feat: OpenAPI 接口支持读取 Spring Security 白名单路径并跳过 Authorization 头，优化 Ant 风格路径匹配

src/main/java/com/youlai/boot/config/OpenApiConfig.java

@@ -16,6 +16,7 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.env.Environment;
 import org.springframework.http.HttpHeaders;
+import org.springframework.util.AntPathMatcher;
 
 import java.util.stream.Stream;
 
@@ -85,7 +86,9 @@ public class OpenApiConfig {
                     // 忽略认证的请求无需携带 Authorization
                     String[] ignoreUrls = securityProperties.getIgnoreUrls();
                     if (ArrayUtil.isNotEmpty(ignoreUrls)) {
-                        if (Stream.of(ignoreUrls).anyMatch(path::equals)) {
+                        // Ant 匹配忽略的路径，不添加Authorization
+                        AntPathMatcher antPathMatcher = new AntPathMatcher();
+                        if (Stream.of(ignoreUrls).anyMatch(ignoreUrl -> antPathMatcher.match(ignoreUrl, path))) {
                             return;
                         }
                     }

src/main/resources/application-dev.yml

@@ -10,8 +10,8 @@ spring:
   datasource:
     type: com.alibaba.druid.pool.DruidDataSource
     driver-class-name: com.mysql.cj.jdbc.Driver
-    url: jdbc:mysql://localhost:3306/youlai_boot?zeroDateTimeBehavior=convertToNull&useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai&autoReconnect=true&allowMultiQueries=true
+    url: jdbc:mysql://www.youlai.tech:3306/youlai_boot?zeroDateTimeBehavior=convertToNull&useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai&autoReconnect=true&allowMultiQueries=true
-    username: root
+    username: youlai
     password: 123456
   data:
     redis:
@@ -87,8 +87,7 @@ security:
     refresh-token-time-to-live: 604800
   # 无需认证的请求路径
   ignore-urls:
-    - /api/v1/auth/login          # 用户登录接口
+    - /api/v1/auth/login/**       # 登录接口(账号密码登录、手机验证码登录和微信登录)
-    - /api/v1/auth/wechat-login   # 微信登录接口
     - /api/v1/auth/captcha        # 验证码获取接口
     - /api/v1/auth/refresh-token  # 刷新令牌接口
     - /ws/**                      # WebSocket接口
@@ -145,14 +144,14 @@ sms:
       register: SMS_22xxx771
       # 登录短信验证码模板
       login: SMS_22xxx772
-      # 修改密码短信验证码模板
+      # 修改手机号短信验证码模板
-      reset-password: SMS_22xxx773
+      change-mobile: SMS_22xxx773
 
 # springdoc配置： https://springdoc.org/properties.html
 springdoc:
   swagger-ui:
     path: /swagger-ui.html
-    operationsSorter: alpha
+    operations-sorter: alpha
     tags-sorter: alpha
   api-docs:
     path: /v3/api-docs

src/main/resources/application-prod.yml

@@ -86,8 +86,7 @@ security:
     refresh-token-time-to-live: 604800
   # 无需认证的请求路径
   ignore-urls:
-    - /api/v1/auth/login          # 用户登录接口
+    - /api/v1/auth/login/**       # 登录接口(账号密码登录、手机验证码登录和微信登录)
-    - /api/v1/auth/wechat-login   # 微信登录接口
     - /api/v1/auth/captcha        # 验证码获取接口
     - /api/v1/auth/refresh-token  # 刷新令牌接口
     - /ws/**                      # WebSocket接口
@@ -138,13 +137,13 @@ sms:
     domain: dysmsapi.aliyuncs.com
     regionId: cn-shanghai
     signName: 有来技术
-    templateCodes:
+    templates:
-      # 注册（预留）
+      #  注册短信验证码模板
       register: SMS_22xxx771
-      # 登录（预留）
+      # 登录短信验证码模板
       login: SMS_22xxx772
-      # 修改密码
+      # 修改手机号短信验证码模板
-      changePassword: SMS_22xxx773
+      change-mobile: SMS_22xxx773
 
 # springdoc配置： https://springdoc.org/properties.html
 springdoc: