|
@@ -39,6 +39,16 @@ public class SecurityConfig {
|
|
|
.authorizeHttpRequests((requests) -> {
|
|
.authorizeHttpRequests((requests) -> {
|
|
|
// 对于登录、注册、刷新Token允许匿名访问
|
|
// 对于登录、注册、刷新Token允许匿名访问
|
|
|
requests.requestMatchers("/auth/register", "/auth/login", "/auth/refresh").permitAll()
|
|
requests.requestMatchers("/auth/register", "/auth/login", "/auth/refresh").permitAll()
|
|
|
|
|
+ // Actuator 健康检查
|
|
|
|
|
+ .requestMatchers("/actuator/**").permitAll()
|
|
|
|
|
+ // API 文档
|
|
|
|
|
+ .requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/swagger-resources/**").permitAll()
|
|
|
|
|
+ // 文件上传和解析(开发阶段暂时开放)
|
|
|
|
|
+ .requestMatchers("/api/v1/parse/**", "/parse/**").permitAll()
|
|
|
|
|
+ // RAG 接口(开发阶段暂时开放)
|
|
|
|
|
+ .requestMatchers("/api/rag/**").permitAll()
|
|
|
|
|
+ // 图谱接口(开发阶段暂时开放)
|
|
|
|
|
+ .requestMatchers("/api/graph/**", "/api/text-storage/**").permitAll()
|
|
|
// 静态资源,可匿名访问
|
|
// 静态资源,可匿名访问
|
|
|
.requestMatchers(HttpMethod.GET,
|
|
.requestMatchers(HttpMethod.GET,
|
|
|
"/",
|
|
"/",
|
何文松