优化乐云(LE)正则以支持 /mshare/ 格式，补充测试用例

Agent-Logs-Url: https://github.com/qaiu/netdisk-fast-download/sessions/7341ab49-5648-498c-b153-0fcd3b3f8aad

Co-authored-by: qaiu <29825328+qaiu@users.noreply.github.com>

README.md

@@ -24,7 +24,13 @@
 # netdisk-fast-download 网盘分享链接云解析服务  
 QQ交流群：1017480890
 
-netdisk-fast-download网盘直链云解析(nfd云解析)能把网盘分享下载链接转化为直链，支持多款云盘，已支持蓝奏云/蓝奏云优享/奶牛快传/移动云云空间/小飞机盘/亿方云/123云盘/Cloudreve等，支持加密分享，以及部分网盘文件夹分享。  
+> netdisk-fast-download网盘直链解析可以把云盘分享链接转为直链，可广泛应用于各类下载站，资源站，个人博客，图床，APP下载更新，视频点播等领域。支持市面各大主流云盘的文件分享以及文件夹分享链接，已支持蓝奏云/蓝奏云优享/奶牛快传/移动云云空间/小飞机盘/亿方云/123云盘/Cloudreve等，支持加密分享，以及部分网盘文件夹分享。  
+
+[官方文档](https://nfd-parser.github.io/)  
+[API接入](https://nfdparser.apifox.cn/)  
+[公益解析，lz站](https://lz.qaiu.top)  
+[公益解析，lz0m站](https://lz0.qaiu.top)  
+[专业版189站，注册体验](https://189.qaiu.top)  
 
 ## 快速开始
 命令行下载分享文件：  
@@ -50,15 +56,10 @@ https://nfd-parser.github.io/nfd-preview/preview.html?src=https%3A%2F%2Flz.qaiu.
 
 **Playground功能：** [JS解析器演练场密码保护说明](web-service/doc/PLAYGROUND_PASSWORD_PROTECTION.md)
 
-## 体验地址  
-[公益解析1](https://lz.qaiu.top)  
-[公益解析2](https://lz0.qaiu.top)  
-[大文件解析专属版，限时开放，注册体验](https://189.qaiu.top)  
 
-main分支依赖JDK17, 提供了JDK11分支[main-jdk11](https://github.com/qaiu/netdisk-fast-download/tree/main-jdk11)  
-**0.1.8及以上版本json接口格式有调整 参考json返回数据格式示例**  
-**小飞机解析有IP限制，多数云服务商的大陆IP会被拦截（可以自行配置代理），和本程序无关**  
-**注意: 请不要过度依赖lz.qaiu.top预览地址服务，建议本地搭建或者云服务器自行搭建。解析次数过多IP会被部分网盘厂商限制，不推荐做公共解析。**  
+**注意⚠️小飞机解析有IP限制，多数云服务商的大陆IP会被拦截（可以自行配置代理），和本程序无关**  
+**注意⚠️收到很多用户反馈，小飞机近期封号频繁，请尽可能选择其他网盘分享**  
+**注意⚠️请不要过度依赖 lz.qaiu.top，建议本地搭建或者云服务器自行搭建。请求量过多的话服务器可能会被云盘厂商限制，遇到解析失败的分享链接不要着急提issues，请先检查分享是否有效，** [lz站](https://lz.qaiu.top) 和 [lz0](https://lz0.qaiu.top) 不支持大文件，请使用 [189站](https://189.qaiu.top) 注册体验。
 
 ## 网盘支持情况:
 > 20230905 奶牛云直链做了防盗链，需加入请求头：Referer: https://cowtransfer.com/  

parser/src/main/java/cn/qaiu/parser/PanDomainTemplate.java

@@ -113,9 +113,9 @@ public enum PanDomainTemplate {
             "https://www.feijix.com/s/{shareKey}",
             FjTool.class),
 
-    // https://lecloud.lenovo.com/share/
+    // https://lecloud.lenovo.com/share/  https://lecloud.lenovo.com/mshare/
     LE("联想乐云",
-            compile("https://lecloud?\\.lenovo\\.com/share/(?<KEY>.+)"),
+            compile("https://lecloud?\\.lenovo\\.com/m?share/(?<KEY>.+)"),
             "https://lecloud.lenovo.com/share/{shareKey}",
             LeTool.class),
 

parser/src/test/java/cn/qaiu/parser/PanDomainTemplateTest.java

@@ -129,6 +129,25 @@ public class PanDomainTemplateTest {
                 wsPattern.matcher("https://www.evil.com/f/abc123").matches());
     }
 
+    @Test
+    public void testLePatternMatching() {
+        Pattern lePattern = PanDomainTemplate.LE.getPattern();
+
+        // /share/ 格式
+        Matcher m1 = lePattern.matcher("https://lecloud.lenovo.com/share/abc123");
+        assertTrue("LE pattern should match /share/ format", m1.matches());
+        assertEquals("abc123", m1.group("KEY"));
+
+        // /mshare/ 格式
+        Matcher m2 = lePattern.matcher("https://lecloud.lenovo.com/mshare/xyz789");
+        assertTrue("LE pattern should match /mshare/ format", m2.matches());
+        assertEquals("xyz789", m2.group("KEY"));
+
+        // 负例：错误路径不匹配
+        assertFalse("Wrong path should not match",
+                lePattern.matcher("https://lecloud.lenovo.com/s/abc123").matches());
+    }
+
     @Test
     public void verifyDuplicates() {
 

web-service/src/main/java/cn/qaiu/lz/common/util/JwtUtil.java

@@ -0,0 +1,185 @@
+package cn.qaiu.lz.common.util;
+
+import cn.qaiu.lz.web.model.SysUser;
+import io.vertx.core.json.JsonObject;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.charset.StandardCharsets;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.time.Instant;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.util.Base64;
+import java.util.Date;
+
+/**
+ * JWT工具类，用于生成和验证JWT token
+ */
+public class JwtUtil {
+
+    private static final long EXPIRE_TIME = 24 * 60 * 60 * 1000; // token过期时间，24小时
+    private static final String SECRET_KEY = "netdisk-fast-download-jwt-secret-key"; // 密钥
+    private static final String ALGORITHM = "HmacSHA256";
+
+    /**
+     * 生成JWT token
+     *
+     * @param user 用户信息
+     * @return JWT token
+     */
+    public static String generateToken(SysUser user) {
+        long expireTime = getExpireTime();
+
+        // Header
+        JsonObject header = new JsonObject()
+                .put("alg", "HS256")
+                .put("typ", "JWT");
+
+        // Payload
+        JsonObject payload = new JsonObject()
+                .put("id", user.getId())
+                .put("username", user.getUsername())
+                .put("role", user.getRole())
+                .put("exp", expireTime)
+                .put("iat", System.currentTimeMillis())
+                .put("iss", "netdisk-fast-download");
+
+        // Base64 encode header and payload
+        String encodedHeader = Base64.getUrlEncoder().withoutPadding().encodeToString(header.encode().getBytes(StandardCharsets.UTF_8));
+        String encodedPayload = Base64.getUrlEncoder().withoutPadding().encodeToString(payload.encode().getBytes(StandardCharsets.UTF_8));
+
+        // Create signature
+        String signature = hmacSha256(encodedHeader + "." + encodedPayload, SECRET_KEY);
+
+        // Combine to form JWT
+        return encodedHeader + "." + encodedPayload + "." + signature;
+    }
+
+    /**
+     * 使用HMAC-SHA256算法生成签名
+     *
+     * @param data 要签名的数据
+     * @param key 密钥
+     * @return 签名
+     */
+    private static String hmacSha256(String data, String key) {
+        try {
+            Mac sha256Hmac = Mac.getInstance(ALGORITHM);
+            SecretKeySpec secretKey = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), ALGORITHM);
+            sha256Hmac.init(secretKey);
+            byte[] signedBytes = sha256Hmac.doFinal(data.getBytes(StandardCharsets.UTF_8));
+            return Base64.getUrlEncoder().withoutPadding().encodeToString(signedBytes);
+        } catch (NoSuchAlgorithmException | InvalidKeyException e) {
+            throw new RuntimeException("Error creating HMAC SHA256 signature", e);
+        }
+    }
+
+    /**
+     * 验证JWT token
+     *
+     * @param token JWT token
+     * @return 如果token有效返回true，否则返回false
+     */
+    public static boolean validateToken(String token) {
+        try {
+            String[] parts = token.split("\\.");
+            if (parts.length != 3) {
+                return false;
+            }
+
+            String encodedHeader = parts[0];
+            String encodedPayload = parts[1];
+            String signature = parts[2];
+
+            // 验证签名
+            String expectedSignature = hmacSha256(encodedHeader + "." + encodedPayload, SECRET_KEY);
+            if (!expectedSignature.equals(signature)) {
+                return false;
+            }
+
+            // 验证过期时间
+            String payload = new String(Base64.getUrlDecoder().decode(encodedPayload), StandardCharsets.UTF_8);
+            JsonObject payloadJson = new JsonObject(payload);
+            long expTime = payloadJson.getLong("exp", 0L);
+
+            return System.currentTimeMillis() < expTime;
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+    /**
+     * 从token中获取用户ID
+     *
+     * @param token JWT token
+     * @return 用户ID
+     */
+    public static String getUserIdFromToken(String token) {
+        String[] parts = token.split("\\.");
+        if (parts.length != 3) {
+            return null;
+        }
+
+        // Base64解码
+        String payload = new String(Base64.getUrlDecoder().decode(parts[1]), StandardCharsets.UTF_8);
+        JsonObject jsonObject = new JsonObject(payload);
+        return jsonObject.getString("id");
+    }
+
+    /**
+     * 从token中获取用户名
+     *
+     * @param token JWT token
+     * @return 用户名
+     */
+    public static String getUsernameFromToken(String token) {
+        String[] parts = token.split("\\.");
+        if (parts.length != 3) {
+            return null;
+        }
+
+        // Base64解码
+        String payload = new String(Base64.getUrlDecoder().decode(parts[1]), StandardCharsets.UTF_8);
+        JsonObject jsonObject = new JsonObject(payload);
+        return jsonObject.getString("username");
+    }
+
+    /**
+     * 从token中获取用户角色
+     *
+     * @param token JWT token
+     * @return 用户角色
+     */
+    public static String getRoleFromToken(String token) {
+        String[] parts = token.split("\\.");
+        if (parts.length != 3) {
+            return null;
+        }
+
+        // Base64解码
+        String payload = new String(Base64.getUrlDecoder().decode(parts[1]), StandardCharsets.UTF_8);
+        JsonObject jsonObject = new JsonObject(payload);
+        return jsonObject.getString("role");
+    }
+
+    /**
+     * 获取过期时间
+     *
+     * @return 过期时间戳
+     */
+    private static long getExpireTime() {
+        return System.currentTimeMillis() + EXPIRE_TIME;
+    }
+
+    /**
+     * 将过期时间戳转换为LocalDateTime
+     *
+     * @param expireTime 过期时间戳
+     * @return LocalDateTime
+     */
+    public static LocalDateTime getExpireTimeAsLocalDateTime(long expireTime) {
+        return LocalDateTime.ofInstant(Instant.ofEpochMilli(expireTime), ZoneId.systemDefault());
+    }
+}

web-service/src/main/java/cn/qaiu/lz/web/model/SysUser.java

@@ -0,0 +1,60 @@
+package cn.qaiu.lz.web.model;
+
+import cn.qaiu.db.ddl.Table;
+import cn.qaiu.lz.common.ToJson;
+import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import io.vertx.codegen.annotations.DataObject;
+import io.vertx.core.json.JsonObject;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+
+@Data
+@DataObject
+@NoArgsConstructor
+@Table("sys_user")
+public class SysUser implements ToJson {
+    private String id;
+    private String username;
+
+    private String password;
+
+    private String email;
+    private String phone;
+    private String avatar;
+
+    // 用户状态：0-禁用，1-正常
+    private Integer status;
+
+    // 用户角色：admin-管理员，user-普通用户
+    private String role;
+
+    // 最后登录时间
+    @JsonFormat(pattern = "yyyy-MM-dd'T'HH:mm:ss")
+    private LocalDateTime lastLoginTime;
+
+    private Integer age;
+    @JsonFormat(pattern = "yyyy-MM-dd'T'HH:mm:ss")
+    private LocalDateTime createTime;
+
+    public SysUser(JsonObject json) {
+        this.id = json.getString("id");
+        this.username = json.getString("username");
+        this.password = json.getString("password");
+        this.email = json.getString("email");
+        this.phone = json.getString("phone");
+        this.avatar = json.getString("avatar");
+        this.status = json.getInteger("status");
+        this.role = json.getString("role");
+        this.age = json.getInteger("age");
+        if (json.getString("createTime") != null) {
+            this.createTime = LocalDateTime.parse(json.getString("createTime"));
+        }
+        if (json.getString("lastLoginTime") != null) {
+            this.lastLoginTime = LocalDateTime.parse(json.getString("lastLoginTime"));
+        }
+    }
+}

web-service/src/main/java/cn/qaiu/lz/web/service/UserService.java

@@ -0,0 +1,51 @@
+package cn.qaiu.lz.web.service;
+
+import cn.qaiu.lz.web.model.SysUser;
+import cn.qaiu.vx.core.base.BaseAsyncService;
+import io.vertx.codegen.annotations.ProxyGen;
+import io.vertx.core.Future;
+import io.vertx.core.json.JsonObject;
+
+/**
+ * 用户服务接口
+ * <br>Create date 2021/8/27 14:06
+ *
+ * @author <a href="https://qaiu.top">QAIU</a>
+ */
+@ProxyGen
+public interface UserService extends BaseAsyncService {
+    /**
+     * 用户登录
+     * @param user 包含用户名和密码的用户对象
+     * @return 登录成功返回用户信息和token，失败返回错误信息
+     */
+    Future<JsonObject> login(SysUser user);
+
+    /**
+     * 根据用户名获取用户信息
+     * @param username 用户名
+     * @return 用户信息
+     */
+    Future<SysUser> getUserByUsername(String username);
+
+    /**
+     * 创建新用户
+     * @param user 用户信息
+     * @return 创建成功返回用户信息，失败返回错误信息
+     */
+    Future<SysUser> createUser(SysUser user);
+
+    /**
+     * 更新用户信息
+     * @param user 用户信息
+     * @return 更新成功返回用户信息，失败返回错误信息
+     */
+    Future<SysUser> updateUser(SysUser user);
+
+    /**
+     * 验证token
+     * @param token JWT token
+     * @return 验证成功返回用户信息，失败返回错误信息
+     */
+    Future<JsonObject> validateToken(String token);
+}

web-service/src/main/java/cn/qaiu/lz/web/service/impl/UserServiceImpl.java

@@ -0,0 +1,414 @@
+package cn.qaiu.lz.web.service.impl;
+
+import cn.qaiu.db.pool.JDBCPoolInit;
+import cn.qaiu.lz.common.util.JwtUtil;
+import cn.qaiu.lz.common.util.PasswordUtil;
+import cn.qaiu.lz.web.model.SysUser;
+import cn.qaiu.lz.web.service.UserService;
+import cn.qaiu.vx.core.annotaions.Service;
+import io.vertx.core.Future;
+import io.vertx.core.Promise;
+import io.vertx.core.json.JsonObject;
+import io.vertx.jdbcclient.JDBCPool;
+import io.vertx.sqlclient.Row;
+import io.vertx.sqlclient.RowSet;
+import io.vertx.sqlclient.Tuple;
+import lombok.extern.slf4j.Slf4j;
+
+import java.sql.Timestamp;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.util.UUID;
+
+/**
+ * 用户服务实现类
+ * <br>Create date 2021/8/27 14:09
+ *
+ * @author <a href="https://qaiu.top">QAIU</a>
+ */
+@Slf4j
+@Service
+public class UserServiceImpl implements UserService {
+
+    private final JDBCPool jdbcPool = JDBCPoolInit.instance().getPool();
+
+    // 初始化方法，确保管理员用户存在
+    public void init() {
+        // 检查管理员用户是否存在
+        getUserByUsername("admin")
+                .onSuccess(user -> {
+                    log.info("管理员用户已存在");
+                })
+                .onFailure(err -> {
+                    // 创建管理员用户
+                    SysUser admin = new SysUser();
+                    admin.setId(UUID.randomUUID().toString());
+                    admin.setUsername("admin");
+                    admin.setPassword(PasswordUtil.hashPassword("admin123"));
+                    admin.setEmail("admin@example.com");
+                    admin.setRole("admin");
+                    admin.setStatus(1);
+                    admin.setCreateTime(LocalDateTime.now());
+                    
+                    createUser(admin)
+                            .onSuccess(result -> log.info("管理员用户创建成功"))
+                            .onFailure(error -> log.error("管理员用户创建失败", error));
+                });
+    }
+
+    // 新增一个工具方法来过滤敏感信息
+    private SysUser filterSensitiveInfo(SysUser user) {
+        if (user != null) {
+            SysUser filtered = new SysUser();
+            // 复制除密码外的所有字段
+            filtered.setId(user.getId());
+            filtered.setUsername(user.getUsername());
+            filtered.setEmail(user.getEmail());
+            filtered.setPhone(user.getPhone());
+            filtered.setAvatar(user.getAvatar());
+            filtered.setRole(user.getRole());
+            filtered.setStatus(user.getStatus());
+            filtered.setCreateTime(user.getCreateTime());
+            filtered.setLastLoginTime(user.getLastLoginTime());
+            return filtered;
+        }
+        return null;
+    }
+
+    // 将Row转换为SysUser对象
+    private SysUser rowToUser(Row row) {
+        if (row == null) {
+            return null;
+        }
+        
+        SysUser user = new SysUser();
+        user.setId(row.getString("id"));
+        user.setUsername(row.getString("username"));
+        user.setPassword(row.getString("password"));
+        user.setEmail(row.getString("email"));
+        user.setPhone(row.getString("phone"));
+        user.setAvatar(row.getString("avatar"));
+        user.setRole(row.getString("role"));
+        user.setStatus(row.getInteger("status"));
+        
+        // 处理日期时间字段
+        LocalDateTime createTime = row.getLocalDateTime("create_time");
+        if (createTime != null) {
+            user.setCreateTime(createTime);
+        }
+        
+        LocalDateTime lastLoginTime = row.getLocalDateTime("last_login_time");
+        if (lastLoginTime != null) {
+            user.setLastLoginTime(lastLoginTime);
+        }
+        
+        return user;
+    }
+
+    @Override
+    public Future<JsonObject> login(SysUser user) {
+        // 参数校验
+        if (user == null || user.getUsername() == null || user.getPassword() == null) {
+            return Future.succeededFuture(new JsonObject()
+                    .put("success", false)
+                    .put("message", "用户名和密码不能为空"));
+        }
+
+        Promise<JsonObject> promise = Promise.promise();
+        
+        // 查询用户
+        String sql = "SELECT * FROM sys_user WHERE username = ?";
+        
+        jdbcPool.preparedQuery(sql)
+                .execute(Tuple.of(user.getUsername()))
+                .onSuccess(rows -> {
+                    if (rows.size() == 0) {
+                        promise.complete(new JsonObject()
+                                .put("success", false)
+                                .put("message", "用户不存在"));
+                        return;
+                    }
+                    
+                    Row row = rows.iterator().next();
+                    SysUser existUser = rowToUser(row);
+                    
+                    // 验证密码
+                    if (!PasswordUtil.checkPassword(user.getPassword(), existUser.getPassword())) {
+                        promise.complete(new JsonObject()
+                                .put("success", false)
+                                .put("message", "密码错误"));
+                        return;
+                    }
+                    
+                    // 更新最后登录时间
+                    LocalDateTime now = LocalDateTime.now();
+                    existUser.setLastLoginTime(now);
+                    
+                    // 更新数据库中的最后登录时间
+                    String updateSql = "UPDATE sys_user SET last_login_time = ? WHERE username = ?";
+                    jdbcPool.preparedQuery(updateSql)
+                            .execute(Tuple.of(
+                                    Timestamp.from(now.atZone(ZoneId.systemDefault()).toInstant()),
+                                    existUser.getUsername()
+                            ))
+                            .onFailure(err -> log.error("更新最后登录时间失败", err));
+                    
+                    // 生成token
+                    String token = JwtUtil.generateToken(existUser);
+                    
+                    // 返回用户信息和token
+                    JsonObject value = JsonObject.mapFrom(existUser);
+                    value.remove("password");
+                    promise.complete(new JsonObject()
+                            .put("success", true)
+                            .put("message", "登录成功")
+                            .put("token", token)
+                            .put("user", value));
+                })
+                .onFailure(err -> {
+                    log.error("登录查询失败", err);
+                    promise.complete(new JsonObject()
+                            .put("success", false)
+                            .put("message", "登录失败: " + err.getMessage()));
+                });
+        
+        return promise.future();
+    }
+
+    @Override
+    public Future<SysUser> getUserByUsername(String username) {
+        if (username == null || username.isEmpty()) {
+            return Future.failedFuture("用户名不能为空");
+        }
+
+        Promise<SysUser> promise = Promise.promise();
+        
+        String sql = "SELECT * FROM sys_user WHERE username = ?";
+        
+        jdbcPool.preparedQuery(sql)
+                .execute(Tuple.of(username))
+                .onSuccess(rows -> {
+                    if (rows.size() == 0) {
+                        promise.fail("用户不存在");
+                        return;
+                    }
+                    
+                    Row row = rows.iterator().next();
+                    SysUser user = rowToUser(row);
+                    promise.complete(filterSensitiveInfo(user));
+                })
+                .onFailure(err -> {
+                    log.error("查询用户失败", err);
+                    promise.fail("查询用户失败: " + err.getMessage());
+                });
+        
+        return promise.future();
+    }
+
+    @Override
+    public Future<SysUser> createUser(SysUser user) {
+        // 参数校验
+        if (user == null || user.getUsername() == null || user.getPassword() == null) {
+            return Future.failedFuture("用户名和密码不能为空");
+        }
+
+        Promise<SysUser> promise = Promise.promise();
+        
+        // 先检查用户是否已存在
+        String checkSql = "SELECT COUNT(*) as count FROM sys_user WHERE username = ?";
+        
+        jdbcPool.preparedQuery(checkSql)
+                .execute(Tuple.of(user.getUsername()))
+                .onSuccess(rows -> {
+                    Row row = rows.iterator().next();
+                    long count = row.getLong("count");
+                    
+                    if (count > 0) {
+                        promise.fail("用户名已存在");
+                        return;
+                    }
+                    
+                    // 设置用户ID和创建时间
+                    if (user.getId() == null) {
+                        user.setId(UUID.randomUUID().toString());
+                    }
+                    if (user.getCreateTime() == null) {
+                        user.setCreateTime(LocalDateTime.now());
+                    }
+                    
+                    // 设置默认角色和状态
+                    if (user.getRole() == null) {
+                        user.setRole("user");
+                    }
+                    if (user.getStatus() == null) {
+                        user.setStatus(1);
+                    }
+                    
+                    // 对密码进行加密
+                    String plainPassword = user.getPassword();
+                    user.setPassword(PasswordUtil.hashPassword(plainPassword));
+                    
+                    // 插入用户
+                    String insertSql = "INSERT INTO sys_user (id, username, password, email, phone, avatar, role, status, create_time) " +
+                            "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)";
+                    
+                    jdbcPool.preparedQuery(insertSql)
+                            .execute(Tuple.of(
+                                    user.getId(),
+                                    user.getUsername(),
+                                    user.getPassword(),
+                                    user.getEmail(),
+                                    user.getPhone(),
+                                    user.getAvatar(),
+                                    user.getRole(),
+                                    user.getStatus(),
+                                    Timestamp.from(user.getCreateTime().atZone(ZoneId.systemDefault()).toInstant())
+                            ))
+                            .onSuccess(result -> {
+                                promise.complete(filterSensitiveInfo(user));
+                            })
+                            .onFailure(err -> {
+                                log.error("创建用户失败", err);
+                                promise.fail("创建用户失败: " + err.getMessage());
+                            });
+                })
+                .onFailure(err -> {
+                    log.error("检查用户是否存在失败", err);
+                    promise.fail("创建用户失败: " + err.getMessage());
+                });
+        
+        return promise.future();
+    }
+
+    @Override
+    public Future<SysUser> updateUser(SysUser user) {
+        // 参数校验
+        if (user == null || user.getUsername() == null) {
+            return Future.failedFuture("用户名不能为空");
+        }
+
+        Promise<SysUser> promise = Promise.promise();
+        
+        // 先检查用户是否存在
+        String checkSql = "SELECT * FROM sys_user WHERE username = ?";
+        
+        jdbcPool.preparedQuery(checkSql)
+                .execute(Tuple.of(user.getUsername()))
+                .onSuccess(rows -> {
+                    if (rows.size() == 0) {
+                        promise.fail("用户不存在");
+                        return;
+                    }
+                    
+                    Row row = rows.iterator().next();
+                    SysUser existUser = rowToUser(row);
+                    
+                    // 构建更新SQL
+                    StringBuilder updateSql = new StringBuilder("UPDATE sys_user SET ");
+                    Tuple params = Tuple.tuple();
+                    
+                    if (user.getEmail() != null) {
+                        updateSql.append("email = ?, ");
+                        params.addValue(user.getEmail());
+                    }
+                    
+                    if (user.getPhone() != null) {
+                        updateSql.append("phone = ?, ");
+                        params.addValue(user.getPhone());
+                    }
+                    
+                    if (user.getAvatar() != null) {
+                        updateSql.append("avatar = ?, ");
+                        params.addValue(user.getAvatar());
+                    }
+                    
+                    if (user.getStatus() != null) {
+                        updateSql.append("status = ?, ");
+                        params.addValue(user.getStatus());
+                    }
+                    
+                    if (user.getRole() != null) {
+                        updateSql.append("role = ?, ");
+                        params.addValue(user.getRole());
+                    }
+                    
+                    if (user.getPassword() != null) {
+                        updateSql.append("password = ?, ");
+                        params.addValue(PasswordUtil.hashPassword(user.getPassword()));
+                    }
+                    
+                    // 移除最后的逗号和空格
+                    String sql = updateSql.toString();
+                    if (sql.endsWith(", ")) {
+                        sql = sql.substring(0, sql.length() - 2);
+                    }
+                    
+                    // 如果没有要更新的字段，直接返回
+                    if (params.size() == 0) {
+                        promise.complete(filterSensitiveInfo(existUser));
+                        return;
+                    }
+                    
+                    // 添加WHERE条件
+                    sql += " WHERE username = ?";
+                    params.addValue(user.getUsername());
+                    
+                    // 执行更新
+                    jdbcPool.preparedQuery(sql)
+                            .execute(params)
+                            .onSuccess(result -> {
+                                // 重新查询用户信息
+                                getUserByUsername(user.getUsername())
+                                        .onSuccess(promise::complete)
+                                        .onFailure(promise::fail);
+                            })
+                            .onFailure(err -> {
+                                log.error("更新用户失败", err);
+                                promise.fail("更新用户失败: " + err.getMessage());
+                            });
+                })
+                .onFailure(err -> {
+                    log.error("查询用户失败", err);
+                    promise.fail("更新用户失败: " + err.getMessage());
+                });
+        
+        return promise.future();
+    }
+
+    @Override
+    public Future<JsonObject> validateToken(String token) {
+        if (token == null || token.isEmpty()) {
+            return Future.succeededFuture(new JsonObject()
+                    .put("success", false)
+                    .put("message", "Token不能为空"));
+        }
+
+        // 验证token
+        boolean isValid = JwtUtil.validateToken(token);
+        if (!isValid) {
+            return Future.succeededFuture(new JsonObject()
+                    .put("success", false)
+                    .put("message", "Token无效或已过期"));
+        }
+
+        // 获取用户信息
+        String username = JwtUtil.getUsernameFromToken(token);
+        
+        Promise<JsonObject> promise = Promise.promise();
+        
+        getUserByUsername(username)
+                .onSuccess(user -> {
+                    promise.complete(new JsonObject()
+                            .put("success", true)
+                            .put("message", "Token有效")
+                            .put("user", JsonObject.mapFrom(user)));
+                })
+                .onFailure(err -> {
+                    promise.complete(new JsonObject()
+                            .put("success", false)
+                            .put("message", "用户不存在"));
+                });
+        
+        return promise.future();
+    }
+}