌ Token 校验失败: {}", token);
                 exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
                 return exchange.getResponse().setComplete();