src/main/kotlin/top/fatweb/api/controller/permission/AuthenticationController.kt

@@ -29,7 +29,7 @@ class AuthenticationController(
     @Operation(summary = "登录")
     @PostMapping("/login")
     fun login(request: HttpServletRequest, @Valid @RequestBody loginParam: LoginParam) = ResponseResult.success(
-        ResponseCode.SYSTEM_LOGIN_SUCCESS,
+        ResponseCode.PERMISSION_LOGIN_SUCCESS,
         "Login success",
         authenticationService.login(request, UserConverter.loginParamToUser(loginParam))
     )
@@ -37,14 +37,14 @@ class AuthenticationController(
     @Operation(summary = "登出")
     @PostMapping("/logout")
     fun logout(request: HttpServletRequest) = when (authenticationService.logout(WebUtil.getToken(request))) {
-        true -> ResponseResult.success(ResponseCode.SYSTEM_LOGOUT_SUCCESS, "Logout success", null)
+        true -> ResponseResult.success(ResponseCode.PERMISSION_LOGOUT_SUCCESS, "Logout success", null)
-        false -> ResponseResult.fail(ResponseCode.SYSTEM_LOGOUT_FAILED, "Logout failed", null)
+        false -> ResponseResult.fail(ResponseCode.PERMISSION_LOGOUT_FAILED, "Logout failed", null)
     }
 
     @Operation(summary = "更新 Token")
     @GetMapping("/token")
     fun renewToken(request: HttpServletRequest) = ResponseResult.success(
-        ResponseCode.SYSTEM_TOKEN_RENEW_SUCCESS,
+        ResponseCode.PERMISSION_TOKEN_RENEW_SUCCESS,
         "Token renew success",
         authenticationService.renewToken(WebUtil.getToken(request))
     )

src/main/kotlin/top/fatweb/api/entity/common/BusinessCode.kt

@@ -8,6 +8,7 @@ package top.fatweb.api.entity.common
  */
 enum class BusinessCode(val code: Int) {
     SYSTEM(100),
-    DATABASE(200),
+    PERMISSION(200),
+    DATABASE(300),
     API_AVATAR(501)
 }

src/main/kotlin/top/fatweb/api/entity/common/ResponseCode.kt

@@ -8,23 +8,29 @@ package top.fatweb.api.entity.common
  */
 enum class ResponseCode(val code: Int) {
     SYSTEM_OK(BusinessCode.SYSTEM, 0),
-    SYSTEM_LOGIN_SUCCESS(BusinessCode.SYSTEM, 20),
+
-    SYSTEM_PASSWORD_CHANGE_SUCCESS(BusinessCode.SYSTEM, 21),
-    SYSTEM_LOGOUT_SUCCESS(BusinessCode.SYSTEM, 22),
-    SYSTEM_TOKEN_RENEW_SUCCESS(BusinessCode.SYSTEM, 23),
-    SYSTEM_UNAUTHORIZED(BusinessCode.SYSTEM, 30),
-    SYSTEM_USERNAME_NOT_FOUND(BusinessCode.SYSTEM, 31),
-    SYSTEM_ACCESS_DENIED(BusinessCode.SYSTEM, 32),
-    SYSTEM_USER_DISABLE(BusinessCode.SYSTEM, 33),
-    SYSTEM_LOGIN_USERNAME_PASSWORD_ERROR(BusinessCode.SYSTEM, 34),
-    SYSTEM_OLD_PASSWORD_NOT_MATCH(BusinessCode.SYSTEM, 35),
-    SYSTEM_LOGOUT_FAILED(BusinessCode.SYSTEM, 36),
-    SYSTEM_TOKEN_ILLEGAL(BusinessCode.SYSTEM, 37),
-    SYSTEM_TOKEN_HAS_EXPIRED(BusinessCode.SYSTEM, 38),
-    SYSTEM_REQUEST_ILLEGAL(BusinessCode.SYSTEM, 40),
-    SYSTEM_ARGUMENT_NOT_VALID(BusinessCode.SYSTEM, 41),
     SYSTEM_ERROR(BusinessCode.SYSTEM, 50),
     SYSTEM_TIMEOUT(BusinessCode.SYSTEM, 51),
+    SYSTEM_REQUEST_ILLEGAL(BusinessCode.SYSTEM, 52),
+    SYSTEM_ARGUMENT_NOT_VALID(BusinessCode.SYSTEM, 53),
+
+    PERMISSION_LOGIN_SUCCESS(BusinessCode.PERMISSION, 0),
+    PERMISSION_PASSWORD_CHANGE_SUCCESS(BusinessCode.PERMISSION, 1),
+    PERMISSION_LOGOUT_SUCCESS(BusinessCode.PERMISSION, 2),
+    PERMISSION_TOKEN_RENEW_SUCCESS(BusinessCode.PERMISSION, 3),
+
+    PERMISSION_UNAUTHORIZED(BusinessCode.PERMISSION, 50),
+    PERMISSION_USERNAME_NOT_FOUND(BusinessCode.PERMISSION, 51),
+    PERMISSION_ACCESS_DENIED(BusinessCode.PERMISSION, 52),
+    PERMISSION_USER_LOCKED(BusinessCode.PERMISSION, 53),
+    PERMISSION_USER_EXPIRED(BusinessCode.PERMISSION, 54),
+    PERMISSION_USER_CREDENTIALS_EXPIRED(BusinessCode.PERMISSION, 55),
+    PERMISSION_USER_DISABLE(BusinessCode.PERMISSION, 56),
+    PERMISSION_LOGIN_USERNAME_PASSWORD_ERROR(BusinessCode.PERMISSION, 57),
+    PERMISSION_OLD_PASSWORD_NOT_MATCH(BusinessCode.PERMISSION, 58),
+    PERMISSION_LOGOUT_FAILED(BusinessCode.PERMISSION, 59),
+    PERMISSION_TOKEN_ILLEGAL(BusinessCode.PERMISSION, 60),
+    PERMISSION_TOKEN_HAS_EXPIRED(BusinessCode.PERMISSION, 61),
 
     DATABASE_SELECT_SUCCESS(BusinessCode.DATABASE, 0),
     DATABASE_SELECT_FAILED(BusinessCode.DATABASE, 5),
@@ -34,11 +40,11 @@ enum class ResponseCode(val code: Int) {
     DATABASE_UPDATE_FILED(BusinessCode.DATABASE, 25),
     DATABASE_DELETE_SUCCESS(BusinessCode.DATABASE, 30),
     DATABASE_DELETE_FILED(BusinessCode.DATABASE, 35),
-    DATABASE_EXECUTE_ERROR(BusinessCode.DATABASE, 40),
+    DATABASE_EXECUTE_ERROR(BusinessCode.DATABASE, 50),
-    DATABASE_DUPLICATE_KEY(BusinessCode.DATABASE, 45),
+    DATABASE_DUPLICATE_KEY(BusinessCode.DATABASE, 51),
 
     API_AVATAR_SUCCESS(BusinessCode.API_AVATAR, 0),
-    API_AVATAR_ERROR(BusinessCode.API_AVATAR, 5);
+    API_AVATAR_ERROR(BusinessCode.API_AVATAR, 50);
 
     constructor(businessCode: BusinessCode, code: Int) : this(businessCode.code * 100 + code)
 }

src/main/kotlin/top/fatweb/api/handler/ExceptionHandler.kt

@@ -8,9 +8,7 @@ import org.slf4j.LoggerFactory
 import org.springframework.dao.DuplicateKeyException
 import org.springframework.http.converter.HttpMessageNotReadableException
 import org.springframework.jdbc.BadSqlGrammarException
-import org.springframework.security.authentication.BadCredentialsException
+import org.springframework.security.authentication.*
-import org.springframework.security.authentication.InsufficientAuthenticationException
-import org.springframework.security.authentication.InternalAuthenticationServiceException
 import org.springframework.web.HttpRequestMethodNotSupportedException
 import org.springframework.web.bind.MethodArgumentNotValidException
 import org.springframework.web.bind.annotation.ExceptionHandler
@@ -33,11 +31,6 @@ class ExceptionHandler {
     @ExceptionHandler(value = [Exception::class])
     fun exceptionHandler(e: Exception): ResponseResult<*> {
         return when (e) {
-            is InsufficientAuthenticationException -> {
-                logger.debug(e.localizedMessage, e)
-                ResponseResult.fail(ResponseCode.SYSTEM_UNAUTHORIZED, e.localizedMessage, null)
-            }
-
             is HttpRequestMethodNotSupportedException -> {
                 logger.debug(e.localizedMessage, e)
                 ResponseResult.fail(ResponseCode.SYSTEM_REQUEST_ILLEGAL, e.localizedMessage, null)
@@ -48,35 +41,60 @@ class ExceptionHandler {
                 ResponseResult.fail(ResponseCode.SYSTEM_REQUEST_ILLEGAL, e.localizedMessage.split(":")[0], null)
             }
 
-            is TokenExpiredException -> {
-                logger.debug(e.localizedMessage, e)
-                ResponseResult.fail(ResponseCode.SYSTEM_TOKEN_HAS_EXPIRED, e.localizedMessage, null)
-            }
-
             is MethodArgumentNotValidException -> {
                 logger.debug(e.localizedMessage, e)
                 val errorMessage = e.allErrors.map { error -> error.defaultMessage }.joinToString(". ")
                 ResponseResult.fail(ResponseCode.SYSTEM_ARGUMENT_NOT_VALID, errorMessage, null)
             }
 
+            is InsufficientAuthenticationException -> {
+                logger.debug(e.localizedMessage, e)
+                ResponseResult.fail(ResponseCode.PERMISSION_UNAUTHORIZED, e.localizedMessage, null)
+            }
+
+            is LockedException -> {
+                logger.debug(e.localizedMessage, e)
+                ResponseResult.fail(ResponseCode.PERMISSION_USER_LOCKED, "User account has been locked", null)
+            }
+
+            is AccountExpiredException -> {
+                logger.debug(e.localizedMessage, e)
+                ResponseResult.fail(ResponseCode.PERMISSION_USER_EXPIRED, "User account has expired", null)
+            }
+
+            is CredentialsExpiredException -> {
+                logger.debug(e.localizedMessage, e)
+                ResponseResult.fail(ResponseCode.PERMISSION_USER_CREDENTIALS_EXPIRED, "User credentials have expired", null)
+            }
+
+            is DisabledException -> {
+                logger.debug(e.localizedMessage, e)
+                ResponseResult.fail(ResponseCode.PERMISSION_USER_CREDENTIALS_EXPIRED, "User has been disabled", null)
+            }
+
+            is TokenExpiredException -> {
+                logger.debug(e.localizedMessage, e)
+                ResponseResult.fail(ResponseCode.PERMISSION_TOKEN_HAS_EXPIRED, e.localizedMessage, null)
+            }
+
             is InternalAuthenticationServiceException -> {
                 logger.debug(e.localizedMessage, e)
-                ResponseResult.fail(ResponseCode.SYSTEM_USERNAME_NOT_FOUND, "Username not found", null)
+                ResponseResult.fail(ResponseCode.PERMISSION_USERNAME_NOT_FOUND, "Username not found", null)
             }
 
             is BadCredentialsException -> {
                 logger.debug(e.localizedMessage, e)
-                ResponseResult.fail(ResponseCode.SYSTEM_LOGIN_USERNAME_PASSWORD_ERROR, e.localizedMessage, null)
+                ResponseResult.fail(ResponseCode.PERMISSION_LOGIN_USERNAME_PASSWORD_ERROR, "Wrong user name or password", null)
             }
 
             is SignatureVerificationException, is JWTDecodeException -> {
                 logger.debug(e.localizedMessage, e)
-                ResponseResult.fail(ResponseCode.SYSTEM_TOKEN_ILLEGAL, "Token illegal", null)
+                ResponseResult.fail(ResponseCode.PERMISSION_TOKEN_ILLEGAL, "Token illegal", null)
             }
 
             is TokenHasExpiredException -> {
                 logger.debug(e.localizedMessage, e)
-                ResponseResult.fail(ResponseCode.SYSTEM_TOKEN_HAS_EXPIRED, e.localizedMessage, null)
+                ResponseResult.fail(ResponseCode.PERMISSION_TOKEN_HAS_EXPIRED, e.localizedMessage, null)
             }
 
             is BadSqlGrammarException -> {