feat(chaos-api): 初始化项目基础结构

- 新增 ApiResult 类用于统一返回结果
- 添加应用配置文件和日志配置文件
- 配置 MyBatis-Plus 和 Druid 数据源
- 实现基本的安全配置，包括未授权和权限不足的处理
- 引入必要的依赖，如 lombok、fastjson2、MariaDB驱动等

chaos_api_web/src/main/java/cn/nopj/chaos_api/config/sec/RestAuthenticationEntryPoint.java

@@ -0,0 +1,28 @@
+package cn.nopj.chaos_api.config.sec;
+
+import cn.nopj.chaos_api.model.ApiResult;
+import com.alibaba.fastjson2.JSONObject;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException {
+        response.setCharacterEncoding("UTF-8");
+        response.setContentType("application/json");
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+
+        ApiResult<Object> result = ApiResult.failed("未授权");
+
+        String string = JSONObject.toJSONString(result);
+        response.getWriter().print(string);
+        response.getWriter().flush();
+    }
+}

chaos_api_web/src/main/java/cn/nopj/chaos_api/config/sec/RestfulAccessDeniedHandler.java

@@ -0,0 +1,29 @@
+package cn.nopj.chaos_api.config.sec;
+
+import cn.nopj.chaos_api.model.ApiResult;
+import com.alibaba.fastjson2.JSONObject;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+public class RestfulAccessDeniedHandler implements AccessDeniedHandler {
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException {
+        response.setCharacterEncoding("UTF-8");
+        response.setContentType("application/json");
+        response.setStatus(HttpServletResponse.SC_FORBIDDEN); // 状态码 403
+
+        ApiResult<String> result = ApiResult.failed(HttpServletResponse.SC_FORBIDDEN, "权限不足，请联系管理员");
+
+        response.getWriter().println(JSONObject.toJSONString( result));
+        response.getWriter().flush();
+    }
+
+
+}

chaos_api_web/src/main/java/cn/nopj/chaos_api/config/sec/SecurityConfig.java

@@ -0,0 +1,40 @@
+package cn.nopj.chaos_api.config.sec;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    private final RestAuthenticationEntryPoint restAuthenticationEntryPoint;
+    private final RestfulAccessDeniedHandler restfulAccessDeniedHandler;
+
+    public SecurityConfig(RestAuthenticationEntryPoint restAuthenticationEntryPoint, RestfulAccessDeniedHandler restfulAccessDeniedHandler) {
+        this.restAuthenticationEntryPoint = restAuthenticationEntryPoint;
+        this.restfulAccessDeniedHandler = restfulAccessDeniedHandler;
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                .authorizeHttpRequests(auth -> auth
+                        // 允许所有对 /api/public/** 的匿名访问
+                        .requestMatchers("/api/public/**").permitAll()
+                        // 其他所有请求都需要认证
+                        .anyRequest().authenticated()
+                )
+                // 禁用 CSRF，因为现代前后端分离项目通常使用 Token
+                .csrf(AbstractHttpConfigurer::disable)
+                .exceptionHandling(e -> e
+                        .authenticationEntryPoint(restAuthenticationEntryPoint)
+                        .accessDeniedHandler(restfulAccessDeniedHandler))
+        ;
+
+        return http.build();
+    }
+}

chaos_api_web/src/main/resources/application.yaml

@@ -0,0 +1,28 @@
+server:
+  port: 18888
+
+spring:
+  application:
+    name: chaos-api
+  datasource:
+    driver-class-name: org.mariadb.jdbc.Driver
+    url: jdbc:mysql://10.91.3.23:3306/chaos?serverTimezone=Asia/Shanghai&useUnicode=true&characterEncoding=utf-8&allowPublicKeyRetrieval=true&useSSL=false
+    username: chaos
+    password: zx123456..
+    type: com.alibaba.druid.pool.DruidDataSource
+    druid:
+      initial-size: 5
+      min-idle: 5
+      max-active: 20
+      max-wait: 60000
+
+mybatis-plus:
+  mapper-locations: classpath*:/mapper/**/*.xml
+  type-aliases-package: cn.nopj.chaos_api_domain.entity
+  global-config:
+      db-config:
+          id-type: assign_id
+  configuration:
+    map-underscore-to-camel-case: true
+    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
+

chaos_api_web/src/main/resources/log4j2-spring.xml

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration status="INFO">
+    <Appenders>
+        <Console name="Console" target="SYSTEM_OUT">
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/>
+        </Console>
+
+        <RollingFile name="RollingFile"
+                     fileName="logs/chaos-api.log"
+                     filePattern="logs/chaos-api-%d{yyyy-MM-dd}-%i.log.gz">
+            <PatternLayout>
+                <Pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n</Pattern>
+            </PatternLayout>
+            <Policies>
+                <TimeBasedTriggeringPolicy/>
+                <SizeBasedTriggeringPolicy size="10 MB"/>
+            </Policies>
+            <DefaultRolloverStrategy max="10"/>
+        </RollingFile>
+    </Appenders>
+
+    <Loggers>
+        <Logger name="org.springframework" level="info" additivity="false">
+            <AppenderRef ref="Console"/>
+            <AppenderRef ref="RollingFile"/>
+        </Logger>
+
+        <Logger name="cn.nopj" level="debug" additivity="false">
+            <AppenderRef ref="Console"/>
+            <AppenderRef ref="RollingFile"/>
+        </Logger>
+
+        <Root level="info">
+            <AppenderRef ref="Console"/>
+            <AppenderRef ref="RollingFile"/>
+        </Root>
+    </Loggers>
+</Configuration>