From 78e62b4e56d234702fb8cdea1a0fdf607a3c55cc Mon Sep 17 00:00:00 2001
From: xiao-fajia <1665375861@qq.com>
Date: Sat, 31 Aug 2024 10:17:41 +0800
Subject: [PATCH] =?UTF-8?q?=E9=85=8D=E7=BD=AESecurity=E7=99=BD=E5=90=8D?=
 =?UTF-8?q?=E5=8D=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../YudaoWebSecurityConfigurerAdapter.java    | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java
index 658ae02d..b40396a8 100644
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java
@@ -136,7 +136,41 @@ public class YudaoWebSecurityConfigurerAdapter {
                         "/admin-api/rescue/wxLogin",
                         "/admin-api/system/auth/loginApp",
                         "/admin-api/rescue/driverLogin").anonymous()
+                // 对于登录login 注册register 验证码captchaImage 允许匿名访问
+                .antMatchers("/admin-api/*/login", "/admin-api/*/wxLogin","/admin-api/*/wxLoginJc","/admin-api/*/wxLoginRescue","/admin-api/*/register","/admin-api/*/registerSmsCode","/admin-api/*/registerPhone","/admin-api/*/loginApp","/admin-api/*/loginSmsCode","/admin-api/*/captchaImage","/admin-api/*/pwdSmsCode","/admin-api/*/updatePwd").permitAll()
 
+                // 公共接口 for 小程序
+                .antMatchers("/admin-api/system/dict/data/list","/admin-api/system/user/profile/avatar","/admin-api/system/user/profile/updateNickName","/admin-api/system/user/profile/saveUserProfile","/admin-api/system/userCar/getUserCar","/admin-api/system/userFeedback/addFeedbackWx").permitAll()
+                // 省市县联动接口
+                .antMatchers(HttpMethod.GET,"/admin-api/shop/region/**").permitAll()
+                // 微信支付接口
+                .antMatchers("/admin-api/notify/**").permitAll()
+                .antMatchers("/admin-api/websocket/**").permitAll()
+                // 小程序首页
+                .antMatchers("/admin-api/system/notice/listWx","/admin-api/system/swiper/listWx","/admin-api/system/shopconfig/listWx").permitAll()
+                // 蓝安救援
+                .antMatchers("/admin-api/rescuePayApi/payNotify").permitAll()
+                // 小程序二手车
+                .antMatchers("/admin-api/system/car/listWx","/admin-api/system/car/addWx","/admin-api/system/car/getInfoWx/**").permitAll()
+                // 小程序检测
+                .antMatchers("/admin-api/system/inspectionGoods/listWx","/admin-api/system/inspectionGoods/**").permitAll()
+                // 小程序维修
+                .antMatchers("/admin-api/system/repairCategory/listWx","/admin-api/system/repaiGoods/listWx").permitAll()
+                // 小程序保险
+                .antMatchers("/admin-api/system/insuranceGoods/listWx","/admin-api/system/insuranceGoods/getInfoWx/**").permitAll()
+                // 小程序学校
+                .antMatchers("/admin-api/system/schoolRegistrationInfo/addWx","/admin-api/system/schoolInstructor/listWx","/admin-api/system/schoolAppointmentInfo/addWx").permitAll()
+                // 驾校
+                .antMatchers("/admin-api/drivingSchool/system/driveSchoolCourse/list","/admin-api/loginJx","/admin-api/loginSmsCodeJx"," /admin-api/jxInfo/payNotify","/admin-api/drivingSchool/text/list","/admin-api/drivingSchool/system/swiper/list","/admin-api/drivingSchool/system/schoolInfo/list").permitAll()
+
+                // 检测app首页
+                .antMatchers("/admin-api/appInspection/appHome/**").permitAll()
+                //检测小程序相关
+                .antMatchers("/admin-api/appInspection/partner/list","/admin-api/appInspection/news/list","/admin-api/system/dict/data/type/inspection_hygg"
+                        ,"/admin-api/appInspection/goods/categoryList","/admin-api/appInspection/partner/shopDetail","/admin-api/appInspection/goods/list","/admin-api/appInspection/news/listType","/admin-api/inspection/info/list").permitAll()
+                // 驾校小程序首页
+                .antMatchers("/admin-api/drivingSchool/system/driveSchoolCourse/getOne","/admin-api/drivingSchool/text/list","/admin-api/drivingSchool/system/swiper/list","/admin-api/drivingSchool/system/schoolInfo/list","/admin-api/drivingSchool/system/driveSchoolCourse/list","/admin-api/drivingSchool/system/reservationCourse/applet/getReservationCourseListByUserId","/admin-api/driving/findSelfInfo","/admin-api/drivingSchool/system/swiper/pclist","/admin-api/drivingSchool/system/file/getOneFile","/admin-api/drivingSchool/system/news/applist","/admin-api/drivingSchool/system/schoolCoach/list","/admin-api/drivingSchool/system/phone/getPhone","/admin-api/drivingSchool/system/dynamic/applist").permitAll()
+                // 除上面外的所有请求全部需要鉴权认证
                 // 1.2 设置 @PermitAll 无需认证
                 .antMatchers(HttpMethod.GET, permitAllUrls.get(HttpMethod.GET).toArray(new String[0])).permitAll()
                 .antMatchers(HttpMethod.POST, permitAllUrls.get(HttpMethod.POST).toArray(new String[0])).permitAll()