feat(SecurityGlobalFilter.class): 正式环境放行app的put请求

2025-01-03 17:42:20 +08:00 · 2021-10-20 00:54:30 +08:00 · 2021-10-20 00:54:30 +08:00 · c85598ab08
commit c85598ab08
parent 831b3e45f0
1 changed files with 7 additions and 6 deletions
--- a/youlai-gateway/src/main/java/com/youlai/gateway/security/SecurityGlobalFilter.java
+++ b/youlai-gateway/src/main/java/com/youlai/gateway/security/SecurityGlobalFilter.java
@ -51,18 +51,19 @@ public class SecurityGlobalFilter implements GlobalFilter, Ordered {


        // 线上演示环境禁止修改和删除
-        if (env.equals("prod") && !SecurityConstants.LOGOUT_PATH.equals(request.getPath().toString())
-                && (
-                HttpMethod.DELETE.toString().equals(request.getMethodValue()) // 删除方法
-                        || HttpMethod.PUT.toString().equals(request.getMethodValue())// 修改方法
-                        || SecurityConstants.SAVE_MENU_PATH.equals(request.getPath().toString()) // 新增路由
+        String requestPath = request.getPath().toString();
+        if (env.equals("prod") && !SecurityConstants.LOGOUT_PATH.equals(requestPath)
+                && !StrUtil.contains(requestPath, "app-api")
+                && (HttpMethod.DELETE.toString().equals(request.getMethodValue()) // 删除方法
+                || HttpMethod.PUT.toString().equals(request.getMethodValue())// 修改方法
+                || SecurityConstants.SAVE_MENU_PATH.equals(request.getPath().toString()) // 新增路由
        )) {
            return ResponseUtils.writeErrorInfo(response, ResultCode.FORBIDDEN_OPERATION);
        }

        // 不是正确的的JWT不做解析处理
        String token = request.getHeaders().getFirst(SecurityConstants.AUTHORIZATION_KEY);
-        if (StrUtil.isBlank(token) ||  !StrUtil.startWithIgnoreCase(token, SecurityConstants.JWT_PREFIX)) {
+        if (StrUtil.isBlank(token) || !StrUtil.startWithIgnoreCase(token, SecurityConstants.JWT_PREFIX)) {
            return chain.filter(exchange);
        }