fix(push): 开放 SDK 设备注册相关接口,无需 JWT
register/unregister/receive-push 只需 appKey+userId, 外部用户(无 userSig)应可正常完成 push 设备注册。 send 接口保持需要认证。 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
这个提交包含在:
父节点
4c2e66eb72
当前提交
2b2144fc6b
@ -30,7 +30,15 @@ public class SecurityConfig {
|
|||||||
.csrf(AbstractHttpConfigurer::disable)
|
.csrf(AbstractHttpConfigurer::disable)
|
||||||
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||||
.authorizeHttpRequests(auth -> auth
|
.authorizeHttpRequests(auth -> auth
|
||||||
.requestMatchers("/api/push/internal/**", "/api/push/auth/**", "/actuator/health", "/actuator/info").permitAll()
|
.requestMatchers(
|
||||||
|
"/api/push/internal/**",
|
||||||
|
"/api/push/auth/**",
|
||||||
|
"/api/push/register", // SDK device token registration — appKey+userId only, no JWT
|
||||||
|
"/api/push/unregister", // SDK device token removal — appKey+userId only, no JWT
|
||||||
|
"/api/push/receive-push", // SDK push opt-in/out — appKey+userId only, no JWT
|
||||||
|
"/actuator/health",
|
||||||
|
"/actuator/info"
|
||||||
|
).permitAll()
|
||||||
.anyRequest().authenticated()
|
.anyRequest().authenticated()
|
||||||
)
|
)
|
||||||
.exceptionHandling(ex -> ex
|
.exceptionHandling(ex -> ex
|
||||||
|
|||||||
正在加载...
在新工单中引用
屏蔽一个用户