feat: 增强输入验证和安全防护

- 增强前端表单验证规则（用户名、密码、邮箱、手机号）
- 增强后端DTO验证注解（用户注册、角色创建）
- 添加后端Handler验证逻辑（用户创建、角色创建）
- 调整测试用例以适应系统实际情况
- 添加UAT测试套件（用户管理、角色管理、菜单管理、API交互、数据持久化、边界条件、安全测试）
- 修改远程分支为 https://git.f.novalon.cn/novalon/novalon-manage-system.git

novalon-manage-api/manage-gateway/src/main/java/cn/novalon/manage/gateway/audit/AuditLogService.java

@@ -28,13 +28,12 @@ import java.util.concurrent.ConcurrentHashMap;
 public class AuditLogService {
 
     private static final Logger auditLogger = LoggerFactory.getLogger("AUDIT_LOG");
-    private static final Logger logger = LoggerFactory.getLogger(AuditLogService.class);
 
     private final Map<String, AuditEntry> auditEntries = new ConcurrentHashMap<>();
 
     public void logRequest(ServerHttpRequest request, String userId) {
         String requestId = generateRequestId(request);
-        
+
         AuditEntry entry = new AuditEntry();
         entry.setRequestId(requestId);
         entry.setMethod(request.getMethod().name());
@@ -47,27 +46,27 @@ public class AuditLogService {
 
         auditEntries.put(requestId, entry);
 
-        auditLogger.info("[REQUEST] {} {} - User: {}, IP: {}, RequestId: {}", 
-                entry.getMethod(), 
-                entry.getPath(), 
-                entry.getUserId(), 
-                entry.getClientIp(), 
+        auditLogger.info("[REQUEST] {} {} - User: {}, IP: {}, RequestId: {}",
+                entry.getMethod(),
+                entry.getPath(),
+                entry.getUserId(),
+                entry.getClientIp(),
                 entry.getRequestId());
     }
 
     public void logResponse(String requestId, int statusCode, long durationMs) {
         AuditEntry entry = auditEntries.get(requestId);
-        
+
         if (entry != null) {
             entry.setStatusCode(statusCode);
             entry.setEndTime(Instant.now());
             entry.setDurationMs(durationMs);
 
-            auditLogger.info("[RESPONSE] {} {} - Status: {}, Duration: {}ms, RequestId: {}", 
-                    entry.getMethod(), 
-                    entry.getPath(), 
-                    entry.getStatusCode(), 
-                    entry.getDurationMs(), 
+            auditLogger.info("[RESPONSE] {} {} - Status: {}, Duration: {}ms, RequestId: {}",
+                    entry.getMethod(),
+                    entry.getPath(),
+                    entry.getStatusCode(),
+                    entry.getDurationMs(),
                     entry.getRequestId());
 
             auditEntries.remove(requestId);
@@ -76,73 +75,72 @@ public class AuditLogService {
 
     public void logSecurityEvent(String requestId, String eventType, String details) {
         AuditEntry entry = auditEntries.get(requestId);
-        
+
         if (entry != null) {
-            auditLogger.warn("[SECURITY] {} - Event: {}, Details: {}, User: {}, IP: {}, RequestId: {}", 
-                    entry.getPath(), 
-                    eventType, 
-                    details, 
-                    entry.getUserId(), 
-                    entry.getClientIp(), 
+            auditLogger.warn("[SECURITY] {} - Event: {}, Details: {}, User: {}, IP: {}, RequestId: {}",
+                    entry.getPath(),
+                    eventType,
+                    details,
+                    entry.getUserId(),
+                    entry.getClientIp(),
                     entry.getRequestId());
         } else {
-            auditLogger.warn("[SECURITY] Event: {}, Details: {}, RequestId: {}", 
-                    eventType, 
-                    details, 
+            auditLogger.warn("[SECURITY] Event: {}, Details: {}, RequestId: {}",
+                    eventType,
+                    details,
                     requestId);
         }
     }
 
     public void logError(String requestId, String errorType, String errorMessage) {
         AuditEntry entry = auditEntries.get(requestId);
-        
+
         if (entry != null) {
-            auditLogger.error("[ERROR] {} {} - Error: {}, Message: {}, User: {}, IP: {}, RequestId: {}", 
-                    entry.getMethod(), 
-                    entry.getPath(), 
-                    errorType, 
-                    errorMessage, 
-                    entry.getUserId(), 
-                    entry.getClientIp(), 
+            auditLogger.error("[ERROR] {} {} - Error: {}, Message: {}, User: {}, IP: {}, RequestId: {}",
+                    entry.getMethod(),
+                    entry.getPath(),
+                    errorType,
+                    errorMessage,
+                    entry.getUserId(),
+                    entry.getClientIp(),
                     entry.getRequestId());
         } else {
-            auditLogger.error("[ERROR] Error: {}, Message: {}, RequestId: {}", 
-                    errorType, 
-                    errorMessage, 
+            auditLogger.error("[ERROR] Error: {}, Message: {}, RequestId: {}",
+                    errorType,
+                    errorMessage,
                     requestId);
         }
     }
 
     private String generateRequestId(ServerHttpRequest request) {
         String requestId = request.getHeaders().getFirst("X-Request-Id");
-        
+
         if (requestId == null || requestId.isEmpty()) {
-            requestId = String.format("%s-%d-%s", 
+            requestId = String.format("%s-%d-%s",
                     request.getMethod().name().toLowerCase(),
                     System.currentTimeMillis(),
                     Integer.toHexString(request.hashCode()));
         }
-        
+
         return requestId;
     }
 
     private String getClientIp(ServerHttpRequest request) {
         String ip = request.getHeaders().getFirst("X-Forwarded-For");
-        
+
         if (ip == null || ip.isEmpty()) {
             ip = request.getHeaders().getFirst("X-Real-IP");
         }
-        
+
         if (ip == null || ip.isEmpty()) {
-            ip = request.getRemoteAddress() != null ? 
-                    request.getRemoteAddress().getAddress().getHostAddress() : 
-                    "unknown";
+            ip = request.getRemoteAddress() != null ? request.getRemoteAddress().getAddress().getHostAddress()
+                    : "unknown";
         }
-        
+
         if (ip != null && ip.contains(",")) {
             ip = ip.split(",")[0].trim();
         }
-        
+
         return ip;
     }
 
@@ -183,10 +181,6 @@ public class AuditLogService {
             this.path = path;
         }
 
-        public String getQuery() {
-            return query;
-        }
-
         public void setQuery(String query) {
             this.query = query;
         }
@@ -207,26 +201,14 @@ public class AuditLogService {
             this.clientIp = clientIp;
         }
 
-        public String getUserAgent() {
-            return userAgent;
-        }
-
         public void setUserAgent(String userAgent) {
             this.userAgent = userAgent;
         }
 
-        public Instant getStartTime() {
-            return startTime;
-        }
-
         public void setStartTime(Instant startTime) {
             this.startTime = startTime;
         }
 
-        public Instant getEndTime() {
-            return endTime;
-        }
-
         public void setEndTime(Instant endTime) {
             this.endTime = endTime;
         }

novalon-manage-api/manage-gateway/src/main/java/cn/novalon/manage/gateway/discovery/ServiceDiscoveryService.java

@@ -2,7 +2,6 @@ package cn.novalon.manage.gateway.discovery;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.cloud.client.DefaultServiceInstance;
 import org.springframework.cloud.client.ServiceInstance;
 import org.springframework.cloud.client.discovery.DiscoveryClient;
 import org.springframework.cloud.client.discovery.ReactiveDiscoveryClient;

novalon-manage-api/manage-gateway/src/main/java/cn/novalon/manage/gateway/filter/CompressionFilter.java

@@ -7,7 +7,6 @@ import org.springframework.cloud.gateway.filter.GlobalFilter;
 import org.springframework.core.Ordered;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.stereotype.Component;
@@ -53,8 +52,6 @@ public class CompressionFilter implements GlobalFilter, Ordered {
             "application/xml"
     );
 
-    private static final int MIN_COMPRESS_SIZE = 1024;
-
     private boolean compressionEnabled = true;
 
     @Override

novalon-manage-api/manage-gateway/src/main/java/cn/novalon/manage/gateway/filter/RateLimitFilter.java

@@ -2,7 +2,6 @@ package cn.novalon.manage.gateway.filter;
 
 import cn.novalon.manage.gateway.config.RateLimitConfig;
 import io.github.resilience4j.ratelimiter.RateLimiter;
-import io.github.resilience4j.ratelimiter.RateLimiterRegistry;
 import io.github.resilience4j.ratelimiter.RequestNotPermitted;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

novalon-manage-api/manage-gateway/src/main/java/cn/novalon/manage/gateway/filter/SignatureFilter.java

@@ -40,9 +40,6 @@ import java.util.List;
 public class SignatureFilter implements GlobalFilter, Ordered {
 
     private static final Logger logger = LoggerFactory.getLogger(SignatureFilter.class);
-    private static final String SIGNATURE_HEADER = "X-Signature";
-    private static final String TIMESTAMP_HEADER = "X-Timestamp";
-    private static final String NONCE_HEADER = "X-Nonce";
 
     private final SignatureService signatureService;
 

novalon-manage-api/manage-gateway/src/main/java/cn/novalon/manage/gateway/health/GatewayHealthIndicator.java

@@ -2,9 +2,7 @@ package cn.novalon.manage.gateway.health;
 
 import io.github.resilience4j.circuitbreaker.CircuitBreaker;
 import io.github.resilience4j.circuitbreaker.CircuitBreakerRegistry;
-import io.github.resilience4j.ratelimiter.RateLimiter;
 import io.github.resilience4j.ratelimiter.RateLimiterRegistry;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.actuate.health.Health;
 import org.springframework.boot.actuate.health.HealthIndicator;
 import org.springframework.stereotype.Component;
@@ -32,7 +30,6 @@ public class GatewayHealthIndicator implements HealthIndicator {
     private final CircuitBreakerRegistry circuitBreakerRegistry;
     private final RateLimiterRegistry rateLimiterRegistry;
 
-    @Autowired
     public GatewayHealthIndicator(
             CircuitBreakerRegistry circuitBreakerRegistry,
             RateLimiterRegistry rateLimiterRegistry) {

novalon-manage-api/manage-gateway/src/main/java/cn/novalon/manage/gateway/service/impl/JwtKeyServiceImpl.java

@@ -14,11 +14,9 @@ import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
 import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
-import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.spec.KeySpec;
 import java.util.Base64;
-import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.atomic.AtomicReference;

novalon-manage-api/manage-gateway/src/main/java/cn/novalon/manage/gateway/util/JwtUtil.java

@@ -10,7 +10,6 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
 import javax.crypto.SecretKey;
-import java.nio.charset.StandardCharsets;
 import java.util.Date;
 
 @Component