diff --git a/open-isle-cli/package.json b/open-isle-cli/package.json index f6a5f7f15..12701a6b7 100644 --- a/open-isle-cli/package.json +++ b/open-isle-cli/package.json @@ -1,5 +1,5 @@ { - "name": "open-isle-cli", + "name": "OpenIsle", "version": "0.1.0", "private": true, "scripts": { diff --git a/open-isle-cli/src/main.js b/open-isle-cli/src/main.js index c16bb75cf..b385c02d7 100644 --- a/open-isle-cli/src/main.js +++ b/open-isle-cli/src/main.js @@ -9,11 +9,11 @@ import { checkToken, clearToken } from './utils/auth' import { initTheme } from './utils/theme' // Configurable API domain and port -export const API_DOMAIN = 'http://127.0.0.1' -export const API_PORT = 8081 +// export const API_DOMAIN = 'http://127.0.0.1' +// export const API_PORT = 8081 -// export const API_DOMAIN = 'http://129.204.254.110' -// export const API_PORT = 8080 +export const API_DOMAIN = 'http://129.204.254.110' +export const API_PORT = 8080 export const API_BASE_URL = API_PORT ? `${API_DOMAIN}:${API_PORT}` : API_DOMAIN export const GOOGLE_CLIENT_ID = '777830451304-nt8afkkap18gui4f9entcha99unal744.apps.googleusercontent.com' diff --git a/open-isle-cli/wrangler.toml b/open-isle-cli/wrangler.toml new file mode 100644 index 000000000..e69de29bb diff --git a/src/main/java/com/openisle/config/SecurityConfig.java b/src/main/java/com/openisle/config/SecurityConfig.java index 1ff65f91f..ac4e5e729 100644 --- a/src/main/java/com/openisle/config/SecurityConfig.java +++ b/src/main/java/com/openisle/config/SecurityConfig.java @@ -8,6 +8,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.http.SessionCreationPolicy; @@ -65,23 +66,28 @@ public class SecurityConfig { @Bean public CorsConfigurationSource corsConfigurationSource() { - CorsConfiguration config = new CorsConfiguration(); - config.setAllowedOriginPatterns(List.of("*")); - config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS")); - config.setAllowedHeaders(List.of("*")); - config.setAllowCredentials(true); + CorsConfiguration cfg = new CorsConfiguration(); + cfg.setAllowedOrigins(List.of( + "http://127.0.0.1", // 前端调试地址 + "http://129.204.254.110", // 前端调试地址 + "https://www.open-isle.com" // 生产域名 + )); + cfg.setAllowedMethods(List.of("GET","POST","PUT","DELETE","OPTIONS")); + cfg.setAllowedHeaders(List.of("*")); + cfg.setAllowCredentials(true); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - source.registerCorsConfiguration("/**", config); + source.registerCorsConfiguration("/api/**", cfg); return source; } @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.csrf(csrf -> csrf.disable()) - .cors(cors -> cors.configurationSource(corsConfigurationSource())) + .cors(Customizer.withDefaults()) // 让 Spring 自带 CorsFilter 处理预检 .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .exceptionHandling(eh -> eh.accessDeniedHandler(customAccessDeniedHandler)) .authorizeHttpRequests(auth -> auth + .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() .requestMatchers(HttpMethod.POST, "/api/auth/**").permitAll() .requestMatchers(HttpMethod.GET, "/api/posts/**").permitAll() .requestMatchers(HttpMethod.GET, "/api/comments/**").permitAll() @@ -105,6 +111,11 @@ public class SecurityConfig { return new OncePerRequestFilter() { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + // 让预检请求直接通过 + if ("OPTIONS".equalsIgnoreCase(request.getMethod())) { + filterChain.doFilter(request, response); + return; + } String authHeader = request.getHeader("Authorization"); String uri = request.getRequestURI();