feat(auth): 添加微信小程序扫码登录功能

- 新增扫码登录接口和相关服务 - 实现微信小程序端扫码登录逻辑 - 更新文档，添加微信小程序扫码登录指南 - 调整微信登录相关接口，使用 release 版本 - 新增 JWT 配置项
4 weeks ago · 9280f6284b
12 changed files with 784 additions and 2 deletions
--- a/docs/WECHAT_MINIPROGRAM_QR_LOGIN_GUIDE.md
+++ b/docs/WECHAT_MINIPROGRAM_QR_LOGIN_GUIDE.md
@ -0,0 +1,213 @@
 # 微信小程序扫码登录使用指南
 ## 概述
 扫码登录接口现已全面支持微信小程序端，用户可以通过微信小程序扫码快速登录网页端或其他平台。
 ## 支持的平台
 - ✅ **网页端** - 传统的网页扫码登录
 - ✅ **移动APP** - 原生移动应用扫码登录  
 - ✅ **微信小程序** - 微信小程序扫码登录（新增）
 ## 接口说明
 ### 1. 生成扫码登录token
 ```
 POST /api/qr-login/generate
 ```
 **响应示例：**
 ```json
 {
  "code": 0,
  "message": "生成成功",
  "data": {
    "token": "abc123def456",
    "qrCode": "qr-login:abc123def456",
    "expiresIn": 300
  }
 }
 ```
 ### 2. 检查扫码登录状态
 ```
 GET /api/qr-login/status/{token}
 ```
 **响应示例：**
 ```json
 {
  "code": 0,
  "message": "查询成功",
  "data": {
    "status": "confirmed",
    "accessToken": "eyJhbGciOiJIUzI1NiJ9...",
    "userInfo": {
      "userId": 123,
      "username": "user123",
      "nickname": "张三"
    },
    "expiresIn": 60
  }
 }
 ```
 ### 3. 微信小程序确认登录（专用接口）
 ```
 POST /api/qr-login/wechat-confirm
 ```
 **请求示例：**
 ```json
 {
  "token": "abc123def456",
  "userId": 123,
  "platform": "miniprogram",
  "wechatInfo": {
    "openid": "oABC123DEF456",
    "unionid": "uXYZ789ABC123",
    "nickname": "张三",
    "avatar": "https://wx.qlogo.cn/..."
  }
 }
 ```
 ## 微信小程序端实现示例
 ### 1. 扫码功能
 ```javascript
 // 小程序扫码
 wx.scanCode({
  success: (res) => {
    const qrContent = res.result; // 例如: "qr-login:abc123def456"
    if (qrContent.startsWith('qr-login:')) {
      const token = qrContent.replace('qr-login:', '');
      this.confirmLogin(token);
    }
  }
 });
 ```
 ### 2. 确认登录
 ```javascript
 confirmLogin(token) {
  // 获取用户信息
  wx.getUserProfile({
    desc: '用于扫码登录',
    success: (userRes) => {
      // 调用确认登录接口
      wx.request({
        url: 'https://your-api.com/api/qr-login/wechat-confirm',
        method: 'POST',
        data: {
          token: token,
          userId: this.data.currentUserId, // 当前登录用户ID
          platform: 'miniprogram',
          wechatInfo: {
            openid: this.data.openid,
            unionid: this.data.unionid,
            nickname: userRes.userInfo.nickName,
            avatar: userRes.userInfo.avatarUrl
          }
        },
        success: (res) => {
          if (res.data.code === 0) {
            wx.showToast({
              title: '登录确认成功',
              icon: 'success'
            });
          }
        }
      });
    }
  });
 }
 ```
 ## 网页端轮询状态示例
 ```javascript
 // 网页端轮询检查登录状态
 function checkLoginStatus(token) {
  const interval = setInterval(() => {
    fetch(`/api/qr-login/status/${token}`)
      .then(res => res.json())
      .then(data => {
        if (data.code === 0) {
          const status = data.data.status;
          switch(status) {
            case 'pending':
              console.log('等待扫码...');
              break;
            case 'scanned':
              console.log('已扫码，等待确认...');
              break;
            case 'confirmed':
              console.log('登录成功！');
              localStorage.setItem('token', data.data.accessToken);
              clearInterval(interval);
              // 跳转到主页
              window.location.href = '/dashboard';
              break;
            case 'expired':
              console.log('二维码已过期');
              clearInterval(interval);
              // 重新生成二维码
              generateNewQrCode();
              break;
          }
        }
      });
  }, 2000); // 每2秒检查一次
 }
 ```
 ## 状态流转
 ```
 pending (等待扫码)
    ↓
 scanned (已扫码) 
    ↓
 confirmed (已确认) → 返回JWT token
    ↓
 expired (已过期)
 ```
 ## 特殊功能
 ### 1. 微信信息自动更新
 当微信小程序用户确认登录时，系统会自动更新用户的微信相关信息：
 - openid
 - unionid  
 - 昵称（如果用户昵称为空）
 - 头像（如果用户头像为空）
 ### 2. 平台识别
 系统会记录用户通过哪个平台进行的扫码登录，便于后续分析和统计。
 ### 3. 安全特性
 - Token有效期5分钟
 - 确认后Token立即失效，防止重复使用
 - 支持过期自动清理
 - JWT token有效期24小时
 ## 注意事项
 1. **微信小程序需要配置扫码权限**
 2. **确保用户已在小程序中登录**
 3. **处理用户拒绝授权的情况**
 4. **网页端需要定期轮询状态**
 5. **处理网络异常和超时情况**
 ## 错误处理
 常见错误码：
 - `token不能为空` - 请求参数缺失
 - `扫码登录token不存在或已过期` - Token无效
 - `用户不存在` - 用户ID无效
 - `用户已被冻结` - 用户状态异常
 建议在小程序端添加适当的错误提示和重试机制。
--- a/src/main/java/com/gxwebsoft/auto/controller/QrLoginController.java
+++ b/src/main/java/com/gxwebsoft/auto/controller/QrLoginController.java
@ -0,0 +1,104 @@
 package com.gxwebsoft.auto.controller;
 import com.gxwebsoft.auto.dto.QrLoginConfirmRequest;
 import com.gxwebsoft.auto.dto.QrLoginGenerateResponse;
 import com.gxwebsoft.auto.dto.QrLoginStatusResponse;
 import com.gxwebsoft.auto.service.QrLoginService;
 import com.gxwebsoft.common.core.web.BaseController;
 import com.gxwebsoft.common.core.web.ApiResult;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import javax.validation.Valid;
 /**
 * 认证模块
 *
 * @author 科技小王子
 * @since 2025-03-06 22:50:25
 */
@Tag(name = "认证模块")
@RestController
@RequestMapping("/api/qr-login")
 public class QrLoginController extends BaseController {
    @Autowired
    private QrLoginService qrLoginService;
    /**
     * 生成扫码登录token
     */
    @Operation(summary = "生成扫码登录token")
    @PostMapping("/generate")
    public ApiResult<?> generateQrLoginToken() {
        try {
            QrLoginGenerateResponse response = qrLoginService.generateQrLoginToken();
            return success("生成成功", response);
        } catch (Exception e) {
            return fail(e.getMessage());
        }
    }
    /**
     * 检查扫码登录状态
     */
    @Operation(summary = "检查扫码登录状态")
    @GetMapping("/status/{token}")
    public ApiResult<?> checkQrLoginStatus(
            @Parameter(description = "扫码登录token") @PathVariable String token) {
        try {
            QrLoginStatusResponse response = qrLoginService.checkQrLoginStatus(token);
            return success("查询成功", response);
        } catch (Exception e) {
            return fail(e.getMessage());
        }
    }
    /**
     * 确认扫码登录
     */
    @Operation(summary = "确认扫码登录")
    @PostMapping("/confirm")
    public ApiResult<?> confirmQrLogin(@Valid @RequestBody QrLoginConfirmRequest request) {
        try {
            QrLoginStatusResponse response = qrLoginService.confirmQrLogin(request);
            return success("确认成功", response);
        } catch (Exception e) {
            return fail(e.getMessage());
        }
    }
    /**
     * 扫码操作(可选接口，用于移动端扫码后更新状态)
     */
    @Operation(summary = "扫码操作")
    @PostMapping("/scan/{token}")
    public ApiResult<?> scanQrCode(@Parameter(description = "扫码登录token") @PathVariable String token) {
        try {
            boolean result = qrLoginService.scanQrCode(token);
            return success("操作成功", result);
        } catch (Exception e) {
            return fail(e.getMessage());
        }
    }
    /**
     * 微信小程序扫码登录确认(便捷接口)
     */
    @Operation(summary = "微信小程序扫码登录确认")
    @PostMapping("/wechat-confirm")
    public ApiResult<?> wechatMiniProgramConfirm(@Valid @RequestBody QrLoginConfirmRequest request) {
        try {
            // 设置平台为微信小程序
            request.setPlatform("miniprogram");
            QrLoginStatusResponse response = qrLoginService.confirmQrLogin(request);
            return success("微信小程序登录确认成功", response);
        } catch (Exception e) {
            return fail(e.getMessage());
        }
    }
 }
--- a/src/main/java/com/gxwebsoft/auto/dto/QrLoginConfirmRequest.java
+++ b/src/main/java/com/gxwebsoft/auto/dto/QrLoginConfirmRequest.java
@ -0,0 +1,50 @@
 package com.gxwebsoft.auto.dto;
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.Data;
 import javax.validation.constraints.NotBlank;
 /**
 * 扫码登录确认请求
 *
 * @author 科技小王子
 * @since 2025-08-31
 */
@Data
@Schema(description = "扫码登录确认请求")
 public class QrLoginConfirmRequest {
    @Schema(description = "扫码登录token")
    @NotBlank(message = "token不能为空")
    private String token;
    @Schema(description = "用户ID")
    private Integer userId;
    @Schema(description = "登录平台: web-网页端, app-移动应用, miniprogram-微信小程序")
    private String platform;
    @Schema(description = "微信小程序相关信息")
    private WechatMiniProgramInfo wechatInfo;
    /**
     * 微信小程序信息
     */
    @Data
    @Schema(description = "微信小程序信息")
    public static class WechatMiniProgramInfo {
        @Schema(description = "微信openid")
        private String openid;
        @Schema(description = "微信unionid")
        private String unionid;
        @Schema(description = "微信昵称")
        private String nickname;
        @Schema(description = "微信头像")
        private String avatar;
    }
 }
--- a/src/main/java/com/gxwebsoft/auto/dto/QrLoginData.java
+++ b/src/main/java/com/gxwebsoft/auto/dto/QrLoginData.java
@ -0,0 +1,55 @@
 package com.gxwebsoft.auto.dto;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 import java.time.LocalDateTime;
 /**
 * 扫码登录数据模型
 *
 * @author 科技小王子
 * @since 2025-08-31
 */
@Data
@NoArgsConstructor
@AllArgsConstructor
 public class QrLoginData {
    /**
     * 扫码登录token
     */
    private String token;
    /**
     * 状态: pending-等待扫码, scanned-已扫码, confirmed-已确认, expired-已过期
     */
    private String status;
    /**
     * 用户ID(扫码确认后设置)
     */
    private Integer userId;
    /**
     * 用户名(扫码确认后设置)
     */
    private String username;
    /**
     * 创建时间
     */
    private LocalDateTime createTime;
    /**
     * 过期时间
     */
    private LocalDateTime expireTime;
    /**
     * JWT访问令牌(确认后生成)
     */
    private String accessToken;
 }
--- a/src/main/java/com/gxwebsoft/auto/dto/QrLoginGenerateResponse.java
+++ b/src/main/java/com/gxwebsoft/auto/dto/QrLoginGenerateResponse.java
@ -0,0 +1,29 @@
 package com.gxwebsoft.auto.dto;
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 /**
 * 扫码登录生成响应
 *
 * @author 科技小王子
 * @since 2025-08-31
 */
@Data
@NoArgsConstructor
@AllArgsConstructor
@Schema(description = "扫码登录生成响应")
 public class QrLoginGenerateResponse {
    @Schema(description = "扫码登录token")
    private String token;
    @Schema(description = "二维码内容")
    private String qrCode;
    @Schema(description = "过期时间(秒)")
    private Long expiresIn;
 }
--- a/src/main/java/com/gxwebsoft/auto/dto/QrLoginStatusResponse.java
+++ b/src/main/java/com/gxwebsoft/auto/dto/QrLoginStatusResponse.java
@ -0,0 +1,32 @@
 package com.gxwebsoft.auto.dto;
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 /**
 * 扫码登录状态响应
 *
 * @author 科技小王子
 * @since 2025-08-31
 */
@Data
@NoArgsConstructor
@AllArgsConstructor
@Schema(description = "扫码登录状态响应")
 public class QrLoginStatusResponse {
    @Schema(description = "状态: pending-等待扫码, scanned-已扫码, confirmed-已确认, expired-已过期")
    private String status;
    @Schema(description = "JWT访问令牌(仅在confirmed状态时返回)")
    private String accessToken;
    @Schema(description = "用户信息(仅在confirmed状态时返回)")
    private Object userInfo;
    @Schema(description = "剩余过期时间(秒)")
    private Long expiresIn;
 }
--- a/src/main/java/com/gxwebsoft/auto/service/QrLoginService.java
+++ b/src/main/java/com/gxwebsoft/auto/service/QrLoginService.java
@ -0,0 +1,46 @@
 package com.gxwebsoft.auto.service;
 import com.gxwebsoft.auto.dto.QrLoginConfirmRequest;
 import com.gxwebsoft.auto.dto.QrLoginGenerateResponse;
 import com.gxwebsoft.auto.dto.QrLoginStatusResponse;
 /**
 * 扫码登录服务接口
 *
 * @author 科技小王子
 * @since 2025-08-31
 */
 public interface QrLoginService {
    /**
     * 生成扫码登录token
     *
     * @return QrLoginGenerateResponse
     */
    QrLoginGenerateResponse generateQrLoginToken();
    /**
     * 检查扫码登录状态
     *
     * @param token 扫码登录token
     * @return QrLoginStatusResponse
     */
    QrLoginStatusResponse checkQrLoginStatus(String token);
    /**
     * 确认扫码登录
     *
     * @param request 确认请求
     * @return QrLoginStatusResponse
     */
    QrLoginStatusResponse confirmQrLogin(QrLoginConfirmRequest request);
    /**
     * 扫码操作(更新状态为已扫码)
     *
     * @param token 扫码登录token
     * @return boolean
     */
    boolean scanQrCode(String token);
 }
--- a/src/main/java/com/gxwebsoft/auto/service/impl/QrLoginServiceImpl.java
+++ b/src/main/java/com/gxwebsoft/auto/service/impl/QrLoginServiceImpl.java
@ -0,0 +1,239 @@
 package com.gxwebsoft.auto.service.impl;
 import cn.hutool.core.lang.UUID;
 import cn.hutool.core.util.StrUtil;
 import com.gxwebsoft.auto.dto.*;
 import com.gxwebsoft.auto.service.QrLoginService;
 import com.gxwebsoft.common.core.security.JwtSubject;
 import com.gxwebsoft.common.core.security.JwtUtil;
 import com.gxwebsoft.common.core.utils.JSONUtil;
 import com.gxwebsoft.common.core.utils.RedisUtil;
 import com.gxwebsoft.common.system.entity.User;
 import com.gxwebsoft.common.system.service.UserService;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import java.time.LocalDateTime;
 import java.time.temporal.ChronoUnit;
 import java.util.concurrent.TimeUnit;
 import static com.gxwebsoft.common.core.constants.RedisConstants.*;
 /**
 * 扫码登录服务实现
 *
 * @author 科技小王子
 * @since 2025-08-31
 */
@Slf4j
@Service
 public class QrLoginServiceImpl implements QrLoginService {
    @Autowired
    private RedisUtil redisUtil;
    @Autowired
    private UserService userService;
    @Value("${config.jwt.secret:websoft-jwt-secret-key-2025}")
    private String jwtSecret;
    @Value("${config.jwt.expire:86400}")
    private Long jwtExpire;
    @Override
    public QrLoginGenerateResponse generateQrLoginToken() {
        // 生成唯一的扫码登录token
        String token = UUID.randomUUID().toString(true);
        // 创建扫码登录数据
        QrLoginData qrLoginData = new QrLoginData();
        qrLoginData.setToken(token);
        qrLoginData.setStatus(QR_LOGIN_STATUS_PENDING);
        qrLoginData.setCreateTime(LocalDateTime.now());
        qrLoginData.setExpireTime(LocalDateTime.now().plusSeconds(QR_LOGIN_TOKEN_TTL));
        // 存储到Redis，设置过期时间
        String redisKey = QR_LOGIN_TOKEN_KEY + token;
        redisUtil.set(redisKey, qrLoginData, QR_LOGIN_TOKEN_TTL, TimeUnit.SECONDS);
        log.info("生成扫码登录token: {}", token);
        // 构造二维码内容(这里可以是前端登录页面的URL + token参数)
        String qrCodeContent = "qr-login:" + token;
        return new QrLoginGenerateResponse(token, qrCodeContent, QR_LOGIN_TOKEN_TTL);
    }
    @Override
    public QrLoginStatusResponse checkQrLoginStatus(String token) {
        if (StrUtil.isBlank(token)) {
            return new QrLoginStatusResponse(QR_LOGIN_STATUS_EXPIRED, null, null, 0L);
        }
        String redisKey = QR_LOGIN_TOKEN_KEY + token;
        QrLoginData qrLoginData = redisUtil.get(redisKey, QrLoginData.class);
        if (qrLoginData == null) {
            return new QrLoginStatusResponse(QR_LOGIN_STATUS_EXPIRED, null, null, 0L);
        }
        // 检查是否过期
        if (LocalDateTime.now().isAfter(qrLoginData.getExpireTime())) {
            // 删除过期的token
            redisUtil.delete(redisKey);
            return new QrLoginStatusResponse(QR_LOGIN_STATUS_EXPIRED, null, null, 0L);
        }
        // 计算剩余过期时间
        long expiresIn = ChronoUnit.SECONDS.between(LocalDateTime.now(), qrLoginData.getExpireTime());
        QrLoginStatusResponse response = new QrLoginStatusResponse();
        response.setStatus(qrLoginData.getStatus());
        response.setExpiresIn(expiresIn);
        // 如果已确认，返回token和用户信息
        if (QR_LOGIN_STATUS_CONFIRMED.equals(qrLoginData.getStatus())) {
            response.setAccessToken(qrLoginData.getAccessToken());
            // 获取用户信息
            if (qrLoginData.getUserId() != null) {
                User user = userService.getByIdRel(qrLoginData.getUserId());
                if (user != null) {
                    // 清除敏感信息
                    user.setPassword(null);
                    response.setUserInfo(user);
                }
            }
            // 确认后删除token，防止重复使用
            redisUtil.delete(redisKey);
        }
        return response;
    }
    @Override
    public QrLoginStatusResponse confirmQrLogin(QrLoginConfirmRequest request) {
        String token = request.getToken();
        Integer userId = request.getUserId();
        String platform = request.getPlatform();
        if (StrUtil.isBlank(token) || userId == null) {
            throw new RuntimeException("参数不能为空");
        }
        String redisKey = QR_LOGIN_TOKEN_KEY + token;
        QrLoginData qrLoginData = redisUtil.get(redisKey, QrLoginData.class);
        if (qrLoginData == null) {
            throw new RuntimeException("扫码登录token不存在或已过期");
        }
        // 检查是否过期
        if (LocalDateTime.now().isAfter(qrLoginData.getExpireTime())) {
            redisUtil.delete(redisKey);
            throw new RuntimeException("扫码登录token已过期");
        }
        // 获取用户信息
        User user = userService.getByIdRel(userId);
        if (user == null) {
            throw new RuntimeException("用户不存在");
        }
        // 检查用户状态
        if (user.getStatus() != null && user.getStatus() != 0) {
            throw new RuntimeException("用户已被冻结");
        }
        // 如果是微信小程序登录，处理微信相关信息
        if ("miniprogram".equals(platform) && request.getWechatInfo() != null) {
            handleWechatMiniProgramLogin(user, request.getWechatInfo());
        }
        // 生成JWT token
        JwtSubject jwtSubject = new JwtSubject(user.getUsername(), user.getTenantId());
        String accessToken = JwtUtil.buildToken(jwtSubject, jwtExpire, jwtSecret);
        // 更新扫码登录数据
        qrLoginData.setStatus(QR_LOGIN_STATUS_CONFIRMED);
        qrLoginData.setUserId(userId);
        qrLoginData.setUsername(user.getUsername());
        qrLoginData.setAccessToken(accessToken);
        // 更新Redis中的数据
        redisUtil.set(redisKey, qrLoginData, 60L, TimeUnit.SECONDS); // 给前端60秒时间获取token
        log.info("用户 {} 通过 {} 平台确认扫码登录，token: {}", user.getUsername(),
                platform != null ? platform : "unknown", token);
        // 清除敏感信息
        user.setPassword(null);
        return new QrLoginStatusResponse(QR_LOGIN_STATUS_CONFIRMED, accessToken, user, 60L);
    }
    /**
     * 处理微信小程序登录相关逻辑
     */
    private void handleWechatMiniProgramLogin(User user, QrLoginConfirmRequest.WechatMiniProgramInfo wechatInfo) {
        // 更新用户的微信信息
        if (StrUtil.isNotBlank(wechatInfo.getOpenid())) {
            user.setOpenid(wechatInfo.getOpenid());
        }
        if (StrUtil.isNotBlank(wechatInfo.getUnionid())) {
            user.setUnionid(wechatInfo.getUnionid());
        }
        if (StrUtil.isNotBlank(wechatInfo.getNickname()) && StrUtil.isBlank(user.getNickname())) {
            user.setNickname(wechatInfo.getNickname());
        }
        if (StrUtil.isNotBlank(wechatInfo.getAvatar()) && StrUtil.isBlank(user.getAvatar())) {
            user.setAvatar(wechatInfo.getAvatar());
        }
        // 更新用户信息到数据库
        try {
            userService.updateById(user);
            log.info("更新用户 {} 的微信小程序信息成功", user.getUsername());
        } catch (Exception e) {
            log.warn("更新用户 {} 的微信小程序信息失败: {}", user.getUsername(), e.getMessage());
        }
    }
    @Override
    public boolean scanQrCode(String token) {
        if (StrUtil.isBlank(token)) {
            return false;
        }
        String redisKey = QR_LOGIN_TOKEN_KEY + token;
        QrLoginData qrLoginData = redisUtil.get(redisKey, QrLoginData.class);
        if (qrLoginData == null) {
            return false;
        }
        // 检查是否过期
        if (LocalDateTime.now().isAfter(qrLoginData.getExpireTime())) {
            redisUtil.delete(redisKey);
            return false;
        }
        // 只有pending状态才能更新为scanned
        if (QR_LOGIN_STATUS_PENDING.equals(qrLoginData.getStatus())) {
            qrLoginData.setStatus(QR_LOGIN_STATUS_SCANNED);
            // 计算剩余过期时间
            long remainingSeconds = ChronoUnit.SECONDS.between(LocalDateTime.now(), qrLoginData.getExpireTime());
            redisUtil.set(redisKey, qrLoginData, remainingSeconds, TimeUnit.SECONDS);
            log.info("扫码登录token {} 状态更新为已扫码", token);
            return true;
        }
        return false;
    }
 }
--- a/src/main/java/com/gxwebsoft/common/core/constants/RedisConstants.java
+++ b/src/main/java/com/gxwebsoft/common/core/constants/RedisConstants.java
@ -27,6 +27,14 @@ public class RedisConstants {
  // 扫码登录相关key
  public static final String QR_LOGIN_TOKEN_KEY = "qr-login:token:"; // 扫码登录token前缀
  public static final Long QR_LOGIN_TOKEN_TTL = 300L; // 扫码登录token过期时间(5分钟)
  public static final String QR_LOGIN_STATUS_PENDING = "pending"; // 等待扫码
  public static final String QR_LOGIN_STATUS_SCANNED = "scanned"; // 已扫码
  public static final String QR_LOGIN_STATUS_CONFIRMED = "confirmed"; // 已确认
  public static final String QR_LOGIN_STATUS_EXPIRED = "expired"; // 已过期
  // 哗啦啦key
  public static final String getAllShop = "allShop";
  public static final String getBaseInfo = "baseInfo";
--- a/src/main/java/com/gxwebsoft/common/core/security/SecurityConfig.java
+++ b/src/main/java/com/gxwebsoft/common/core/security/SecurityConfig.java
@ -39,6 +39,7 @@ public class SecurityConfig {
                .permitAll()
                .antMatchers(
                        "/api/login",
                        "/api/qr-login/**",
                        "/api/register",
                        "/api/cms/website/createWebsite",
                        "/druid/**",
--- a/src/main/java/com/gxwebsoft/common/system/controller/WxLoginController.java
+++ b/src/main/java/com/gxwebsoft/common/system/controller/WxLoginController.java
@ -402,7 +402,7 @@ public class WxLoginController extends BaseController {
        String apiUrl = "https://api.weixin.qq.com/wxa/getwxacode?access_token=" + getAccessToken();
        final HashMap<String, Object> map = new HashMap<>();
        map.put("path", "/package/admin/order-scan?orderNo=".concat(orderNo));
        map.put("env_version", "trial");
        map.put("env_version", "release");
        // 获取图片 Buffer
        byte[] qrCode = HttpRequest.post(apiUrl)
                .body(JSON.toJSONString(map))
@ -439,7 +439,7 @@ public class WxLoginController extends BaseController {
            final HashMap<String, Object> map = new HashMap<>();
            map.put("scene", scene);
            map.put("page", "pages/index/index");
            map.put("env_version", "trial");
            map.put("env_version", "release");
            String jsonBody = JSON.toJSONString(map);
            System.out.println("请求的 JSON body = " + jsonBody);
--- a/src/main/resources/application-dev.yml
+++ b/src/main/resources/application-dev.yml
@ -48,6 +48,11 @@ config:
  server-url: https://server.websoft.top/api
  upload-path: /Users/gxwebsoft/JAVA/mp-java/src/main/resources/   # window(D:\Temp)
  # JWT配置
  jwt:
    secret: websoft-jwt-secret-key-2025-dev-environment
    expire: 86400  # token过期时间(秒) 24小时
 # 开发环境证书配置
 certificate:
  load-mode: CLASSPATH  # 开发环境从classpath加载