From 3e59fb0aac9288bd109c66d6504a4b0816f59e96 Mon Sep 17 00:00:00 2001 From: wangys <3401275564@qq.com> Date: Fri, 13 Feb 2026 18:02:47 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E5=8F=91=E5=B8=83?= =?UTF-8?q?=E4=BD=9C=E5=93=81=E6=8E=A5=E5=8F=A3=E7=99=BB=E5=BD=95=E7=8A=B6?= =?UTF-8?q?=E6=80=81=E6=A3=80=E6=9F=A5bug=20-=20JwtAuthInterceptor?= =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=8F=AF=E9=80=89=E8=AE=A4=E8=AF=81=E8=B7=AF?= =?UTF-8?q?=E5=BE=84=E6=94=AF=E6=8C=81=20-=20WebConfig=E7=A7=BB=E9=99=A4/w?= =?UTF-8?q?ork/*=E6=A8=A1=E5=BC=8F=E9=81=BF=E5=85=8D=E8=AF=AF=E6=8E=92?= =?UTF-8?q?=E9=99=A4/work/publish?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/com/dora/config/WebConfig.java | 6 ++++-- .../dora/interceptor/JwtAuthInterceptor.java | 20 +++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/dora/config/WebConfig.java b/src/main/java/com/dora/config/WebConfig.java index 227c407..fc94605 100644 --- a/src/main/java/com/dora/config/WebConfig.java +++ b/src/main/java/com/dora/config/WebConfig.java @@ -116,6 +116,7 @@ public class WebConfig implements WebMvcConfigurer { .order(2); // JWT 认证拦截器(小程序用户) + // 注:/work/{id} 详情页面的可选认证已在拦截器内部通过正则匹配处理 registry.addInterceptor(jwtAuthInterceptor) .addPathPatterns("/**") // 排除不需要认证的接口 @@ -126,8 +127,9 @@ public class WebConfig implements WebMvcConfigurer { "/user/check", "/user/wx-login", "/user/refresh-token", - // 公开接口 - 作品相关(/work/*匹配/work/{id}和/work/list,不匹配/work/{id}/like) - "/work/*", + // 公开接口 - 作品列表和分类 + "/work/list", + "/work/categories", // 分类和Banner "/category/**", "/banner/**", diff --git a/src/main/java/com/dora/interceptor/JwtAuthInterceptor.java b/src/main/java/com/dora/interceptor/JwtAuthInterceptor.java index c440254..f59a14e 100644 --- a/src/main/java/com/dora/interceptor/JwtAuthInterceptor.java +++ b/src/main/java/com/dora/interceptor/JwtAuthInterceptor.java @@ -20,13 +20,24 @@ import org.springframework.web.servlet.HandlerInterceptor; public class JwtAuthInterceptor implements HandlerInterceptor { private final JwtUtil jwtUtil; + + // 公开路径(可选认证:有token则解析,无token也放行) + private static final java.util.regex.Pattern OPTIONAL_AUTH_PATTERN = + java.util.regex.Pattern.compile("^/work/\\d+$"); @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { + String requestURI = request.getRequestURI(); + boolean isOptionalAuthPath = OPTIONAL_AUTH_PATTERN.matcher(requestURI).matches(); + // 从请求头获取token String authHeader = request.getHeader("Authorization"); if (authHeader == null || !authHeader.startsWith("Bearer ")) { + // 可选认证路径:无token也放行 + if (isOptionalAuthPath) { + return true; + } sendError(response, HttpServletResponse.SC_UNAUTHORIZED, "未提供认证令牌"); return false; } @@ -36,6 +47,9 @@ public class JwtAuthInterceptor implements HandlerInterceptor { try { // 验证必须是Access Token if (!jwtUtil.isAccessToken(token)) { + if (isOptionalAuthPath) { + return true; // 可选认证路径:无效token也放行 + } sendError(response, HttpServletResponse.SC_UNAUTHORIZED, "无效的令牌类型"); return false; } @@ -54,9 +68,15 @@ public class JwtAuthInterceptor implements HandlerInterceptor { return true; } catch (ExpiredJwtException e) { + if (isOptionalAuthPath) { + return true; // 可选认证路径:过期token也放行 + } sendError(response, HttpServletResponse.SC_UNAUTHORIZED, "令牌已过期"); return false; } catch (JwtException e) { + if (isOptionalAuthPath) { + return true; // 可选认证路径:无效token也放行 + } sendError(response, HttpServletResponse.SC_UNAUTHORIZED, "无效的令牌"); return false; }