From cacf02681bfdda7926379d37d58ad1a21e398e1a Mon Sep 17 00:00:00 2001
From: lrj <owen.stl@gmail.com>
Date: 星期六, 04 十月 2025 19:08:12 +0800
Subject: [PATCH] fix(auth): 对无 Authorization 的 GraphQL 请求默认匿名放行到解析层,避免 400/403;公开查询仍优先识别后放行
---
backend/src/main/java/com/rongyichuang/common/util/UserContextUtil.java | 40 +++++++++++++++++++++++-----------------
1 files changed, 23 insertions(+), 17 deletions(-)
diff --git a/backend/src/main/java/com/rongyichuang/common/util/UserContextUtil.java b/backend/src/main/java/com/rongyichuang/common/util/UserContextUtil.java
index e659917..2337aab 100644
--- a/backend/src/main/java/com/rongyichuang/common/util/UserContextUtil.java
+++ b/backend/src/main/java/com/rongyichuang/common/util/UserContextUtil.java
@@ -40,6 +40,7 @@
* 浠嶫WT token涓В鏋愮敤鎴稩D
*
* @return 鐢ㄦ埛ID
+ * @throws SecurityException 褰撴病鏈夋湁鏁堣璇佹椂鎶涘嚭
*/
public Long getCurrentUserId() {
try {
@@ -51,33 +52,31 @@
return userId;
}
+ if (token == null) {
+ logger.debug("鏈兘浠庤姹傚ご鑾峰彇鍒癑WT token");
+ } else {
+ logger.debug("浠庤姹傚ご鑾峰彇鍒皌oken浣嗘牎楠屽け璐�");
+ }
+
// 濡傛灉娌℃湁鏈夋晥鐨凧WT token锛屽皾璇曚粠Spring Security涓婁笅鏂囪幏鍙�
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.isAuthenticated() &&
!"anonymousUser".equals(authentication.getPrincipal())) {
logger.debug("鑾峰彇鍒拌璇佺敤鎴�: {}", authentication.getName());
- // 鍦ㄥ紑鍙戠幆澧冧笅锛岃繑鍥炰竴涓湁鏁堢殑璇勫鐢ㄦ埛ID
- // 鏌ユ壘绗竴涓湁鏁堢殑璇勫璁板綍骞惰繑鍥炲叾user_id
+ // 浠嶴pring Security涓婁笅鏂囦腑鑾峰彇鐢ㄦ埛ID
try {
- Optional<Judge> firstJudge = judgeRepository.findAll().stream().findFirst();
- if (firstJudge.isPresent() && firstJudge.get().getUserId() != null) {
- Long userId = firstJudge.get().getUserId();
- logger.debug("寮�鍙戠幆澧冿細浣跨敤璇勫鐢ㄦ埛ID: {}", userId);
- return userId;
- }
- } catch (Exception e) {
- logger.warn("鏌ユ壘璇勫鐢ㄦ埛ID鏃跺彂鐢熷紓甯�: {}", e.getMessage());
+ return Long.parseLong(authentication.getName());
+ } catch (NumberFormatException e) {
+ logger.warn("鏃犳硶浠庤璇佷俊鎭腑瑙f瀽鐢ㄦ埛ID: {}", authentication.getName());
}
- // 濡傛灉娌℃湁鎵惧埌璇勫锛岃繑鍥炲浐瀹氱敤鎴稩D
- return 1L;
}
} catch (Exception e) {
logger.warn("鑾峰彇褰撳墠鐢ㄦ埛ID鏃跺彂鐢熷紓甯�: {}", e.getMessage());
}
- // 濡傛灉娌℃湁璁よ瘉淇℃伅锛岃繑鍥瀗ull琛ㄧず鏈櫥褰�
- logger.debug("鏈壘鍒版湁鏁堢殑璁よ瘉淇℃伅");
- return null;
+ // 濡傛灉娌℃湁鏈夋晥鐨勮璇佷俊鎭紝鎶涘嚭鏉冮檺寮傚父
+ logger.warn("娌℃湁鏈夋晥鐨勮璇佷俊鎭紝鎷掔粷璁块棶");
+ throw new SecurityException("娌℃湁鏉冮檺");
}
/**
@@ -86,11 +85,18 @@
private String getTokenFromRequest() {
try {
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
- if (attributes != null) {
+ if (attributes == null) {
+ logger.warn("RequestContextHolder涓棤ServletRequestAttributes锛屽彲鑳戒负寮傛鎵ц鎴栭潪Servlet鐜");
+ } else {
HttpServletRequest request = attributes.getRequest();
String authHeader = request.getHeader("Authorization");
+ logger.debug("璇诲彇鍒癆uthorization澶�: {}", authHeader);
if (authHeader != null && authHeader.startsWith("Bearer ")) {
- return authHeader.substring(7);
+ String token = authHeader.substring(7);
+ logger.debug("浠嶢uthorization澶存彁鍙栧埌Bearer token锛岄暱搴�: {}", token != null ? token.length() : 0);
+ return token;
+ } else {
+ logger.debug("Authorization澶翠笉瀛樺湪鎴栦笉浠earer寮�澶�");
}
}
} catch (Exception e) {
--
Gitblit v1.8.0