Update CORS configuration in SecurityConfig to enable custom settings

2025-08-24 15:54:44 +08:00
parent c65c03b933
commit 51d6319121
5 changed files with 53 additions and 1 deletions
--- a/src/main/java/com/gameplatform/server/config/CorsConfig.java
+++ b/src/main/java/com/gameplatform/server/config/CorsConfig.java
@@ -0,0 +1,27 @@
+package com.gameplatform.server.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.reactive.CorsWebFilter;
+import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
+
+@Configuration
+public class CorsConfig {
+
+    @Bean
+    public CorsWebFilter corsWebFilter() {
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowCredentials(true);
+        // 使用模式以允许携带凭证时的通配来源
+        config.addAllowedOriginPattern("*");
+        config.addAllowedHeader("*");
+        config.addAllowedMethod("*");
+        config.setMaxAge(3600L);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+        return new CorsWebFilter(source);
+    }
+}
+
--- a/src/main/java/com/gameplatform/server/security/SecurityConfig.java
+++ b/src/main/java/com/gameplatform/server/security/SecurityConfig.java
@@ -18,7 +18,7 @@ public class SecurityConfig {
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        return http
                .csrf(ServerHttpSecurity.CsrfSpec::disable)
-                .cors(ServerHttpSecurity.CorsSpec::disable)
+                .cors(cors -> {})
                .httpBasic(ServerHttpSecurity.HttpBasicSpec::disable)
                .formLogin(ServerHttpSecurity.FormLoginSpec::disable)
                .authorizeExchange(ex -> ex
--- a/target/classes/com/gameplatform/server/mapper/account/UserAccountMapper.class
+++ b/target/classes/com/gameplatform/server/mapper/account/UserAccountMapper.class
--- a/target/classes/com/gameplatform/server/model/entity/account/UserAccount.class
+++ b/target/classes/com/gameplatform/server/model/entity/account/UserAccount.class
--- a/target/classes/mapper/account/UserAccountMapper.xml
+++ b/target/classes/mapper/account/UserAccountMapper.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.gameplatform.server.mapper.account.UserAccountMapper">
+    <resultMap id="UserAccountMap" type="com.gameplatform.server.model.entity.account.UserAccount">
+        <id property="id" column="id" />
+        <result property="userType" column="user_type" />
+        <result property="username" column="username" />
+        <result property="displayName" column="display_name" />
+        <result property="passwordHash" column="password_hash" />
+        <result property="role" column="role" />
+        <result property="status" column="status" />
+        <result property="pointsBalance" column="points_balance" />
+        <result property="createdAt" column="created_at" />
+        <result property="updatedAt" column="updated_at" />
+    </resultMap>
+
+    <select id="findByUsernameAndType" resultMap="UserAccountMap">
+        SELECT id, user_type, username, display_name, password_hash, role, status, points_balance, created_at, updated_at
+        FROM user_account
+        WHERE username = #{username}
+          AND user_type = #{userType}
+        LIMIT 1
+    </select>
+</mapper>
+