tj

RuoYi-App/pages/novel/list.vue

@@ -167,11 +167,11 @@ export default {
         // 加载分类
     async loadCategories() {
       try {
-        // 公开API，不需要认证
-              const res = await this.$http.get('/category/tree', {}, {
-                header: { isToken: false } // 明确不携带token
+    // 使用正确的参数格式
+    const res = await this.$http.get('/category/tree', {
+      header: { isToken: false }
               });
-        this.categories = res?.data ? [{ id: 0, name: '全部' }, ...res.data] : [];
+        this.categories = res && res.data ? [{ id: 0, name: '全部' }, ...res.data] : [];
       } catch (e) {
         console.error('加载分类失败', e);
         this.categories = [{ id: 0, name: '全部' }];
@@ -181,21 +181,21 @@ export default {
     async loadHotNovels() {
       try {
       // 公开API，不需要认证
-      const res = await this.$http.get('/novel/hot', {}, {
-        header: { isToken: false } // 明确不携带token
+    const res = await this.$http.get('/novel/hot', {
+      header: { isToken: false }
       });
         // 处理响应
-        if (res?.data?.rows) {
+        if (res && res.data && res.data.rows) {
           this.hotNovels = res.data.rows;
-        } else if (Array.isArray(res?.data)) {
+        } else if (res && res.data && Array.isArray(res.data)) {
           this.hotNovels = res.data;
         } else {
           console.warn('热门小说API返回格式未知', res);
-          this.hotNovels = this.mockHotNovels; // 使用模拟数据
+          this.hotNovels = this.mockHotNovels;
         }
       } catch (e) {
         console.error('加载热门小说失败', e);
-        this.hotNovels = this.mockHotNovels; // 使用模拟数据
+        this.hotNovels = this.mockHotNovels;
       }
     },
     // 加载小说列表
@@ -205,11 +205,14 @@ export default {
       try {
         // 使用正确的请求方式
         //const res = await this.$http.get('/novel/list');
-         const res = await this.$http.get('/novel/list', {}, { header: { isToken: false } });
-        // 处理响应
-        if (res?.data?.rows) {
+    const res = await this.$http.get('/novel/list', {
+      header: { isToken: false }
+        });
+        
+        // 修复可选链操作符问题
+        if (res && res.data && res.data.rows) {
           this.novels = res.data.rows;
-        } else if (Array.isArray(res?.data)) {
+        } else if (res && res.data && Array.isArray(res.data)) {
           this.novels = res.data;
         } else {
           console.warn('小说列表API返回格式未知', res);
@@ -228,11 +231,16 @@ export default {
     async loadAds() {
       try {
         const [topRes, bottomRes] = await Promise.all([
-          this.$http.get('/ad/position?code=TOP_BANNER', {}, { header: { isToken: false } }),
-          this.$http.get('/ad/position?code=BOTTOM_BANNER', {}, { header: { isToken: false } })
+      this.$http.get('/ad/position?code=TOP_BANNER', {
+        header: { isToken: false }
+      }),
+      this.$http.get('/ad/position?code=BOTTOM_BANNER', {
+        header: { isToken: false }
+      })
         ]);
-        this.topAds = topRes?.data || topRes || [];
-        this.bottomAds = bottomRes?.data || bottomRes || [];
+        
+        this.topAds = topRes && topRes.data ? topRes.data : [];
+        this.bottomAds = bottomRes && bottomRes.data ? bottomRes.data : [];
       } catch (e) {
         console.error('加载广告失败', e);
       }

RuoYi-App/utils/auth.js

@@ -10,9 +10,12 @@ export function setToken(token) {
 	  // 同时设置到uni和localStorage确保兼容性
 	  uni.setStorageSync('token', token);
 	  localStorage.setItem('token', token);
-  return uni.setStorageSync('token', token)
+  //return uni.setStorageSync('token', token)
 }
 
 export function removeToken() {
-  return uni.removeStorageSync(TokenKey)
+  // 同时清除 uni-app 存储和 localStorage
+  uni.removeStorageSync('token');
+  localStorage.removeItem('token');
+  //return uni.removeStorageSync(TokenKey)
 }

RuoYi-App/utils/request.js

@@ -1,69 +1,66 @@
 // src/utils/request.js
 import config from '@/config'
-import { getToken } from '@/utils/auth'
+import { getToken, removeToken } from '@/utils/auth'
 import { toast, showConfirm, tansParams } from '@/utils/common'
 
-const baseUrl = config.baseUrl
-let timeout = 10000
-
-const request = (configObj) => {  // 重命名参数为 configObj
-  // 确保传入的配置对象有效
-  configObj = configObj || {}
+// 移除对 store 的依赖
+const request = (configObj = {}) => {
+  // 确保配置对象有效
   configObj.header = configObj.header || {}
   
-  // 处理 token
-  const token = getToken()
-  // 只有存在token且未明确禁止携带token时才添加
+  // 获取token - 只从本地存储获取
+  const token = getToken() || ''
+  
+  // 仅当token存在且未明确禁止时才添加
   if (token && configObj.header.isToken !== false) {
     configObj.header['Authorization'] = 'Bearer ' + token
   } else if (!token) {
-    console.warn('请求未携带Token:', configObj.url)
+    console.log('请求未携带Token: 未登录状态访问公开API', configObj.url)
   }
-
   
-  // GET 请求参数处理
-  if (configObj.params) {
-    let url = configObj.url + '?' + tansParams(configObj.params)
-    url = url.slice(0, -1)
-    configObj.url = url
+  // 完整URL处理
+  let fullUrl = configObj.url
+  if (!fullUrl.startsWith('http')) {
+    fullUrl = (configObj.baseUrl || config.baseUrl || '') + fullUrl
   }
   
   return new Promise((resolve, reject) => {
     uni.request({
       method: configObj.method || 'get',
-      timeout: configObj.timeout || timeout,
-      url: (configObj.baseUrl || baseUrl) + configObj.url,
+      url: fullUrl,
       data: configObj.data,
       header: configObj.header,
-      dataType: 'json',
       success: (res) => {
         // 处理401认证失败
         if (res.statusCode === 401) {
-          // 更友好的错误处理
-          const errorMsg = res.data?.msg || '认证失败，请重新登录';
-          console.warn('认证失败:', configObj.url, errorMsg);
-          
-          // 显示提示但不强制跳转
-          toast(errorMsg);
+          const errorMsg = res.data?.msg || '认证失败，请重新登录'
+          console.warn('认证失败:', configObj.url, errorMsg)
           
           // 清除无效token
-          if (token) {
-            uni.removeStorageSync('token');
-            localStorage.removeItem('token');
-          }
+          removeToken()
           
-          reject(new Error(errorMsg));
-        } else if (res.statusCode === 200) {
-          resolve(res.data);
-        } else {
-          reject(res.data);
+          // 显示登录提示
+          toast(errorMsg)
+          
+          // 跳转到登录页面
+          uni.navigateTo({ url: '/pages/login' })
+          
+          reject(new Error(errorMsg))
+        } 
+        // 处理其他成功响应
+        else if (res.statusCode >= 200 && res.statusCode < 300) {
+          resolve(res.data)
+        } 
+        // 处理其他错误
+        else {
+          const errorMsg = res.data?.msg || `请求失败 (${res.statusCode})`
+          toast(errorMsg)
+          reject(new Error(errorMsg))
         }
       },
       fail: (err) => {
-        let message = '后端接口连接异常'
-        if (err.errMsg.includes('timeout')) {
-          message = '请求超时'
-        }
+        let message = '网络连接异常'
+        if (err.errMsg.includes('timeout')) message = '请求超时'
         toast(message)
         reject(err)
       }

RuoYi-App/vue.config.js

@@ -8,10 +8,7 @@ module.exports = {
       '/': {
         target: 'http://localhost:8080',
         changeOrigin: true,
-        pathRewrite: {
-          '^/api': '', // 移除多余的/api前缀
-          '^/': '' 
-        }
+		logLevel: 'debug' // 添加调试日志
       }
     }
   }

RuoYi-Vue/ruoyi-admin/src/main/resources/application.yml

@@ -200,3 +200,9 @@ app:
     secret: your-very-strong-secret-key-here # 至少32位随机字符串
     expiration: 86400000 # 令牌过期时间（毫秒），默认24小时
     header: Authorization # 请求头名称
+permit-all:
+  urls:
+    - /druid/**
+    - /swagger-ui/**
+    - /v3/api-docs/**
+    - /webjars/**

RuoYi-Vue/ruoyi-framework/src/main/java/com/ruoyi/framework/config/CorsConfig.java

@@ -0,0 +1,19 @@
+package com.ruoyi.framework.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class CorsConfig implements WebMvcConfigurer {
+    @Override
+    public void addCorsMappings(CorsRegistry registry) {
+        registry.addMapping("/**")
+                // 使用 allowedOriginPatterns 替代 allowedOrigins
+                .allowedOriginPatterns("http://localhost:9090")
+                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+                .allowedHeaders("*")
+                .allowCredentials(true)
+                .maxAge(3600);
+    }
+}

RuoYi-Vue/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java

@@ -15,6 +15,9 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.logout.LogoutFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
 import com.ruoyi.framework.config.properties.PermitAllUrlProperties;
 import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter;
@@ -23,7 +26,7 @@ import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl;
 
 /**
  * spring security配置
- * 
+ *
  * @author ruoyi
  */
 @EnableMethodSecurity(prePostEnabled = true, securedEnabled = true)
@@ -35,7 +38,7 @@ public class SecurityConfig
      */
     @Autowired
     private UserDetailsService userDetailsService;
-    
+
     /**
      * 认证失败处理类
      */
@@ -53,7 +56,7 @@ public class SecurityConfig
      */
     @Autowired
     private JwtAuthenticationTokenFilter authenticationTokenFilter;
-    
+
     /**
      * 跨域过滤器
      */
@@ -94,54 +97,72 @@ public class SecurityConfig
      * authenticated       |   用户登录后可访问
      */
     @Bean
-    protected SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception
-    {
-        return httpSecurity
-            // CSRF禁用，因为不使用session
-            .csrf(csrf -> csrf.disable())
-            // 禁用HTTP响应标头
-            .headers((headersCustomizer) -> {
-                headersCustomizer.cacheControl(cache -> cache.disable()).frameOptions(options -> options.sameOrigin());
-            })
-            // 认证失败处理类
-            .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
-            // 基于token，所以不需要session
-            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-            // 注解标记允许匿名访问的url
-            .authorizeHttpRequests((requests) -> {
-                permitAllUrl.getUrls().forEach(url -> requests.antMatchers(url).permitAll());
-                // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                requests.antMatchers("/login", "/register", "/captchaImage").permitAll()
-                    // 静态资源，可匿名访问
-                    .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
-                    .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
-                    // 除上面外的所有请求全部需要鉴权认证
-                    .anyRequest().authenticated();
-            })
-            // 添加Logout filter
-            .logout(logout -> logout.logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler))
-            // 添加JWT filter
-            .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class)
-            // 添加CORS filter
-            .addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class)
-            .addFilterBefore(corsFilter, LogoutFilter.class)
-            .build();
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        // 添加公开API到白名单
+        permitAllUrl.getUrls().add("/category/**");
+        permitAllUrl.getUrls().add("/novel/**");
+        permitAllUrl.getUrls().add("/ad/**");
+        permitAllUrl.getUrls().add("/swagger-ui/**");
+        permitAllUrl.getUrls().add("/v3/api-docs/**");
+
+        http
+                // 禁用CSRF
+                .csrf(csrf -> csrf.disable())
+                // 设置CORS配置
+                .cors(cors -> cors.configurationSource(corsConfigurationSource()))
+                // 异常处理
+                .exceptionHandling(exception ->
+                        exception.authenticationEntryPoint(unauthorizedHandler)
+                )
+                // 无状态会话
+                .sessionManagement(session ->
+                        session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                )
+                // 权限配置
+                .authorizeHttpRequests(auth -> auth
+                        .antMatchers(permitAllUrl.getUrls().toArray(new String[0])).permitAll()
+                        .antMatchers("/login", "/register", "/captchaImage").permitAll()
+                        .antMatchers(HttpMethod.GET,
+                                "/",
+                                "/*.html",
+                                "/**/*.html",
+                                "/**/*.css",
+                                "/**/*.js",
+                                "/profile/**"
+                        ).permitAll()
+                        .antMatchers(
+                                "/swagger-ui.html",
+                                "/swagger-resources/**",
+                                "/webjars/**",
+                                "/*/api-docs",
+                                "/druid/**"
+                        ).permitAll()
+                        .anyRequest().authenticated()
+                )
+                // 登出配置
+                .logout(logout ->
+                        logout.logoutUrl("/logout")
+                                .logoutSuccessHandler(logoutSuccessHandler)
+                )
+                // 添加JWT过滤器
+                .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class)
+                // 添加CORS过滤器
+                .addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);
+
+        return http.build();
     }
-    // SecurityConfig.java
 
+    // CORS配置
+    private CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.addAllowedOrigin("*"); // 允许所有来源
+        configuration.addAllowedMethod("*"); // 允许所有方法
+        configuration.addAllowedHeader("*"); // 允许所有头部
+        configuration.setAllowCredentials(true); // 允许凭证
 
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-                .authorizeRequests()
-                // 放行公共API
-                .antMatchers("/novel/list").permitAll()
-                .antMatchers("/category/tree").permitAll()
-                .antMatchers("/novel/hot").permitAll()
-                .antMatchers("/ad/position").permitAll()
-                // 其他请求需要认证
-                .anyRequest().authenticated()
-                .and()
-                .csrf().disable();
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
     }
     /**
      * 强散列哈希加密实现

RuoYi-Vue/ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/PermitAllUrlProperties.java

@@ -9,6 +9,7 @@ import java.util.regex.Pattern;
 import org.apache.commons.lang3.RegExUtils;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.context.annotation.Configuration;
@@ -24,6 +25,7 @@ import com.ruoyi.common.annotation.Anonymous;
  * @author ruoyi
  */
 @Configuration
+@ConfigurationProperties(prefix = "permit-all")
 public class PermitAllUrlProperties implements InitializingBean, ApplicationContextAware
 {
     private static final Pattern PATTERN = Pattern.compile("\\{(.*?)\\}");

RuoYi-Vue/ruoyi-system/src/main/java/com/ruoyi/novel/domain/NovelCategory.java

@@ -3,6 +3,7 @@ import com.baomidou.mybatisplus.annotation.TableField;
 import com.baomidou.mybatisplus.annotation.IdType;
 import com.baomidou.mybatisplus.annotation.TableId;
 import com.baomidou.mybatisplus.annotation.TableName;
+import com.fasterxml.jackson.annotation.JsonInclude;
 import lombok.Data;
 
 import java.text.SimpleDateFormat;
@@ -33,6 +34,7 @@ public class NovelCategory {
     private String templateFilter;
     private String link;
     @TableField("create_time")
+    @JsonInclude(JsonInclude.Include.NON_NULL) // 忽略null字段
     private Integer createTime;
     @TableField("update_time")
     private Integer updateTime;