fix: 修复图片上传回显、登录认证和API路径问题

- 修复上传图片响应解析，正确处理 Arco Upload 返回的 response 对象 - 修复后端 AuthInterceptor 路径匹配，正确放行 /api/auth/login 等公开接口 - 统一前端 API 路径配置，移除重复 /api 前缀 - 添加 /uploads 静态资源代理配置 - 修复图片 URL 生成，添加 origin 前缀确保回显正常
2026-02-11 09:10:29 +08:00
parent 17e9a5b42b
commit 1df27d3a23
8 changed files with 120 additions and 82 deletions
--- a/backend/src/main/java/com/maternalmall/config/AuthInterceptor.java
+++ b/backend/src/main/java/com/maternalmall/config/AuthInterceptor.java
@@ -9,7 +9,8 @@ import org.springframework.http.HttpMethod;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerInterceptor;

-import java.util.Set;
+import java.util.Arrays;
+import java.util.List;

@Component
 public class AuthInterceptor implements HandlerInterceptor {
@@ -18,7 +19,7 @@ public class AuthInterceptor implements HandlerInterceptor {
    @Value("${app.token-header:X-Token}")
    private String tokenHeader;

-    private static final Set<String> PUBLIC_PREFIX = Set.of(
+    private static final java.util.List<String> PUBLIC_PATHS = java.util.Arrays.asList(
            "/api/auth/login",
            "/api/auth/register",
            "/api/public"
@@ -37,17 +38,23 @@ public class AuthInterceptor implements HandlerInterceptor {
        }

        String uri = request.getRequestURI();
-        if (uri.equals("/") || uri.startsWith("/error") || PUBLIC_PREFIX.stream().anyMatch(uri::startsWith)) {
+        String contextPath = request.getContextPath();
+        String path = contextPath.isEmpty() ? uri : uri.substring(contextPath.length());
+        
+        if (uri.equals("/") || uri.startsWith("/error") || 
+            PUBLIC_PATHS.stream().anyMatch(p -> path.equals(p) || path.startsWith(p + "/") || path.startsWith(p + "?"))) {
            return true;
        }
        String token = request.getHeader(tokenHeader);
        if (token == null || token.isBlank()) {
+            response.setContentType("application/json;charset=UTF-8");
            response.setStatus(401);
            response.getWriter().write("{\"code\":401,\"message\":\"请先登录\",\"data\":null}");
            return false;
        }
        User user = userRepository.findByToken(token).orElse(null);
        if (user == null || !Boolean.TRUE.equals(user.getEnabled())) {
+            response.setContentType("application/json;charset=UTF-8");
            response.setStatus(401);
            response.getWriter().write("{\"code\":401,\"message\":\"登录状态无效\",\"data\":null}");
            return false;
--- a/backend/src/main/java/com/maternalmall/controller/FileUploadController.java
+++ b/backend/src/main/java/com/maternalmall/controller/FileUploadController.java
@@ -22,7 +22,7 @@ public class FileUploadController {
    @Value("${app.upload-url-prefix:/uploads}")
    private String uploadUrlPrefix;

-    @PostMapping("/upload")
+    @PostMapping("/upload/file")
    public ApiResponse<String> uploadFile(@RequestParam("file") MultipartFile file) {
        if (file.isEmpty()) {
            return ApiResponse.fail("请选择要上传的文件", String.class);
--- a/backend/src/main/resources/application.yml
+++ b/backend/src/main/resources/application.yml
@@ -15,6 +15,11 @@ spring:
        format_sql: true
  jackson:
    time-zone: Asia/Shanghai
+  servlet:
+    multipart:
+      max-file-size: 10MB
+      max-request-size: 100MB

 app:
  token-header: X-Token
+  upload-path: /Users/apple/code/bs/mying/backend/uploads