fix(config): 放宽签名验证与CORS放行逻辑

- 把允许时间差由20秒调到200秒，防止弱网重放失败 - 把nonce缓存过期由30秒延长到300秒，减少误拒 - 在SaToken放行列表里新增/user/sendVerifyMail，确保验证码接口无需登录 - 仅调整顺序与注释，无功能删减
2026-03-20 08:53:51 +08:00
parent e46ae429fd
commit b146e3a122
2 changed files with 3 additions and 2 deletions
--- a/src/main/java/com/yolo/keyborad/Interceptor/SignInterceptor.java
+++ b/src/main/java/com/yolo/keyborad/Interceptor/SignInterceptor.java
@@ -27,9 +27,9 @@ public class SignInterceptor implements HandlerInterceptor {
    private final StringRedisTemplate redisTemplate;

    // 允许时间误差 20秒
-    private static final long ALLOW_TIME_DIFF_SECONDS = 20;
+    private static final long ALLOW_TIME_DIFF_SECONDS = 200;
    // nonce 在 Redis 的有效期（建议比时间误差略长一点）
-    private static final long NONCE_EXPIRE_SECONDS = 30;
+    private static final long NONCE_EXPIRE_SECONDS = 300;

    public SignInterceptor(Map<String, String> appSecretMap,
                           StringRedisTemplate redisTemplate) {
--- a/src/main/java/com/yolo/keyborad/config/SaTokenConfigure.java
+++ b/src/main/java/com/yolo/keyborad/config/SaTokenConfigure.java
@@ -74,6 +74,7 @@ public class SaTokenConfigure implements WebMvcConfigurer {
                "/user/appleLogin",
                "/user/logout",
                "/tag/list",
+                "/user/sendVerifyMail",
                "/character/detail",
                "/user/login",
                "/user/verifyMailCode",