From d49d0297cf6cbd435fc9e9ac37061332b7f542fd Mon Sep 17 00:00:00 2001
From: XuqmGroup <noreply@xuqm.com>
Date: Thu, 21 May 2026 17:22:59 +0800
Subject: [PATCH] =?UTF-8?q?fix(update-service):=20=E9=9D=9E=E7=81=B0?=
 =?UTF-8?q?=E5=BA=A6=E7=89=88=E6=9C=AC=E5=AF=B9=E5=8C=BF=E5=90=8D=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E5=8F=AF=E8=A7=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

原逻辑在 allowAnonymousCheck=false 且 userId=null 时直接返回
needsUpdate=false，导致无登录流程的应用（如 clinical-android）
永远收不到更新提示。

修正为：只有灰度版本才需要 userId；非灰度已发布版本对所有调用
方可见，allowAnonymousCheck=false 仅在非灰度场景下补充拦截。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../controller/AppVersionController.java      | 20 ++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/update-service/src/main/java/com/xuqm/update/controller/AppVersionController.java b/update-service/src/main/java/com/xuqm/update/controller/AppVersionController.java
index d7f1454..c4b5bef 100644
--- a/update-service/src/main/java/com/xuqm/update/controller/AppVersionController.java
+++ b/update-service/src/main/java/com/xuqm/update/controller/AppVersionController.java
@@ -58,9 +58,6 @@ public class AppVersionController {
             @RequestParam(required = false) String userId) {
 
         boolean allowAnonymousCheck = publishConfigService.allowAnonymousUpdateCheck(appKey);
-        if (!allowAnonymousCheck && (userId == null || userId.isBlank())) {
-            return ResponseEntity.ok(ApiResponse.success(Map.of("needsUpdate", false)));
-        }
 
         Optional<AppVersionEntity> latest = versionRepository
                 .findTopByAppKeyAndPlatformAndPublishStatusAndVersionCodeGreaterThanOrderByVersionCodeDesc(
@@ -75,12 +72,21 @@ public class AppVersionController {
 
         AppVersionEntity v = latest.get();
 
-        // Gray release filtering
-        if (!allowAnonymousCheck && v.isGrayEnabled() && userId != null && !userId.isBlank()) {
-            boolean inGray = isInGrayRelease(v, userId);
-            if (!inGray) {
+        // Gray release: userId is required when anonymous checks are disabled and version is gray-targeted.
+        // Non-gray published versions are visible to all callers regardless of userId.
+        if (v.isGrayEnabled()) {
+            if (!allowAnonymousCheck && (userId == null || userId.isBlank())) {
                 return ResponseEntity.ok(ApiResponse.success(Map.of("needsUpdate", false)));
             }
+            if (userId != null && !userId.isBlank()) {
+                boolean inGray = isInGrayRelease(v, userId);
+                if (!inGray) {
+                    return ResponseEntity.ok(ApiResponse.success(Map.of("needsUpdate", false)));
+                }
+            }
+        } else if (!allowAnonymousCheck && (userId == null || userId.isBlank())) {
+            // App explicitly requires login to check for updates even without gray targeting.
+            return ResponseEntity.ok(ApiResponse.success(Map.of("needsUpdate", false)));
         }
 
         String appStoreJumpUrl = hasText(v.getAppStoreUrl())