fix(push): 开放 SDK 设备注册相关接口,无需 JWT
register/unregister/receive-push 只需 appKey+userId, 外部用户(无 userSig)应可正常完成 push 设备注册。 send 接口保持需要认证。 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
这个提交包含在:
父节点
4c2e66eb72
当前提交
2b2144fc6b
@ -30,7 +30,15 @@ public class SecurityConfig {
|
||||
.csrf(AbstractHttpConfigurer::disable)
|
||||
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.requestMatchers("/api/push/internal/**", "/api/push/auth/**", "/actuator/health", "/actuator/info").permitAll()
|
||||
.requestMatchers(
|
||||
"/api/push/internal/**",
|
||||
"/api/push/auth/**",
|
||||
"/api/push/register", // SDK device token registration — appKey+userId only, no JWT
|
||||
"/api/push/unregister", // SDK device token removal — appKey+userId only, no JWT
|
||||
"/api/push/receive-push", // SDK push opt-in/out — appKey+userId only, no JWT
|
||||
"/actuator/health",
|
||||
"/actuator/info"
|
||||
).permitAll()
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.exceptionHandling(ex -> ex
|
||||
|
||||
正在加载...
在新工单中引用
屏蔽一个用户