diff --git a/update-service/src/main/java/com/xuqm/update/controller/AppVersionController.java b/update-service/src/main/java/com/xuqm/update/controller/AppVersionController.java index d7f1454..c4b5bef 100644 --- a/update-service/src/main/java/com/xuqm/update/controller/AppVersionController.java +++ b/update-service/src/main/java/com/xuqm/update/controller/AppVersionController.java @@ -58,9 +58,6 @@ public class AppVersionController { @RequestParam(required = false) String userId) { boolean allowAnonymousCheck = publishConfigService.allowAnonymousUpdateCheck(appKey); - if (!allowAnonymousCheck && (userId == null || userId.isBlank())) { - return ResponseEntity.ok(ApiResponse.success(Map.of("needsUpdate", false))); - } Optional latest = versionRepository .findTopByAppKeyAndPlatformAndPublishStatusAndVersionCodeGreaterThanOrderByVersionCodeDesc( @@ -75,12 +72,21 @@ public class AppVersionController { AppVersionEntity v = latest.get(); - // Gray release filtering - if (!allowAnonymousCheck && v.isGrayEnabled() && userId != null && !userId.isBlank()) { - boolean inGray = isInGrayRelease(v, userId); - if (!inGray) { + // Gray release: userId is required when anonymous checks are disabled and version is gray-targeted. + // Non-gray published versions are visible to all callers regardless of userId. + if (v.isGrayEnabled()) { + if (!allowAnonymousCheck && (userId == null || userId.isBlank())) { return ResponseEntity.ok(ApiResponse.success(Map.of("needsUpdate", false))); } + if (userId != null && !userId.isBlank()) { + boolean inGray = isInGrayRelease(v, userId); + if (!inGray) { + return ResponseEntity.ok(ApiResponse.success(Map.of("needsUpdate", false))); + } + } + } else if (!allowAnonymousCheck && (userId == null || userId.isBlank())) { + // App explicitly requires login to check for updates even without gray targeting. + return ResponseEntity.ok(ApiResponse.success(Map.of("needsUpdate", false))); } String appStoreJumpUrl = hasText(v.getAppStoreUrl())