From 5759b09c9f647e2b1107890c86580b8b2c957c3a Mon Sep 17 00:00:00 2001 From: SpecialX <47072643+wangxiner55@users.noreply.github.com> Date: Thu, 9 Jul 2026 00:30:35 +0800 Subject: [PATCH] =?UTF-8?q?feat(api-gateway):=20=E6=B7=BB=E5=8A=A0?= =?UTF-8?q?=E5=85=AC=E5=BC=80=E8=B7=AF=E5=BE=84=E7=99=BD=E5=90=8D=E5=8D=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit register/login/refresh 无需 JWT 即可通过 Gateway,修复之前无 token 无法注册登录的死锁问题。 --- .../api-gateway/internal/middleware/auth.go | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/services/api-gateway/internal/middleware/auth.go b/services/api-gateway/internal/middleware/auth.go index 837b986..486525b 100644 --- a/services/api-gateway/internal/middleware/auth.go +++ b/services/api-gateway/internal/middleware/auth.go @@ -10,6 +10,20 @@ import ( "github.com/google/uuid" ) +// publicPaths 是无需鉴权的公开路径(精确匹配,基于去掉 /api/v1 前缀后的路径) +var publicPaths = map[string]bool{ + "/iam/register": true, + "/iam/login": true, + "/iam/refresh": true, +} + +// isPublicPath 判断请求路径是否属于公开路径(无需鉴权) +// 匹配规则:去掉 /api/v1 前缀后,与 publicPaths 精确匹配 +func isPublicPath(path string) bool { + stripped := strings.TrimPrefix(path, "/api/v1") + return publicPaths[stripped] +} + // AuthMiddleware 验证 JWT 并注入用户信息到请求头 // P1 用 HS256,P2 改 RS256(IAM 签发) func AuthMiddleware(cfg *config.Config) gin.HandlerFunc { @@ -20,6 +34,12 @@ func AuthMiddleware(cfg *config.Config) gin.HandlerFunc { return } + // 公开路径白名单(register/login/refresh 无需鉴权) + if isPublicPath(c.Request.URL.Path) { + c.Next() + return + } + authHeader := c.GetHeader("Authorization") if authHeader == "" { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{