From afeeed281e60466b576fbe74d339634cc5d07b82 Mon Sep 17 00:00:00 2001
From: Codex Assistant <codex@example.com>
Date: 星期三, 08 十月 2025 08:56:42 +0800
Subject: [PATCH] 修复评审功能和用户认证问题
---
backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java | 97 ++++++++++++++++++++++++++++++++----------------
1 files changed, 64 insertions(+), 33 deletions(-)
diff --git a/backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java b/backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java
index 3ad897d..328fe4f 100644
--- a/backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java
+++ b/backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java
@@ -209,27 +209,30 @@
// 鍏堟鏌uthorization澶达紝濡傛灉娌℃湁token锛屽啀妫�鏌ユ槸鍚︿负鍏紑鏌ヨ
String authHeader = request.getHeader("Authorization");
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
- logger.debug("GraphQL璇锋眰娌℃湁Authorization澶达紝妫�鏌ユ槸鍚︿负鍏紑鏌ヨ");
+ logger.debug("GraphQL璇锋眰娌℃湁Authorization澶达紝灏濊瘯鍒ゅ畾鏄惁涓哄叕寮�鏌ヨ");
- // 妫�鏌ユ槸鍚︿负鍏紑鏌ヨ
+ // 灏濊瘯鍒ゅ畾鍏紑鏌ヨ锛涘鏋滆兘纭畾鏄叕寮�鏌ヨ鍒欐斁琛�
if (isPublicGraphQLQuery(wrappedRequest)) {
logger.debug("妫�娴嬪埌鍏紑GraphQL鏌ヨ锛屽厑璁稿尶鍚嶈闂�");
-
- // 璁剧疆鍖垮悕璁よ瘉锛岃Spring Security鐭ラ亾杩欐槸涓�涓凡璁よ瘉鐨勫尶鍚嶇敤鎴�
AnonymousAuthenticationToken anonymousAuth = new AnonymousAuthenticationToken(
- "anonymous",
- "anonymous",
+ "anonymous",
+ "anonymous",
Arrays.asList(new SimpleGrantedAuthority("ROLE_ANONYMOUS"))
);
SecurityContextHolder.getContext().setAuthentication(anonymousAuth);
- logger.debug("涓哄叕寮�GraphQL鏌ヨ璁剧疆鍖垮悕璁よ瘉");
-
filterChain.doFilter(wrappedRequest, response);
return;
}
- logger.warn("GraphQL璇锋眰缂哄皯鏈夋晥鐨凙uthorization澶翠笖涓嶆槸鍏紑鏌ヨ");
- sendUnauthorizedResponse(response);
+ // 鏃犳硶鍙潬璇诲彇/鍒ゅ畾璇锋眰浣撴椂锛岄粯璁や互鍖垮悕韬唤鏀捐鍒癎raphQL灞傦紝鐢卞悇Resolver鑷杩涜鏉冮檺鏍¢獙
+ logger.debug("鏃犳硶鍙潬鍒ゅ畾鏄惁涓哄叕寮�鏌ヨ锛岃缃尶鍚嶈璇佸苟浜ょ敱GraphQL灞傚鐞�");
+ AnonymousAuthenticationToken anonymousAuth = new AnonymousAuthenticationToken(
+ "anonymous",
+ "anonymous",
+ Arrays.asList(new SimpleGrantedAuthority("ROLE_ANONYMOUS"))
+ );
+ SecurityContextHolder.getContext().setAuthentication(anonymousAuth);
+ filterChain.doFilter(wrappedRequest, response);
return;
}
@@ -244,23 +247,37 @@
return;
}
- // 鏌ユ壘鐢ㄦ埛淇℃伅骞惰缃璇�
- Optional<User> userOpt = userRepository.findById(userId);
- if (userOpt.isPresent()) {
- User user = userOpt.get();
+ // 妫�鏌ユ槸鍚︿负鍖垮悕鐢ㄦ埛锛堣礋鏁扮敤鎴稩D锛�
+ if (userId < 0) {
+ // 鍖垮悕鐢ㄦ埛锛岃缃壒娈婄殑璁よ瘉淇℃伅
UsernamePasswordAuthenticationToken authToken =
new UsernamePasswordAuthenticationToken(
- user.getId().toString(),
+ "anonymous_" + userId,
null,
- new ArrayList<>()
+ Arrays.asList(new SimpleGrantedAuthority("ROLE_ANONYMOUS"))
);
authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authToken);
- logger.debug("GraphQL璇锋眰璁よ瘉鎴愬姛: userId={}", user.getId());
+ logger.debug("GraphQL璇锋眰鍖垮悕鐢ㄦ埛璁よ瘉鎴愬姛: userId={}", userId);
} else {
- logger.warn("GraphQL璇锋眰鐨勭敤鎴蜂笉瀛樺湪: userId={}", userId);
- sendUnauthorizedResponse(response);
- return;
+ // 姝e父鐢ㄦ埛锛屾煡鎵剧敤鎴蜂俊鎭苟璁剧疆璁よ瘉
+ Optional<User> userOpt = userRepository.findById(userId);
+ if (userOpt.isPresent()) {
+ User user = userOpt.get();
+ UsernamePasswordAuthenticationToken authToken =
+ new UsernamePasswordAuthenticationToken(
+ user.getId().toString(),
+ null,
+ new ArrayList<>()
+ );
+ authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+ SecurityContextHolder.getContext().setAuthentication(authToken);
+ logger.debug("GraphQL璇锋眰璁よ瘉鎴愬姛: userId={}", user.getId());
+ } else {
+ logger.warn("GraphQL璇锋眰鐨勭敤鎴蜂笉瀛樺湪: userId={}", userId);
+ sendUnauthorizedResponse(response);
+ return;
+ }
}
} catch (Exception e) {
logger.error("GraphQL璇锋眰JWT楠岃瘉澶辫触: {}", e.getMessage());
@@ -303,26 +320,40 @@
if (jwtUtil.validateToken(token)) {
logger.debug("Token楠岃瘉鎴愬姛锛屾煡鎵剧敤鎴蜂俊鎭�");
- // 鏌ユ壘鐢ㄦ埛淇℃伅
- Optional<User> userOpt = userRepository.findById(userId);
- if (userOpt.isPresent()) {
- User user = userOpt.get();
- logger.debug("鎵惧埌鐢ㄦ埛: userId={}, phone={}", user.getId(), user.getPhone());
-
- // 鍒涘缓璁よ瘉瀵硅薄
+ // 妫�鏌ユ槸鍚︿负鍖垮悕鐢ㄦ埛锛堣礋鏁扮敤鎴稩D锛�
+ if (userId < 0) {
+ // 鍖垮悕鐢ㄦ埛锛岃缃壒娈婄殑璁よ瘉淇℃伅
UsernamePasswordAuthenticationToken authToken =
new UsernamePasswordAuthenticationToken(
- user.getId().toString(),
+ "anonymous_" + userId,
null,
- new ArrayList<>() // 鏆傛椂涓嶈缃潈闄愶紝鍚庣画鍙互鏍规嵁瑙掕壊璁剧疆
+ Arrays.asList(new SimpleGrantedAuthority("ROLE_ANONYMOUS"))
);
-
authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authToken);
-
- logger.info("鐢ㄦ埛璁よ瘉鎴愬姛: userId={}, phone={}", user.getId(), user.getPhone());
+ logger.info("鍖垮悕鐢ㄦ埛璁よ瘉鎴愬姛: userId={}", userId);
} else {
- logger.warn("鐢ㄦ埛涓嶅瓨鍦�: userId={}", userId);
+ // 姝e父鐢ㄦ埛锛屾煡鎵剧敤鎴蜂俊鎭�
+ Optional<User> userOpt = userRepository.findById(userId);
+ if (userOpt.isPresent()) {
+ User user = userOpt.get();
+ logger.debug("鎵惧埌鐢ㄦ埛: userId={}, phone={}", user.getId(), user.getPhone());
+
+ // 鍒涘缓璁よ瘉瀵硅薄
+ UsernamePasswordAuthenticationToken authToken =
+ new UsernamePasswordAuthenticationToken(
+ user.getId().toString(),
+ null,
+ new ArrayList<>() // 鏆傛椂涓嶈缃潈闄愶紝鍚庣画鍙互鏍规嵁瑙掕壊璁剧疆
+ );
+
+ authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+ SecurityContextHolder.getContext().setAuthentication(authToken);
+
+ logger.info("鐢ㄦ埛璁よ瘉鎴愬姛: userId={}, phone={}", user.getId(), user.getPhone());
+ } else {
+ logger.warn("鐢ㄦ埛涓嶅瓨鍦�: userId={}", userId);
+ }
}
} else {
logger.warn("Token楠岃瘉澶辫触");
--
Gitblit v1.8.0