From 55918a0b88995f3b342e05853fedadf90d88d9f3 Mon Sep 17 00:00:00 2001 From: huang Date: Fri, 20 Mar 2026 18:01:12 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=20C=20=E7=AB=AF?= =?UTF-8?q?=E5=85=AC=E5=BC=80=E8=B7=AF=E7=94=B1=E8=A2=AB=E8=AE=A4=E8=AF=81?= =?UTF-8?q?=E4=B8=AD=E9=97=B4=E4=BB=B6=E6=8B=A6=E6=88=AA=E7=9A=84=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fiber 的 Group.Use() 在路由表中注册全局 USE 处理器,不区分 Group 对象。 原代码先调用 authProtectedGroup.Use() 再注册公开路由,导致 verify-asset、 wechat-login、miniapp-login、send-code 四个无需认证的接口被拦截返回 1004。 修复方式:公开路由直接注册在 router 上且在任何 Use() 之前, 利用 Fiber 按注册顺序匹配的机制确保公开路由优先命中。 --- internal/routes/personal.go | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/internal/routes/personal.go b/internal/routes/personal.go index 4c5a00b..521fab4 100644 --- a/internal/routes/personal.go +++ b/internal/routes/personal.go @@ -12,13 +12,16 @@ import ( // RegisterPersonalCustomerRoutes 注册个人客户路由 // 路由挂载在 /api/c/v1 下 +// +// 重要:Fiber 的 Group.Use() 会在路由表中注册全局 USE 处理器, +// 匹配该前缀下的所有请求(不区分 Group 对象)。 +// 因此公开路由必须在任何 Use() 调用之前注册,利用 Fiber 按注册顺序匹配的机制, +// 确保公开路由优先命中并直接返回,不会被后续的认证中间件拦截。 func RegisterPersonalCustomerRoutes(router fiber.Router, doc *openapi.Generator, basePath string, handlers *bootstrap.Handlers, personalAuthMiddleware *middleware.PersonalAuthMiddleware) { authBasePath := "/auth" - authPublicGroup := router.Group(authBasePath) - authProtectedGroup := router.Group(authBasePath) - authProtectedGroup.Use(personalAuthMiddleware.Authenticate()) - Register(authPublicGroup, doc, basePath+authBasePath, "POST", "/verify-asset", handlers.ClientAuth.VerifyAsset, RouteSpec{ + // === 公开路由(无需认证)=== + Register(router, doc, basePath, "POST", authBasePath+"/verify-asset", handlers.ClientAuth.VerifyAsset, RouteSpec{ Summary: "资产验证", Tags: []string{"个人客户 - 认证"}, Auth: false, @@ -26,7 +29,7 @@ func RegisterPersonalCustomerRoutes(router fiber.Router, doc *openapi.Generator, Output: &dto.VerifyAssetResponse{}, }) - Register(authPublicGroup, doc, basePath+authBasePath, "POST", "/wechat-login", handlers.ClientAuth.WechatLogin, RouteSpec{ + Register(router, doc, basePath, "POST", authBasePath+"/wechat-login", handlers.ClientAuth.WechatLogin, RouteSpec{ Summary: "公众号登录", Tags: []string{"个人客户 - 认证"}, Auth: false, @@ -34,7 +37,7 @@ func RegisterPersonalCustomerRoutes(router fiber.Router, doc *openapi.Generator, Output: &dto.WechatLoginResponse{}, }) - Register(authPublicGroup, doc, basePath+authBasePath, "POST", "/miniapp-login", handlers.ClientAuth.MiniappLogin, RouteSpec{ + Register(router, doc, basePath, "POST", authBasePath+"/miniapp-login", handlers.ClientAuth.MiniappLogin, RouteSpec{ Summary: "小程序登录", Tags: []string{"个人客户 - 认证"}, Auth: false, @@ -42,7 +45,7 @@ func RegisterPersonalCustomerRoutes(router fiber.Router, doc *openapi.Generator, Output: &dto.WechatLoginResponse{}, }) - Register(authPublicGroup, doc, basePath+authBasePath, "POST", "/send-code", handlers.ClientAuth.SendCode, RouteSpec{ + Register(router, doc, basePath, "POST", authBasePath+"/send-code", handlers.ClientAuth.SendCode, RouteSpec{ Summary: "发送验证码", Tags: []string{"个人客户 - 认证"}, Auth: false, @@ -50,6 +53,10 @@ func RegisterPersonalCustomerRoutes(router fiber.Router, doc *openapi.Generator, Output: &dto.ClientSendCodeResponse{}, }) + // === 需要认证的 auth 路由 === + authProtectedGroup := router.Group(authBasePath) + authProtectedGroup.Use(personalAuthMiddleware.Authenticate()) + Register(authProtectedGroup, doc, basePath+authBasePath, "POST", "/bind-phone", handlers.ClientAuth.BindPhone, RouteSpec{ Summary: "绑定手机号", Tags: []string{"个人客户 - 认证"},