application.yml — all services:
- Replace hardcoded jdbc:mysql://39.107.53.187 with ${SPRING_DATASOURCE_URL:fallback}
- Same for SPRING_DATASOURCE_USERNAME/PASSWORD
- im-service: replace hardcoded redisdev.xuqinmin.com with ${SPRING_DATA_REDIS_*}
This ensures docker-compose environment overrides take effect; without these
placeholders, Spring Boot's relaxed binding couldn't override the YAML values
and the private deployment connected to production databases.
StoreSubmissionService.refreshStoreReviewStatus — two bugs fixed:
1. MI/UNDER_REVIEW_XIAOMI branch now guards against downgrading APPROVED state.
Xiaomi's poll API returns UNDER_REVIEW_XIAOMI when the submitted version is
not yet the live version, even after the store approves it. Previously this
caused the manual refresh to overwrite a webhook-confirmed APPROVED with
UNDER_REVIEW on every click.
2. When the poll returns APPROVED but currentSubmissionLive=false (another version
is live on the store), no longer overwrite an existing APPROVED (from webhook)
with nonCurrentRelease=true. The webhook is authoritative; the live version
difference just means distribution is pending, not that this is a non-current
release. Only adds nonCurrentRelease when transitioning FROM a non-APPROVED
state (true pre-existing detection).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
file.getBytes() loaded the entire APK into JVM heap, causing
OutOfMemoryError on files >~50MB. Now streams to a temp file while
computing SHA-256 via DigestInputStream, then atomically moves to the
final path. Zero heap cost regardless of file size.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Spring Boot's /error handler was secured, causing any server-side exception
during upload/serve to redirect clients to login instead of returning an
error message. Permitting /error ensures errors are returned as proper
JSON responses rather than auth challenges.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Spring Security 6 with MVC on classpath resolves requestMatchers(HttpMethod, String)
to MvcRequestMatcher, which fails to match the actual servlet paths for this service.
Switching to explicit AntPathRequestMatcher instances bypasses MVC introspection and
forces pure Ant pattern evaluation, fixing persistent 401 on public upload/serve endpoints.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Spring Security 6 MvcRequestMatcher (used when no HttpMethod is specified
and Spring MVC is on the classpath) fails to match the upload endpoint,
falling through to anyRequest().authenticated() and returning 401.
Specifying HttpMethod forces AntRequestMatcher which matches reliably.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The previous commit (GET-only permitAll) inadvertently broke upload by
requiring auth. The original design intentionally allows unauthenticated
upload — explicitly permit POST /api/file/upload to make this clear.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Upload endpoint (POST) was inadvertently matched by the method-less
requestMatchers("/api/file/*") rule. Making it GET-only makes the intent
explicit and ensures upload correctly requires a valid JWT.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Spring Security's default Http403ForbiddenEntryPoint was returning 403
for all auth failures. Frontend clients treat 403 as a permission error
(not an auth error), so silent loops occurred instead of proper re-login.
Adding a custom AuthenticationEntryPoint that returns 401 makes clients
handle auth failures correctly (show login page on 401).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
