XW-AIOT/aiot-platform-cloud
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(framework): ApiRequestFilter 纳入 /open-api 路径,修复 open-api 多租户拦截缺失

Browse Source 
TenantSecurityWebFilter 继承 ApiRequestFilter,之前 shouldNotFilter 仅匹配
/admin-api 和 /app-api,导致 /open-api 请求跳过租户校验,DB 层
getRequiredTenantId() 抛 NPE。现在补上 openApi prefix,外部系统需传
tenant-id Header。

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
lzh
2026-03-13 12:02:02 +08:00
parent 6e56dcb6a2
commit 2a20f7a89f
1 changed files with 30 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
viewsh-framework/viewsh-spring-boot-starter-web/src/main/java/com/viewsh/framework/web/core/filter/ApiRequestFilter.java
View File

@@ -1,27 +1,30 @@
package com.viewsh.framework.web.core.filter; package com.viewsh.framework.web.core.filter;
import cn.hutool.core.util.StrUtil; import cn.hutool.core.util.StrUtil;
import com.viewsh.framework.web.config.WebProperties; import com.viewsh.framework.web.config.WebProperties;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import org.springframework.web.filter.OncePerRequestFilter; import org.springframework.web.filter.OncePerRequestFilter;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
/** /**
* 过滤 /admin-api、/app-api 等 API 请求的过滤器 * 过滤 /admin-api、/app-api、/open-api 等 API 请求的过滤器
* *
* @author 芋道源码 * @author 芋道源码
*/ */
@RequiredArgsConstructor @RequiredArgsConstructor
public abstract class ApiRequestFilter extends OncePerRequestFilter { public abstract class ApiRequestFilter extends OncePerRequestFilter {
protected final WebProperties webProperties; protected final WebProperties webProperties;
@Override @Override
protected boolean shouldNotFilter(HttpServletRequest request) { protected boolean shouldNotFilter(HttpServletRequest request) {
// 只过滤 API 请求的地址 // 只过滤 API 请求的地址
String apiUri = request.getRequestURI().substring(request.getContextPath().length()); String apiUri = request.getRequestURI().substring(request.getContextPath().length());
return !StrUtil.startWithAny(apiUri, webProperties.getAdminApi().getPrefix(), webProperties.getAppApi().getPrefix()); return !StrUtil.startWithAny(apiUri,
} webProperties.getAdminApi().getPrefix(),
webProperties.getAppApi().getPrefix(),
} webProperties.getOpenApi().getPrefix());
}
}