fix(framework): ApiRequestFilter 纳入 /open-api 路径,修复 open-api 多租户拦截缺失
TenantSecurityWebFilter 继承 ApiRequestFilter,之前 shouldNotFilter 仅匹配 /admin-api 和 /app-api,导致 /open-api 请求跳过租户校验,DB 层 getRequiredTenantId() 抛 NPE。现在补上 openApi prefix,外部系统需传 tenant-id Header。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,27 +1,30 @@
|
||||
package com.viewsh.framework.web.core.filter;
|
||||
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import com.viewsh.framework.web.config.WebProperties;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
|
||||
/**
|
||||
* 过滤 /admin-api、/app-api 等 API 请求的过滤器
|
||||
*
|
||||
* @author 芋道源码
|
||||
*/
|
||||
@RequiredArgsConstructor
|
||||
public abstract class ApiRequestFilter extends OncePerRequestFilter {
|
||||
|
||||
protected final WebProperties webProperties;
|
||||
|
||||
@Override
|
||||
protected boolean shouldNotFilter(HttpServletRequest request) {
|
||||
// 只过滤 API 请求的地址
|
||||
String apiUri = request.getRequestURI().substring(request.getContextPath().length());
|
||||
return !StrUtil.startWithAny(apiUri, webProperties.getAdminApi().getPrefix(), webProperties.getAppApi().getPrefix());
|
||||
}
|
||||
|
||||
}
|
||||
package com.viewsh.framework.web.core.filter;
|
||||
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import com.viewsh.framework.web.config.WebProperties;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
|
||||
/**
|
||||
* 过滤 /admin-api、/app-api、/open-api 等 API 请求的过滤器
|
||||
*
|
||||
* @author 芋道源码
|
||||
*/
|
||||
@RequiredArgsConstructor
|
||||
public abstract class ApiRequestFilter extends OncePerRequestFilter {
|
||||
|
||||
protected final WebProperties webProperties;
|
||||
|
||||
@Override
|
||||
protected boolean shouldNotFilter(HttpServletRequest request) {
|
||||
// 只过滤 API 请求的地址
|
||||
String apiUri = request.getRequestURI().substring(request.getContextPath().length());
|
||||
return !StrUtil.startWithAny(apiUri,
|
||||
webProperties.getAdminApi().getPrefix(),
|
||||
webProperties.getAppApi().getPrefix(),
|
||||
webProperties.getOpenApi().getPrefix());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user