aidlab/aida_back
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

微服务改造

Browse Source
This commit is contained in:
litianxiang
2026-04-22 15:54:42 +08:00
parent d0b8b8d674
commit 23716984cc
2 changed files with 22 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/main/java/com/ai/da/common/config/SecurityConfig.java
View File

@@ -7,6 +7,11 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
/**
* Spring Security 配置。
* 由于鉴权逻辑已迁移至 GatewayGlobalAuthWebFilter
* 后端服务 (aida-back) 默认放行所有请求,仅依赖网关传递的用户信息。
*/
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
public class SecurityConfig { public class SecurityConfig {
@@ -14,18 +19,16 @@ public class SecurityConfig {
@Bean @Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http http
// 禁用 CSRF微服务通常不需要
.csrf(AbstractHttpConfigurer::disable) .csrf(AbstractHttpConfigurer::disable)
// 允许所有请求,具体鉴权在网关层完成
.authorizeHttpRequests(auth -> auth .authorizeHttpRequests(auth -> auth
.requestMatchers( .anyRequest().permitAll()
"/doc.html", )
"/swagger-ui/**", // 禁用默认的表单登录和 HTTP Basic 认证,防止 302 重定向
"/swagger-resources/**", .formLogin(AbstractHttpConfigurer::disable)
"/v2/api-docs/**", .httpBasic(AbstractHttpConfigurer::disable);
"/v3/api-docs/**",
"/webjars/**"
).permitAll()
.anyRequest().permitAll() // 先全部允许,后续根据业务需要收紧
);
return http.build(); return http.build();
} }
} }

18
src/main/resources/application.yml
View File

@@ -15,15 +15,15 @@ spring:
# ---------- Token 生成参数(由 TokenGenerateUtils 使用) ---------- # ---------- Token 生成参数(由 TokenGenerateUtils 使用) ----------
security: security:
jwtSecret: ${JWT_SECRET:JWTSECRET} jwtSecret: JWTSECRET
jwtTokenHeader: Authorization jwtTokenHeader: Authorization
jwtTokenPrefix: Bearer- jwtTokenPrefix: Bearer-
jwtExpiration: ${JWT_EXPIRATION:8640000000} jwtExpiration: 8640000000
# ---------- Python 服务 ---------- # ---------- Python 服务 ----------
access: access:
python: python:
ip: ${PYTHON_HOST:http://18.167.251.121} ip: http://18.167.251.121
port: 9994 port: 9994
generate_sr_port: 9994 generate_sr_port: 9994
address: http://18.167.251.121:9994 address: http://18.167.251.121:9994
@@ -86,7 +86,7 @@ rabbitmq:
# ---------- 第三方服务 ---------- # ---------- 第三方服务 ----------
orderList: orderList:
link: ${ORDER_LINK:https://develop.aida.com.hk/home/homePage?order=} link: https://develop.aida.com.hk/home/homePage?order=
stripe: stripe:
webhook: webhook:
@@ -96,17 +96,17 @@ stripe:
google: google:
client: client:
id: ${GOOGLE_CLIENT_ID:157095842121-kdd1fdf8m8nudvj9sprstb2k2prnf9e4.apps.googleusercontent.com} id: 157095842121-kdd1fdf8m8nudvj9sprstb2k2prnf9e4.apps.googleusercontent.com
secret: ${GOOGLE_CLIENT_SECRET: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} secret: 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
redirect: redirect:
uri: ${GOOGLE_REDIRECT_URI:https://develop.api.aida.com.hk/api/third/party/auth/google_callback} uri: https://develop.api.aida.com.hk/api/third/party/auth/google_callback
design: design:
callback: callback:
url: ${DESIGN_CALLBACK_URL:https://develop.api.aida.com.hk/api/third/party/receiveDesignResults} url: https://darkish-copied-sprinkler.ngrok-free.dev/api/third/party/receiveDesignResults
redirect: redirect:
url: ${REDIRECT_URL:http://18.167.251.121:7788} url: http://18.167.251.121:7788
global: global:
award: award: