蓉易创
blame | 历史 | 补丁 | 提交 | 提交对比 | ignore whitespace
lrj
8 小时以前 ae3349d2ff53767b5bc9cb30e1bf7e15f9e814ee 
 backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java


@@ -36,12 +36,52 @@




    @Autowired


    private UserRepository userRepository;


    


    /**


     * 判断是否应该跳过JWT认证


     */


    private boolean shouldSkipAuthentication(String requestURI) {


        // 这些路径不需要JWT认证(已去掉context path)


        String[] skipPaths = {


            "/auth/",


            "/actuator/",


            "/test/",


            "/cleanup/",


            "/upload/",


            "/graphql",


            "/graphiql"


        };


        


        for (String path : skipPaths) {


            if (requestURI.startsWith(path)) {


                return true;


            }


        }


        


        return false;


    }




    @Override


    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, 


                                    FilterChain filterChain) throws ServletException, IOException {


        System.out.println("=== JWT过滤器被调用 === URI: " + request.getRequestURI());


        logger.debug("JWT过滤器开始处理请求: {}", request.getRequestURI());


        String requestURI = request.getRequestURI();


        String contextPath = request.getContextPath();


        


        // 去掉context path,与Spring Security的行为保持一致


        String pathWithoutContext = requestURI;


        if (contextPath != null && !contextPath.isEmpty() && requestURI.startsWith(contextPath)) {


            pathWithoutContext = requestURI.substring(contextPath.length());


        }


        


        System.out.println("=== JWT过滤器被调用 === 原始URI: " + requestURI + ", 去掉context path后: " + pathWithoutContext);


        logger.debug("JWT过滤器开始处理请求: {}", pathWithoutContext);


        


        // 跳过不需要认证的路径


        if (shouldSkipAuthentication(pathWithoutContext)) {


            logger.debug("跳过JWT认证,路径: {}", pathWithoutContext);


            filterChain.doFilter(request, response);


            return;


        }


        


        String authHeader = request.getHeader("Authorization");


        String token = null;