微服务改造

2026-04-22 15:54:42 +08:00
parent d0b8b8d674
commit 23716984cc
2 changed files with 22 additions and 19 deletions
--- a/src/main/java/com/ai/da/common/config/SecurityConfig.java
+++ b/src/main/java/com/ai/da/common/config/SecurityConfig.java
@@ -7,6 +7,11 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;

+/**
+ * Spring Security 配置。
+ * 由于鉴权逻辑已迁移至 Gateway（GlobalAuthWebFilter），
+ * 后端服务 (aida-back) 默认放行所有请求，仅依赖网关传递的用户信息。
+ */
@Configuration
@EnableWebSecurity
 public class SecurityConfig {
@@ -14,18 +19,16 @@ public class SecurityConfig {
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
+                // 禁用 CSRF（微服务通常不需要）
                .csrf(AbstractHttpConfigurer::disable)
+                // 允许所有请求，具体鉴权在网关层完成
                .authorizeHttpRequests(auth -> auth
-                        .requestMatchers(
-                                "/doc.html",
-                                "/swagger-ui/**",
-                                "/swagger-resources/**",
-                                "/v2/api-docs/**",
-                                "/v3/api-docs/**",
-                                "/webjars/**"
-                        ).permitAll()
-                        .anyRequest().permitAll() // 先全部允许，后续根据业务需要收紧
-                );
+                        .anyRequest().permitAll()
+                )
+                // 禁用默认的表单登录和 HTTP Basic 认证，防止 302 重定向
+                .formLogin(AbstractHttpConfigurer::disable)
+                .httpBasic(AbstractHttpConfigurer::disable);
+
        return http.build();
    }
 }
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -15,15 +15,15 @@ spring:

  # ---------- Token 生成参数（由 TokenGenerateUtils 使用） ----------
  security:
-    jwtSecret: ${JWT_SECRET:JWTSECRET}
+    jwtSecret: JWTSECRET
    jwtTokenHeader: Authorization
    jwtTokenPrefix: Bearer-
-    jwtExpiration: ${JWT_EXPIRATION:8640000000}
+    jwtExpiration: 8640000000

 # ---------- Python 服务 ----------
 access:
  python:
-    ip: ${PYTHON_HOST:http://18.167.251.121}
+    ip: http://18.167.251.121
    port: 9994
    generate_sr_port: 9994
    address: http://18.167.251.121:9994
@@ -86,7 +86,7 @@ rabbitmq:

 # ---------- 第三方服务 ----------
 orderList:
-  link: ${ORDER_LINK:https://develop.aida.com.hk/home/homePage?order=}
+  link: https://develop.aida.com.hk/home/homePage?order=

 stripe:
  webhook:
@@ -96,17 +96,17 @@ stripe:

 google:
  client:
-    id: ${GOOGLE_CLIENT_ID:157095842121-kdd1fdf8m8nudvj9sprstb2k2prnf9e4.apps.googleusercontent.com}
-    secret: ${GOOGLE_CLIENT_SECRET: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}
+    id: 157095842121-kdd1fdf8m8nudvj9sprstb2k2prnf9e4.apps.googleusercontent.com
+    secret: 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
  redirect:
-    uri: ${GOOGLE_REDIRECT_URI:https://develop.api.aida.com.hk/api/third/party/auth/google_callback}
+    uri: https://develop.api.aida.com.hk/api/third/party/auth/google_callback

 design:
  callback:
-    url: ${DESIGN_CALLBACK_URL:https://develop.api.aida.com.hk/api/third/party/receiveDesignResults}
+    url: https://darkish-copied-sprinkler.ngrok-free.dev/api/third/party/receiveDesignResults

 redirect:
-  url: ${REDIRECT_URL:http://18.167.251.121:7788}
+  url: http://18.167.251.121:7788

 global:
  award: