From afeeed281e60466b576fbe74d339634cc5d07b82 Mon Sep 17 00:00:00 2001
From: Codex Assistant <codex@example.com>
Date: 星期三, 08 十月 2025 08:56:42 +0800
Subject: [PATCH] 修复评审功能和用户认证问题
---
backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java | 76 ++++++++++++++++++++++++++------------
1 files changed, 52 insertions(+), 24 deletions(-)
diff --git a/backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java b/backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java
index c0f9452..328fe4f 100644
--- a/backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java
+++ b/backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java
@@ -169,7 +169,7 @@
* 杩斿洖鏉冮檺閿欒鍝嶅簲
*/
private void sendUnauthorizedResponse(HttpServletResponse response) throws IOException {
- response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ response.setStatus(HttpServletResponse.SC_FORBIDDEN);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("{\"errors\":[{\"message\":\"娌℃湁鏉冮檺璁块棶锛岃鍏堢櫥褰昞",\"extensions\":{\"code\":\"UNAUTHORIZED\"}}]}");
}
@@ -247,23 +247,37 @@
return;
}
- // 鏌ユ壘鐢ㄦ埛淇℃伅骞惰缃璇�
- Optional<User> userOpt = userRepository.findById(userId);
- if (userOpt.isPresent()) {
- User user = userOpt.get();
+ // 妫�鏌ユ槸鍚︿负鍖垮悕鐢ㄦ埛锛堣礋鏁扮敤鎴稩D锛�
+ if (userId < 0) {
+ // 鍖垮悕鐢ㄦ埛锛岃缃壒娈婄殑璁よ瘉淇℃伅
UsernamePasswordAuthenticationToken authToken =
new UsernamePasswordAuthenticationToken(
- user.getId().toString(),
+ "anonymous_" + userId,
null,
- new ArrayList<>()
+ Arrays.asList(new SimpleGrantedAuthority("ROLE_ANONYMOUS"))
);
authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authToken);
- logger.debug("GraphQL璇锋眰璁よ瘉鎴愬姛: userId={}", user.getId());
+ logger.debug("GraphQL璇锋眰鍖垮悕鐢ㄦ埛璁よ瘉鎴愬姛: userId={}", userId);
} else {
- logger.warn("GraphQL璇锋眰鐨勭敤鎴蜂笉瀛樺湪: userId={}", userId);
- sendUnauthorizedResponse(response);
- return;
+ // 姝e父鐢ㄦ埛锛屾煡鎵剧敤鎴蜂俊鎭苟璁剧疆璁よ瘉
+ Optional<User> userOpt = userRepository.findById(userId);
+ if (userOpt.isPresent()) {
+ User user = userOpt.get();
+ UsernamePasswordAuthenticationToken authToken =
+ new UsernamePasswordAuthenticationToken(
+ user.getId().toString(),
+ null,
+ new ArrayList<>()
+ );
+ authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+ SecurityContextHolder.getContext().setAuthentication(authToken);
+ logger.debug("GraphQL璇锋眰璁よ瘉鎴愬姛: userId={}", user.getId());
+ } else {
+ logger.warn("GraphQL璇锋眰鐨勭敤鎴蜂笉瀛樺湪: userId={}", userId);
+ sendUnauthorizedResponse(response);
+ return;
+ }
}
} catch (Exception e) {
logger.error("GraphQL璇锋眰JWT楠岃瘉澶辫触: {}", e.getMessage());
@@ -306,26 +320,40 @@
if (jwtUtil.validateToken(token)) {
logger.debug("Token楠岃瘉鎴愬姛锛屾煡鎵剧敤鎴蜂俊鎭�");
- // 鏌ユ壘鐢ㄦ埛淇℃伅
- Optional<User> userOpt = userRepository.findById(userId);
- if (userOpt.isPresent()) {
- User user = userOpt.get();
- logger.debug("鎵惧埌鐢ㄦ埛: userId={}, phone={}", user.getId(), user.getPhone());
-
- // 鍒涘缓璁よ瘉瀵硅薄
+ // 妫�鏌ユ槸鍚︿负鍖垮悕鐢ㄦ埛锛堣礋鏁扮敤鎴稩D锛�
+ if (userId < 0) {
+ // 鍖垮悕鐢ㄦ埛锛岃缃壒娈婄殑璁よ瘉淇℃伅
UsernamePasswordAuthenticationToken authToken =
new UsernamePasswordAuthenticationToken(
- user.getId().toString(),
+ "anonymous_" + userId,
null,
- new ArrayList<>() // 鏆傛椂涓嶈缃潈闄愶紝鍚庣画鍙互鏍规嵁瑙掕壊璁剧疆
+ Arrays.asList(new SimpleGrantedAuthority("ROLE_ANONYMOUS"))
);
-
authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authToken);
-
- logger.info("鐢ㄦ埛璁よ瘉鎴愬姛: userId={}, phone={}", user.getId(), user.getPhone());
+ logger.info("鍖垮悕鐢ㄦ埛璁よ瘉鎴愬姛: userId={}", userId);
} else {
- logger.warn("鐢ㄦ埛涓嶅瓨鍦�: userId={}", userId);
+ // 姝e父鐢ㄦ埛锛屾煡鎵剧敤鎴蜂俊鎭�
+ Optional<User> userOpt = userRepository.findById(userId);
+ if (userOpt.isPresent()) {
+ User user = userOpt.get();
+ logger.debug("鎵惧埌鐢ㄦ埛: userId={}, phone={}", user.getId(), user.getPhone());
+
+ // 鍒涘缓璁よ瘉瀵硅薄
+ UsernamePasswordAuthenticationToken authToken =
+ new UsernamePasswordAuthenticationToken(
+ user.getId().toString(),
+ null,
+ new ArrayList<>() // 鏆傛椂涓嶈缃潈闄愶紝鍚庣画鍙互鏍规嵁瑙掕壊璁剧疆
+ );
+
+ authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+ SecurityContextHolder.getContext().setAuthentication(authToken);
+
+ logger.info("鐢ㄦ埛璁よ瘉鎴愬姛: userId={}, phone={}", user.getId(), user.getPhone());
+ } else {
+ logger.warn("鐢ㄦ埛涓嶅瓨鍦�: userId={}", userId);
+ }
}
} else {
logger.warn("Token楠岃瘉澶辫触");
--
Gitblit v1.8.0