fix(push): 开放 SDK 设备注册相关接口,无需 JWT

register/unregister/receive-push 只需 appKey+userId,
外部用户(无 userSig)应可正常完成 push 设备注册。
send 接口保持需要认证。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
这个提交包含在:
徐勤民 2026-06-26 10:54:25 +08:00
父节点 4c2e66eb72
当前提交 2b2144fc6b

查看文件

@ -30,7 +30,15 @@ public class SecurityConfig {
.csrf(AbstractHttpConfigurer::disable)
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/push/internal/**", "/api/push/auth/**", "/actuator/health", "/actuator/info").permitAll()
.requestMatchers(
"/api/push/internal/**",
"/api/push/auth/**",
"/api/push/register", // SDK device token registration appKey+userId only, no JWT
"/api/push/unregister", // SDK device token removal appKey+userId only, no JWT
"/api/push/receive-push", // SDK push opt-in/out appKey+userId only, no JWT
"/actuator/health",
"/actuator/info"
).permitAll()
.anyRequest().authenticated()
)
.exceptionHandling(ex -> ex