登录鉴权按照Source判断id来自于何处

pom.xml

@@ -25,14 +25,14 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
         <mybatis-plus.version>3.5.7</mybatis-plus.version>
-        <minio.version>8.5.7</minio.version>
+        <minio.version>8.0.3</minio.version>
         <jwt.version>0.12.3</jwt.version>
-        <hutool.version>5.8.26</hutool.version>
+        <hutool.version>5.8.23</hutool.version>
         <commons-lang3.version>3.13.0</commons-lang3.version>
-        <knife4j.version>4.5.0</knife4j.version>
+        <knife4j.version>4.4.0</knife4j.version>
 
-        <spring-cloud-alibaba.version>2023.0.1.0</spring-cloud-alibaba.version>
+        <spring-cloud-alibaba.version>2023.0.3.4</spring-cloud-alibaba.version>
-        <spring-cloud.version>2023.0.0</spring-cloud.version>
+        <spring-cloud.version>2023.0.4</spring-cloud.version>
     </properties>
 
     <dependencyManagement>
@@ -92,7 +92,6 @@
         <dependency>
             <groupId>com.mysql</groupId>
             <artifactId>mysql-connector-j</artifactId>
-            <version>8.2.0</version>
         </dependency>
 
         <!-- MinIO -->

src/main/java/com/aida/seller/common/context/UserContext.java

@@ -1,24 +1,55 @@
 package com.aida.seller.common.context;
 
+import com.aida.seller.common.exception.UnauthorizedException;
 import com.aida.seller.model.vo.AuthPrincipalVo;
 
 public class UserContext {
     private static final ThreadLocal<AuthPrincipalVo> userHolder = new ThreadLocal<>();
-
+    private static final ThreadLocal<Boolean> optionalAuth = ThreadLocal.withInitial(() -> false);
-    public static AuthPrincipalVo getUserHolder() {
-        return userHolder.get();
-    }
-
-    public static void delete() {
-        userHolder.remove();
-    }
 
     public static void setUserHolder(AuthPrincipalVo authPrincipalVo) {
         userHolder.set(authPrincipalVo);
     }
 
-    public static Long getUserId() {
+    public static void setOptionalAuth(boolean value) {
+        optionalAuth.set(value);
+    }
+
+    public static AuthPrincipalVo getUserHolder() {
         AuthPrincipalVo holder = userHolder.get();
-        return holder != null ? holder.getId() : null;
+        if (holder == null) {
+            if (optionalAuth.get()) {
+                return null;
+            }
+            throw new UnauthorizedException("Gateway token verification failed");
+        }
+        if (!"AIDA".equals(holder.getSource())) {
+            throw new UnauthorizedException("Gateway token verification failed");
+        }
+        return holder;
+    }
+
+    public static void delete() {
+        userHolder.remove();
+        optionalAuth.remove();
+    }
+
+    public static Long getUserId() {
+        return getUserHolder() == null ? null : getUserHolder().getId();
+    }
+
+    //买家端请求需要调用此方法获取买家id
+    public static Long getBuyerId() {
+        AuthPrincipalVo holder = userHolder.get();
+        if (holder == null) {
+            if (optionalAuth.get()) {
+                return null;
+            }
+            throw new UnauthorizedException("Gateway token verification failed");
+        }
+        if (!"BUYER".equals(holder.getSource())) {
+            throw new UnauthorizedException("Gateway token verification failed");
+        }
+        return holder.getId();
     }
 }

src/main/java/com/aida/seller/common/exception/GlobalExceptionHandler.java

@@ -18,6 +18,15 @@ import java.util.stream.Collectors;
 @RestControllerAdvice
 public class GlobalExceptionHandler {
 
+    @ExceptionHandler(UnauthorizedException.class)
+    public ResponseEntity<Object> handleUnauthorizedException(UnauthorizedException e) {
+        log.error("Unauthorized: {}", e.getMessage());
+        return new ResponseEntity<>(
+                Response.fail(401, e.getMessage()),
+                HttpStatus.UNAUTHORIZED
+        );
+    }
+
     @ExceptionHandler(BusinessException.class)
     public Response<?> handleBusinessException(BusinessException e) {
         log.error("业务异常: code={}, msg={}", e.getCode(), e.getMsg());

src/main/java/com/aida/seller/common/exception/UnauthorizedException.java

@@ -0,0 +1,15 @@
+package com.aida.seller.common.exception;
+
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class UnauthorizedException extends RuntimeException {
+
+    public UnauthorizedException(String message) {
+        super(message);
+    }
+
+    public UnauthorizedException() {
+        super("Gateway token verification failed");
+    }
+}

src/main/java/com/aida/seller/common/interceptor/UserContextInterceptor.java

@@ -3,13 +3,18 @@ package com.aida.seller.common.interceptor;
 import com.aida.seller.common.context.UserContext;
 import com.aida.seller.model.vo.AuthPrincipalVo;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.annotation.PostConstruct;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
 import org.springframework.web.servlet.HandlerInterceptor;
 
+import java.util.List;
+import java.util.stream.Collectors;
+
 /**
  * 从 Gateway 转发的请求头中读取已鉴权的用户身份，写入 UserContext。
  * <p>
@@ -18,13 +23,40 @@ import org.springframework.web.servlet.HandlerInterceptor;
  */
 @Slf4j
 @Component
-@RequiredArgsConstructor
 public class UserContextInterceptor implements HandlerInterceptor {
 
     private static final String USER_ID_HEADER = "X-User-Id";
     private static final String USER_INFO_HEADER = "X-User-Info";
 
-    private final ObjectMapper objectMapper;
+    private final ObjectMapper objectMapper = new ObjectMapper();
+    private final AntPathMatcher pathMatcher = new AntPathMatcher();
+
+    @Value("${gateway.auth.optional-auth-paths:}")
+    private List<String> optionalAuthPaths;
+
+    private List<String> localOptionalAuthPaths;
+
+    @PostConstruct
+    public void init() {
+        localOptionalAuthPaths = optionalAuthPaths.stream()
+                .map(this::toLocalPath)
+                .collect(Collectors.toList());
+        log.info("Local optional auth paths: {}", localOptionalAuthPaths);
+    }
+
+    /**
+     * 将 Gateway 前端路径（如 /seller/listing/shop）转换为服务本地路径（如 /listing/shop）。
+     */
+    private String toLocalPath(String gatewayPath) {
+        if (gatewayPath == null) {
+            return gatewayPath;
+        }
+        if (gatewayPath.startsWith("/seller")) {
+            String local = gatewayPath.substring("/seller".length());
+            return local.isEmpty() ? "/" : local;
+        }
+        return gatewayPath;
+    }
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
@@ -36,10 +68,24 @@ public class UserContextInterceptor implements HandlerInterceptor {
             } catch (Exception e) {
                 log.warn("Failed to parse X-User-Info header: {}", e.getMessage());
             }
+        } else if (isOptionalAuthPath(request.getRequestURI())) {
+            UserContext.setOptionalAuth(true);
         }
         return true;
     }
 
+    private boolean isOptionalAuthPath(String requestUri) {
+        if (localOptionalAuthPaths == null || localOptionalAuthPaths.isEmpty()) {
+            return false;
+        }
+        for (String pattern : localOptionalAuthPaths) {
+            if (pathMatcher.match(pattern, requestUri)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     @Override
     public void afterCompletion(HttpServletRequest request, HttpServletResponse response,
                                 Object handler, Exception ex) {

src/main/java/com/aida/seller/module/listing/service/ListingServiceImpl.java

@@ -318,7 +318,7 @@ public class ListingServiceImpl extends ServiceImpl<ListingMapper, ListingEntity
         IPage<ListingEntity> page = this.page(pageParam, queryWrapper);
 
         Page<ListingPageVO> result = new Page<>(page.getCurrent(), page.getSize(), page.getTotal());
-        boolean loggedIn = UserContext.getUserId() != null;
+        boolean loggedIn = UserContext.getBuyerId() != null;
         result.setRecords(page.getRecords().stream().map(entity -> {
             ListingPageVO vo = new ListingPageVO();
             BeanUtils.copyProperties(entity, vo);