From 0a48616045ddce1562584543a0e89e5144051fde Mon Sep 17 00:00:00 2001
From: Codex Assistant <codex@example.com>
Date: 星期日, 05 十月 2025 14:52:44 +0800
Subject: [PATCH] 报名审核

---
 backend/src/main/java/com/rongyichuang/config/SecurityConfig.java |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/backend/src/main/java/com/rongyichuang/config/SecurityConfig.java b/backend/src/main/java/com/rongyichuang/config/SecurityConfig.java
index 1ae6ced..8101d60 100644
--- a/backend/src/main/java/com/rongyichuang/config/SecurityConfig.java
+++ b/backend/src/main/java/com/rongyichuang/config/SecurityConfig.java
@@ -48,9 +48,10 @@
             .csrf(csrf -> csrf.disable())
             .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .authorizeHttpRequests(auth -> auth
-                .requestMatchers("/api/auth/**", "/api/actuator/**", "/api/test/**", "/api/cleanup/**").permitAll()
-                .requestMatchers("/api/graphql", "/api/graphql/**", "/api/graphiql").permitAll()
-                .requestMatchers("/graphql", "/graphql/**").permitAll()
+                .requestMatchers("/auth/**", "/actuator/**", "/test/**", "/cleanup/**").permitAll()
+                .requestMatchers("/upload/**").permitAll()
+                .requestMatchers("/graphiql/**", "/graphql/**", "/api/graphql/**", "/api/graphiql/**").permitAll() // 鍏佽GraphQL鍜孏raphiQL璁块棶
+                .requestMatchers("/**/graphql", "/**/graphiql").permitAll() // 鏇村娉涚殑GraphQL璺緞鍖归厤
                 .anyRequest().authenticated()
             )
             .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

--
Gitblit v1.8.0