From cacf02681bfdda7926379d37d58ad1a21e398e1a Mon Sep 17 00:00:00 2001
From: lrj <owen.stl@gmail.com>
Date: 星期六, 04 十月 2025 19:08:12 +0800
Subject: [PATCH] fix(auth): 对无 Authorization 的 GraphQL 请求默认匿名放行到解析层，避免 400/403；公开查询仍优先识别后放行

---
 backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java |   37 +++++++++++++++++--------------------
 1 files changed, 17 insertions(+), 20 deletions(-)

diff --git a/backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java b/backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java
index 273489e..e7a03b1 100644
--- a/backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java
+++ b/backend/src/main/java/com/rongyichuang/auth/filter/JwtAuthenticationFilter.java
@@ -134,18 +134,12 @@
                 ContentCachingRequestWrapper wrapper = (ContentCachingRequestWrapper) request;
                 byte[] content = wrapper.getContentAsByteArray();
                 if (content.length > 0) {
-                    return new String(content, wrapper.getCharacterEncoding());
+                    String encoding = wrapper.getCharacterEncoding() != null ? wrapper.getCharacterEncoding() : "UTF-8";
+                    return new String(content, encoding);
                 }
             }
-            
-            // 濡傛灉涓嶆槸鍖呰鍣紝灏濊瘯鐩存帴璇诲彇锛堝彲鑳戒細娑堣�楄姹備綋锛�
-            StringBuilder buffer = new StringBuilder();
-            String line;
-            java.io.BufferedReader reader = request.getReader();
-            while ((line = reader.readLine()) != null) {
-                buffer.append(line);
-            }
-            return buffer.toString();
+            // 涓嶄粠鍘熷璇锋眰娴佽鍙栵紝閬垮厤涓嬫父缁勪欢鎷夸笉鍒拌姹備綋瀵艰嚧 400
+            return null;
         } catch (Exception e) {
             logger.warn("璇诲彇璇锋眰浣撳け璐�", e);
             return null;
@@ -215,27 +209,30 @@
             // 鍏堟鏌uthorization澶达紝濡傛灉娌℃湁token锛屽啀妫�鏌ユ槸鍚︿负鍏紑鏌ヨ
             String authHeader = request.getHeader("Authorization");
             if (authHeader == null || !authHeader.startsWith("Bearer ")) {
-                logger.debug("GraphQL璇锋眰娌℃湁Authorization澶达紝妫�鏌ユ槸鍚︿负鍏紑鏌ヨ");
+                logger.debug("GraphQL璇锋眰娌℃湁Authorization澶达紝灏濊瘯鍒ゅ畾鏄惁涓哄叕寮�鏌ヨ");
                 
-                // 妫�鏌ユ槸鍚︿负鍏紑鏌ヨ
+                // 灏濊瘯鍒ゅ畾鍏紑鏌ヨ锛涘鏋滆兘纭畾鏄叕寮�鏌ヨ鍒欐斁琛�
                 if (isPublicGraphQLQuery(wrappedRequest)) {
                     logger.debug("妫�娴嬪埌鍏紑GraphQL鏌ヨ锛屽厑璁稿尶鍚嶈闂�");
-                    
-                    // 璁剧疆鍖垮悕璁よ瘉锛岃Spring Security鐭ラ亾杩欐槸涓�涓凡璁よ瘉鐨勫尶鍚嶇敤鎴�
                     AnonymousAuthenticationToken anonymousAuth = new AnonymousAuthenticationToken(
-                        "anonymous", 
-                        "anonymous", 
+                        "anonymous",
+                        "anonymous",
                         Arrays.asList(new SimpleGrantedAuthority("ROLE_ANONYMOUS"))
                     );
                     SecurityContextHolder.getContext().setAuthentication(anonymousAuth);
-                    logger.debug("涓哄叕寮�GraphQL鏌ヨ璁剧疆鍖垮悕璁よ瘉");
-                    
                     filterChain.doFilter(wrappedRequest, response);
                     return;
                 }
                 
-                logger.warn("GraphQL璇锋眰缂哄皯鏈夋晥鐨凙uthorization澶翠笖涓嶆槸鍏紑鏌ヨ");
-                sendUnauthorizedResponse(response);
+                // 鏃犳硶鍙潬璇诲彇/鍒ゅ畾璇锋眰浣撴椂锛岄粯璁や互鍖垮悕韬唤鏀捐鍒癎raphQL灞傦紝鐢卞悇Resolver鑷杩涜鏉冮檺鏍￠獙
+                logger.debug("鏃犳硶鍙潬鍒ゅ畾鏄惁涓哄叕寮�鏌ヨ锛岃缃尶鍚嶈璇佸苟浜ょ敱GraphQL灞傚鐞�");
+                AnonymousAuthenticationToken anonymousAuth = new AnonymousAuthenticationToken(
+                    "anonymous",
+                    "anonymous",
+                    Arrays.asList(new SimpleGrantedAuthority("ROLE_ANONYMOUS"))
+                );
+                SecurityContextHolder.getContext().setAuthentication(anonymousAuth);
+                filterChain.doFilter(wrappedRequest, response);
                 return;
             }
             

--
Gitblit v1.8.0