diff --git a/mcwl-admin/src/main/java/com/mcwl/web/controller/resource/ModelCommentController.java b/mcwl-admin/src/main/java/com/mcwl/web/controller/resource/ModelCommentController.java index c4998ae..13d3b32 100644 --- a/mcwl-admin/src/main/java/com/mcwl/web/controller/resource/ModelCommentController.java +++ b/mcwl-admin/src/main/java/com/mcwl/web/controller/resource/ModelCommentController.java @@ -85,7 +85,7 @@ public class ModelCommentController { * 获取模型评论 */ @ApiOperation(value = "获取模型评论") - @GetMapping("/comment") + @GetMapping("/getComment") @Valid public R> getComment(@Valid @NotNull(message = "模型id不能为空") diff --git a/mcwl-admin/src/main/java/com/mcwl/web/controller/resource/ModelImageCommentController.java b/mcwl-admin/src/main/java/com/mcwl/web/controller/resource/ModelImageCommentController.java index 3736545..41ecd1b 100644 --- a/mcwl-admin/src/main/java/com/mcwl/web/controller/resource/ModelImageCommentController.java +++ b/mcwl-admin/src/main/java/com/mcwl/web/controller/resource/ModelImageCommentController.java @@ -74,7 +74,7 @@ public class ModelImageCommentController { * 获取图片评论 */ @ApiOperation(value = "获取图片评论") - @GetMapping("/comment") + @GetMapping("/getComment") @Valid public R> getComment(@Valid @NotNull(message = "图片id不能为空") diff --git a/mcwl-admin/src/main/java/com/mcwl/web/controller/resource/WorkFlowCommentController.java b/mcwl-admin/src/main/java/com/mcwl/web/controller/resource/WorkFlowCommentController.java index 5a01ccb..ccf116b 100644 --- a/mcwl-admin/src/main/java/com/mcwl/web/controller/resource/WorkFlowCommentController.java +++ b/mcwl-admin/src/main/java/com/mcwl/web/controller/resource/WorkFlowCommentController.java @@ -84,7 +84,7 @@ public class WorkFlowCommentController { * 获取工作流评论 */ @ApiOperation(value = "获取工作流评论") - @GetMapping("/comment") + @GetMapping("/getComment") public R> getComment(@Valid @NotNull(message = "模型id不能为空") @ApiParam(value = "模型id", required = true) diff --git a/mcwl-framework/src/main/java/com/mcwl/framework/config/SecurityConfig.java b/mcwl-framework/src/main/java/com/mcwl/framework/config/SecurityConfig.java index 8771b11..ffba011 100644 --- a/mcwl-framework/src/main/java/com/mcwl/framework/config/SecurityConfig.java +++ b/mcwl-framework/src/main/java/com/mcwl/framework/config/SecurityConfig.java @@ -30,8 +30,7 @@ import org.springframework.web.filter.CorsFilter; */ @EnableMethodSecurity(prePostEnabled = true, securedEnabled = true) @Configuration -public class SecurityConfig -{ +public class SecurityConfig { /** * 自定义用户认证逻辑 */ @@ -79,8 +78,7 @@ public class SecurityConfig * 身份验证实现 */ @Bean - public AuthenticationManager authenticationManager() - { + public AuthenticationManager authenticationManager() { DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider(); daoAuthenticationProvider.setUserDetailsService(userDetailsService); daoAuthenticationProvider.setPasswordEncoder(bCryptPasswordEncoder()); @@ -112,48 +110,67 @@ public class SecurityConfig * authenticated | 用户登录后可访问 */ @Bean - protected SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception - { + protected SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception { return httpSecurity - // CSRF禁用,因为不使用session - .csrf(csrf -> csrf.disable()) - // 禁用HTTP响应标头 - .headers((headersCustomizer) -> { - headersCustomizer.cacheControl(cache -> cache.disable()).frameOptions(options -> options.sameOrigin()); - }) - // 认证失败处理类 - .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler)) - // 基于token,所以不需要session - .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) - // 注解标记允许匿名访问的url - .authorizeHttpRequests((requests) -> { - permitAllUrl.getUrls().forEach(url -> requests.antMatchers(url).permitAll()); - // 对于登录login 注册register 验证码captchaImage 允许匿名访问 - requests.antMatchers("/login", "/register", "/captchaImage","/ali/pay/doPay","/ali/pay/notify", - "/ali/pay/callback","/file/**","/model/modelSquare","/image/imageList","/WorkFlow/workFlowList", - "/system/dict/data/type/**").permitAll() - // 静态资源,可匿名访问 - .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll() - .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll() - // 除上面外的所有请求全部需要鉴权认证 - .anyRequest().authenticated(); - }) - // 添加Logout filter - .logout(logout -> logout.logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler)) - // 添加JWT filter - .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class) - // 添加CORS filter - .addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class) - .addFilterBefore(corsFilter, LogoutFilter.class) - .build(); + // CSRF禁用,因为不使用session + .csrf(csrf -> csrf.disable()) + // 禁用HTTP响应标头 + .headers((headersCustomizer) -> { + headersCustomizer.cacheControl(cache -> cache.disable()).frameOptions(options -> options.sameOrigin()); + }) + // 认证失败处理类 + .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler)) + // 基于token,所以不需要session + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + // 注解标记允许匿名访问的url + .authorizeHttpRequests((requests) -> { + permitAllUrl.getUrls().forEach(url -> requests.antMatchers(url).permitAll()); + // 对于登录login 注册register 验证码captchaImage 允许匿名访问 + requests.antMatchers("/login", + "/register", + "/captchaImage", + "/ali/pay/doPay", + "/ali/pay/notify", + "/ali/pay/callback", + "/file/**", + "/model/modelSquare", + "/model/selectModelById", + "/model/finbyid", + "/ModelVersion/finbyid", + "/ModelComment/getComment", + "/ModelComment/commentCount", + "/WorkFlow/workFlowList", + "/WorkFlow/selectWorkFlowById", + "/WorkFlowComment/getComment", + "/image/imageList", + "/image/detail", + "/imageComment/getComment", + "/system/user/selectUserById", + "/system/dict/data/type/**", + "/attention/selectAttention", + "/attention/selectUserInfo" + ).permitAll() + // 静态资源,可匿名访问 + .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll() + .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll() + // 除上面外的所有请求全部需要鉴权认证 + .anyRequest().authenticated(); + }) + // 添加Logout filter + .logout(logout -> logout.logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler)) + // 添加JWT filter + .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class) + // 添加CORS filter + .addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class) + .addFilterBefore(corsFilter, LogoutFilter.class) + .build(); } /** * 强散列哈希加密实现 */ @Bean - public BCryptPasswordEncoder bCryptPasswordEncoder() - { + public BCryptPasswordEncoder bCryptPasswordEncoder() { return new BCryptPasswordEncoder(); } } diff --git a/mcwl-resource/src/main/java/com/mcwl/resource/service/impl/ModelCommentServiceImpl.java b/mcwl-resource/src/main/java/com/mcwl/resource/service/impl/ModelCommentServiceImpl.java index 050e307..820a6a8 100644 --- a/mcwl-resource/src/main/java/com/mcwl/resource/service/impl/ModelCommentServiceImpl.java +++ b/mcwl-resource/src/main/java/com/mcwl/resource/service/impl/ModelCommentServiceImpl.java @@ -146,7 +146,7 @@ public class ModelCommentServiceImpl extends ServiceImpl allCommentIds = collectAllCommentIds(parentComments, childComments); // 5. 批量查询点赞状态(仅当用户已登录) - Map likeStatusMap = SecurityUtils.getUserIdMax() != null ? + Map likeStatusMap = SecurityUtils.getUserIdMax() != 0 ? batchGetLikeStatus(allCommentIds, SecurityUtils.getUserIdMax()) : new HashMap<>(); diff --git a/mcwl-resource/src/main/java/com/mcwl/resource/service/impl/ModelImageLikeServiceImpl.java b/mcwl-resource/src/main/java/com/mcwl/resource/service/impl/ModelImageLikeServiceImpl.java index 2a54d9f..d6e2256 100644 --- a/mcwl-resource/src/main/java/com/mcwl/resource/service/impl/ModelImageLikeServiceImpl.java +++ b/mcwl-resource/src/main/java/com/mcwl/resource/service/impl/ModelImageLikeServiceImpl.java @@ -172,7 +172,7 @@ public class ModelImageLikeServiceImpl extends ServiceImpl modelImageLikeIds = new ArrayList<>(); List modelImageLikes = baseMapper.selectList(new LambdaQueryWrapper() - .eq(ModelImageLike::getUserId, SecurityUtils.getUserId())); + .eq(ModelImageLike::getUserId, SecurityUtils.getUserIdMax())); for (ModelImageLike modelImageLike : modelImageLikes) { modelImageLikeIds.add(modelImageLike.getModelImageId()); } diff --git a/mcwl-resource/src/main/java/com/mcwl/resource/service/impl/WorkFlowCommentServiceImpl.java b/mcwl-resource/src/main/java/com/mcwl/resource/service/impl/WorkFlowCommentServiceImpl.java index 2c29ac0..5396ed4 100644 --- a/mcwl-resource/src/main/java/com/mcwl/resource/service/impl/WorkFlowCommentServiceImpl.java +++ b/mcwl-resource/src/main/java/com/mcwl/resource/service/impl/WorkFlowCommentServiceImpl.java @@ -142,8 +142,8 @@ public class WorkFlowCommentServiceImpl extends ServiceImpl allCommentIds = collectAllCommentIds(parentComments, childComments); // 5. 批量查询点赞状态(仅当用户已登录) - Map likeStatusMap = SecurityUtils.getUserId() != null ? - batchGetLikeStatus(allCommentIds, SecurityUtils.getUserId()) : + Map likeStatusMap = SecurityUtils.getUserIdMax() != 0 ? + batchGetLikeStatus(allCommentIds, SecurityUtils.getUserIdMax()) : new HashMap<>(); // 6. 构建评论树结构(传递点赞状态)