From 9753d7ebf508802bf46db91849e8be71fd0556c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BC=A0=E7=BF=94?= <xiangzhang1024@gmail.com>
Date: Wed, 3 Jun 2026 11:29:47 +0800
Subject: [PATCH] =?UTF-8?q?feat(auth):=20AuthUtil=20=E5=A2=9E=E5=8A=A0=20g?=
 =?UTF-8?q?etAdminUserIdOrThrow=20=E5=92=8C=20getMemberUserIdOrThrow?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- getAdminUserIdOrThrow: 校验 userType=ADMIN，否则返回 403
- getMemberUserIdOrThrow: 校验 userType=MEMBER，否则返回 403
- 保留 getMemberIdOrThrow 向后兼容
---
 .../novalon/gym/manage/sys/util/AuthUtil.java | 36 ++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/gym-manage-api/manage-sys/src/main/java/cn/novalon/gym/manage/sys/util/AuthUtil.java b/gym-manage-api/manage-sys/src/main/java/cn/novalon/gym/manage/sys/util/AuthUtil.java
index 14c5531..29367a4 100644
--- a/gym-manage-api/manage-sys/src/main/java/cn/novalon/gym/manage/sys/util/AuthUtil.java
+++ b/gym-manage-api/manage-sys/src/main/java/cn/novalon/gym/manage/sys/util/AuthUtil.java
@@ -29,4 +29,38 @@ public class AuthUtil {
         if (jwtTokenProvider.getUserIdFromToken(token) <= 0L) throw new IllegalArgumentException("ID无效");
         return jwtTokenProvider.getUserIdFromToken(token);
     }
-}
\ No newline at end of file
+
+    /**
+     * 获取当前 ADMIN 用户 ID，校验 userType 必须为 ADMIN
+     */
+    public Long getAdminUserIdOrThrow(ServerRequest request) {
+        String token = extractToken(request);
+        if (token == null) throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "缺少 Token");
+        if (!jwtTokenProvider.validateToken(token)) throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Token 无效或已过期");
+        String userType = jwtTokenProvider.getUserTypeFromToken(token);
+        if (!"ADMIN".equals(userType)) {
+            log.warn("非管理员用户尝试访问管理端接口, userType={}", userType);
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "无权访问管理端接口");
+        }
+        Long userId = jwtTokenProvider.getUserIdFromToken(token);
+        if (userId <= 0L) throw new IllegalArgumentException("ID无效");
+        return userId;
+    }
+
+    /**
+     * 获取当前 MEMBER 用户 ID，校验 userType 必须为 MEMBER
+     */
+    public Long getMemberUserIdOrThrow(ServerRequest request) {
+        String token = extractToken(request);
+        if (token == null) throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "缺少 Token");
+        if (!jwtTokenProvider.validateToken(token)) throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Token 无效或已过期");
+        String userType = jwtTokenProvider.getUserTypeFromToken(token);
+        if (!"MEMBER".equals(userType)) {
+            log.warn("非会员用户尝试访问会员接口, userType={}", userType);
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "无权访问会员接口");
+        }
+        Long userId = jwtTokenProvider.getUserIdFromToken(token);
+        if (userId <= 0L) throw new IllegalArgumentException("ID无效");
+        return userId;
+    }
+}