添加认证拦截器和WebMvc配置以处理请求的身份验证

src/main/java/work/baiyun/chronicdiseaseapp/config/AuthInterceptor.java

@@ -0,0 +1,41 @@
+package work.baiyun.chronicdiseaseapp.config;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+import work.baiyun.chronicdiseaseapp.service.TokenService;
+
+
+@Component
+public class AuthInterceptor implements HandlerInterceptor {
+
+    private final TokenService tokenService;
+
+    @Autowired
+    public AuthInterceptor(TokenService tokenService) {
+        this.tokenService = tokenService;
+    }
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        String token = request.getHeader("X-Token");
+        if (token == null || token.isEmpty()) {
+            // no token
+            response.setStatus(HttpStatus.UNAUTHORIZED.value());
+            return false;
+        }
+
+        Long userId = tokenService.validateToken(token);
+        if (userId == null) {
+            response.setStatus(HttpStatus.UNAUTHORIZED.value());
+            return false;
+        }
+
+        // 将 userId 放入 request attribute，后续 controller 可用
+        request.setAttribute("currentUserId", userId);
+        return true;
+    }
+}

src/main/java/work/baiyun/chronicdiseaseapp/config/WebMvcConfig.java

@@ -0,0 +1,35 @@
+package work.baiyun.chronicdiseaseapp.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.lang.NonNull;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class WebMvcConfig implements WebMvcConfigurer {
+
+    private final AuthInterceptor authInterceptor;
+
+    @Autowired
+    public WebMvcConfig(AuthInterceptor authInterceptor) {
+        this.authInterceptor = authInterceptor;
+    }
+
+    @Override
+    public void addInterceptors(@NonNull InterceptorRegistry registry) {
+        // 拦截所有请求，但排除登录和 Swagger/OpenAPI 相关路径
+        registry.addInterceptor(authInterceptor)
+                .addPathPatterns("/**")
+                .excludePathPatterns(
+                        "/", 
+                        "/get_openid",
+                        "/v3/api-docs/**",
+                        "/swagger-ui/**",
+                        "/swagger-ui.html",
+                        "/doc.html",
+                        "/webjars/**",
+                        "/favicon.ico"
+                );
+    }
+}