feat(blog-backend): 添加开发环境的 cors 兼容
This commit is contained in:
@@ -1,6 +1,5 @@
|
||||
package cn.hamster3.application.blog.config;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.data.domain.AuditorAware;
|
||||
@@ -13,7 +12,6 @@ import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import java.util.Optional;
|
||||
|
||||
@Configuration
|
||||
@Slf4j
|
||||
public class WebConfig {
|
||||
@Bean
|
||||
public PasswordEncoder getPasswordEncoder() {
|
||||
@@ -31,4 +29,5 @@ public class WebConfig {
|
||||
return Optional.of(user.getUsername());
|
||||
};
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -6,6 +6,8 @@ import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.web.servlet.config.annotation.CorsRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||
|
||||
@Slf4j
|
||||
@Configuration
|
||||
@@ -15,12 +17,29 @@ public class DevSecurityConfiguration {
|
||||
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
log.info("development environment security settings enabled.");
|
||||
return http.authorizeHttpRequests(request -> request
|
||||
.anyRequest().permitAll()
|
||||
).csrf().disable()
|
||||
.anyRequest().permitAll())
|
||||
.cors().and()
|
||||
.csrf().disable()
|
||||
.formLogin()
|
||||
.and()
|
||||
.httpBasic()
|
||||
.and()
|
||||
.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public WebMvcConfigurer corsConfigurer() {
|
||||
log.info("add cors configuration...");
|
||||
return new WebMvcConfigurer() {
|
||||
@Override
|
||||
public void addCorsMappings(CorsRegistry registry) {
|
||||
registry.addMapping("/**")
|
||||
.allowedOriginPatterns("*")
|
||||
.allowedMethods("*")
|
||||
.allowedHeaders("*")
|
||||
.allowCredentials(true)
|
||||
.maxAge(3600);
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -16,13 +16,14 @@ public class SecurityConfiguration {
|
||||
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
log.info("production environment security settings enabled.");
|
||||
return http.authorizeHttpRequests(request -> request
|
||||
.requestMatchers(HttpMethod.GET, "/", "/index", "/index.html").permitAll()
|
||||
.requestMatchers(HttpMethod.GET, "/favicon.ico", "/assets/**").permitAll()
|
||||
.requestMatchers(HttpMethod.GET, "/register", "/login").permitAll()
|
||||
.requestMatchers(HttpMethod.GET, "/swagger-ui/**", "v3/api-docs/**").permitAll()
|
||||
.requestMatchers(HttpMethod.POST, "/api/v1/user/").anonymous()
|
||||
.anyRequest().authenticated()
|
||||
).csrf().disable()
|
||||
.requestMatchers(HttpMethod.GET, "/", "/index", "/index.html").permitAll()
|
||||
.requestMatchers(HttpMethod.GET, "/favicon.ico", "/assets/**").permitAll()
|
||||
.requestMatchers(HttpMethod.GET, "/register", "/login").permitAll()
|
||||
.requestMatchers(HttpMethod.GET, "/swagger-ui/**", "v3/api-docs/**").permitAll()
|
||||
.requestMatchers(HttpMethod.POST, "/api/v1/user/").anonymous()
|
||||
.anyRequest().authenticated())
|
||||
.cors().and()
|
||||
.csrf().disable()
|
||||
.formLogin()
|
||||
.and()
|
||||
.httpBasic()
|
||||
|
||||
@@ -3,7 +3,6 @@ package cn.hamster3.application.blog.config.security;
|
||||
import cn.hamster3.application.blog.dao.UserRepository;
|
||||
import cn.hamster3.application.blog.entity.UserEntity;
|
||||
import jakarta.annotation.Resource;
|
||||
import org.hibernate.Hibernate;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
||||
@@ -2,6 +2,7 @@ package cn.hamster3.application.blog.controller;
|
||||
|
||||
import cn.hamster3.application.blog.entity.BlogEntity;
|
||||
import cn.hamster3.application.blog.vo.ResponseVO;
|
||||
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
package cn.hamster3.application.blog.dao;
|
||||
|
||||
import cn.hamster3.application.blog.entity.BlogEntity;
|
||||
import cn.hamster3.application.blog.entity.UserEntity;
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
|
||||
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
public interface UserEntityRepository extends JpaRepository<UserEntity, UUID>, JpaSpecificationExecutor<BlogEntity> {
|
||||
Optional<UserEntity> findByEmailOrUsername(String email, String username);
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
package cn.hamster3.application.blog.dao;
|
||||
|
||||
import cn.hamster3.application.blog.entity.BlogEntity;
|
||||
import cn.hamster3.application.blog.entity.UserEntity;
|
||||
import org.springframework.data.jpa.repository.EntityGraph;
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
|
||||
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
public interface UserRepository extends JpaRepository<UserEntity, UUID>, JpaSpecificationExecutor<BlogEntity> {
|
||||
boolean existsByNicknameIgnoreCase(String nickname);
|
||||
|
||||
boolean existsByEmailIgnoreCase(String email);
|
||||
|
||||
@EntityGraph(attributePaths = {"permissions"})
|
||||
<T> Optional<T> findByEmailOrNicknameAllIgnoreCase(String email, String nickname, Class<T> type);
|
||||
}
|
||||
Reference in New Issue
Block a user