onixbyte/delta-force-guide-server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat: use @RequiresAuth annotation instead of manual path listing in security config

Browse Source
This commit is contained in:
siujamo
2026-05-15 11:41:14 +08:00
parent 6d869d5145
commit 20d2edc9b1
5 changed files with 27 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/main/java/com/onixbyte/deltaforceguide/config/SecurityConfig.java
+1 -19
View File
@@ -10,7 +10,6 @@ import com.onixbyte.deltaforceguide.security.provider.UsernamePasswordAuthentica
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
@@ -43,24 +42,7 @@ public class SecurityConfig {
.sessionManagement((customiser) -> customiser
.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests((customiser) -> customiser
.requestMatchers("/error", "/error/**").permitAll()
.requestMatchers("/captcha", "/captcha/**").permitAll()
.requestMatchers("/auth/logout").authenticated()
.requestMatchers("/auth/**").permitAll()
.requestMatchers(
"/swagger-ui.html",
"/swagger-ui",
"/swagger-ui/**",
"/v3/api-docs",
"/v3/api-docs.yaml",
"/v3/api-docs/swagger-config"
).permitAll()
.requestMatchers(HttpMethod.GET,
"/firearms", "/firearms/*",
"/modifications", "/modifications/*",
"/daily-passwords", "/daily-passwords/*"
).permitAll()
.anyRequest().authenticated()
.anyRequest().permitAll()
)
.addFilterAfter(tokenAuthenticationFilter, ExceptionTranslationFilter.class)
.build();
src/main/java/com/onixbyte/deltaforceguide/controller/AuthController.java
+2
View File
@@ -3,6 +3,7 @@ package com.onixbyte.deltaforceguide.controller;
import com.onixbyte.deltaforceguide.domain.dto.LoginRequest;
import com.onixbyte.deltaforceguide.domain.dto.UserResponse;
import com.onixbyte.deltaforceguide.client.TokenClient;
import com.onixbyte.deltaforceguide.security.annotation.RequiresAuth;
import com.onixbyte.deltaforceguide.service.AuthService;
import com.onixbyte.deltaforceguide.service.CookieService;
import com.onixbyte.deltaforceguide.shared.CookieName;
@@ -45,6 +46,7 @@ public class AuthController {
.body(UserResponse.from(user));
}
@RequiresAuth
@Operation(description = "退出登录")
@PostMapping("/logout")
public ResponseEntity<Void> logout() {
src/main/java/com/onixbyte/deltaforceguide/controller/FirearmController.java
+4
View File
@@ -4,6 +4,7 @@ import com.onixbyte.deltaforceguide.domain.dto.FirearmRequest;
import com.onixbyte.deltaforceguide.domain.dto.FirearmResponse;
import com.onixbyte.deltaforceguide.domain.dto.PageResponse;
import com.onixbyte.deltaforceguide.enumeration.FirearmType;
import com.onixbyte.deltaforceguide.security.annotation.RequiresAuth;
import com.onixbyte.deltaforceguide.service.FirearmService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
@@ -44,17 +45,20 @@ public class FirearmController {
return firearmService.queryById(id);
}
@RequiresAuth
@PostMapping
public FirearmResponse addFirearm(@Validated @RequestBody FirearmRequest request) {
return firearmService.addFirearm(request);
}
@RequiresAuth
@Operation(description = "更新指定武器的数据")
@PutMapping("/{id}")
public FirearmResponse updateFirearm(@PathVariable Long id, @Validated @RequestBody FirearmRequest request) {
return firearmService.updateFirearm(id, request);
}
@RequiresAuth
@Operation(description = "删除指定武器的数据")
@DeleteMapping("/{id}")
public void deleteFirearm(@PathVariable Long id) {
src/main/java/com/onixbyte/deltaforceguide/controller/ModificationController.java
+6
View File
@@ -4,6 +4,7 @@ import com.onixbyte.deltaforceguide.domain.dto.ModificationBatchCreateRequest;
import com.onixbyte.deltaforceguide.domain.dto.ModificationRequest;
import com.onixbyte.deltaforceguide.domain.dto.ModificationResponse;
import com.onixbyte.deltaforceguide.domain.dto.PageResponse;
import com.onixbyte.deltaforceguide.security.annotation.RequiresAuth;
import com.onixbyte.deltaforceguide.service.ModificationService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
@@ -57,30 +58,35 @@ public class ModificationController {
return modificationService.queryById(id);
}
@RequiresAuth
@Operation(description = "创建改装")
@PostMapping
public ModificationResponse create(@Valid @RequestBody ModificationRequest request) {
return modificationService.create(request);
}
@RequiresAuth
@Operation(description = "批量创建改装")
@PostMapping("/batch")
public List<ModificationResponse> batchCreate(@Valid @RequestBody ModificationBatchCreateRequest request) {
return modificationService.batchCreate(request.modifications());
}
@RequiresAuth
@Operation(description = "修改指定改装")
@PutMapping("/{id}")
public ModificationResponse update(@PathVariable Long id, @Valid @RequestBody ModificationRequest request) {
return modificationService.update(id, request);
}
@RequiresAuth
@Operation(description = "删除指定改装")
@DeleteMapping("/{id}")
public void delete(@PathVariable Long id) {
modificationService.delete(id);
}
@RequiresAuth
@Operation(description = "批量删除改装")
@DeleteMapping("/batch-delete")
@Validated
src/main/java/com/onixbyte/deltaforceguide/security/annotation/RequiresAuth.java
+14
View File
@@ -0,0 +1,14 @@
package com.onixbyte.deltaforceguide.security.annotation;
import org.springframework.security.access.prepost.PreAuthorize;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@PreAuthorize("isAuthenticated()")
public @interface RequiresAuth {
}