From 2b2144fc6b05fb3377e22464f21136a0a09f6f6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BE=90=E5=8B=A4=E6=B0=91?= Date: Fri, 26 Jun 2026 10:54:25 +0800 Subject: [PATCH] =?UTF-8?q?fix(push):=20=E5=BC=80=E6=94=BE=20SDK=20?= =?UTF-8?q?=E8=AE=BE=E5=A4=87=E6=B3=A8=E5=86=8C=E7=9B=B8=E5=85=B3=E6=8E=A5?= =?UTF-8?q?=E5=8F=A3=EF=BC=8C=E6=97=A0=E9=9C=80=20JWT?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit register/unregister/receive-push 只需 appKey+userId, 外部用户(无 userSig)应可正常完成 push 设备注册。 send 接口保持需要认证。 Co-Authored-By: Claude Sonnet 4.6 --- .../main/java/com/xuqm/push/config/SecurityConfig.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/push-service/src/main/java/com/xuqm/push/config/SecurityConfig.java b/push-service/src/main/java/com/xuqm/push/config/SecurityConfig.java index 2711de5..d02c725 100644 --- a/push-service/src/main/java/com/xuqm/push/config/SecurityConfig.java +++ b/push-service/src/main/java/com/xuqm/push/config/SecurityConfig.java @@ -30,7 +30,15 @@ public class SecurityConfig { .csrf(AbstractHttpConfigurer::disable) .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .authorizeHttpRequests(auth -> auth - .requestMatchers("/api/push/internal/**", "/api/push/auth/**", "/actuator/health", "/actuator/info").permitAll() + .requestMatchers( + "/api/push/internal/**", + "/api/push/auth/**", + "/api/push/register", // SDK device token registration — appKey+userId only, no JWT + "/api/push/unregister", // SDK device token removal — appKey+userId only, no JWT + "/api/push/receive-push", // SDK push opt-in/out — appKey+userId only, no JWT + "/actuator/health", + "/actuator/info" + ).permitAll() .anyRequest().authenticated() ) .exceptionHandling(ex -> ex