From b146e3a1221e8783e16738e37a0d90e123eb6c02 Mon Sep 17 00:00:00 2001 From: ziin Date: Fri, 20 Mar 2026 08:53:51 +0800 Subject: [PATCH] =?UTF-8?q?fix(config):=20=E6=94=BE=E5=AE=BD=E7=AD=BE?= =?UTF-8?q?=E5=90=8D=E9=AA=8C=E8=AF=81=E4=B8=8ECORS=E6=94=BE=E8=A1=8C?= =?UTF-8?q?=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 把允许时间差由20秒调到200秒,防止弱网重放失败 - 把nonce缓存过期由30秒延长到300秒,减少误拒 - 在SaToken放行列表里新增/user/sendVerifyMail,确保验证码接口无需登录 - 仅调整顺序与注释,无功能删减 --- .../java/com/yolo/keyborad/Interceptor/SignInterceptor.java | 4 ++-- src/main/java/com/yolo/keyborad/config/SaTokenConfigure.java | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/yolo/keyborad/Interceptor/SignInterceptor.java b/src/main/java/com/yolo/keyborad/Interceptor/SignInterceptor.java index 0830808..c17e536 100644 --- a/src/main/java/com/yolo/keyborad/Interceptor/SignInterceptor.java +++ b/src/main/java/com/yolo/keyborad/Interceptor/SignInterceptor.java @@ -27,9 +27,9 @@ public class SignInterceptor implements HandlerInterceptor { private final StringRedisTemplate redisTemplate; // 允许时间误差 20秒 - private static final long ALLOW_TIME_DIFF_SECONDS = 20; + private static final long ALLOW_TIME_DIFF_SECONDS = 200; // nonce 在 Redis 的有效期(建议比时间误差略长一点) - private static final long NONCE_EXPIRE_SECONDS = 30; + private static final long NONCE_EXPIRE_SECONDS = 300; public SignInterceptor(Map appSecretMap, StringRedisTemplate redisTemplate) { diff --git a/src/main/java/com/yolo/keyborad/config/SaTokenConfigure.java b/src/main/java/com/yolo/keyborad/config/SaTokenConfigure.java index 74fabcc..3ab12ec 100644 --- a/src/main/java/com/yolo/keyborad/config/SaTokenConfigure.java +++ b/src/main/java/com/yolo/keyborad/config/SaTokenConfigure.java @@ -74,6 +74,7 @@ public class SaTokenConfigure implements WebMvcConfigurer { "/user/appleLogin", "/user/logout", "/tag/list", + "/user/sendVerifyMail", "/character/detail", "/user/login", "/user/verifyMailCode",