feat: update url auth pattern

api/src/main/java/com/databasir/api/Routes.java

@@ -105,7 +105,7 @@ public interface Routes {
 
         String REFRESH_ACCESS_TOKEN = "/access_tokens";
 
-        String LOGIN_INFO = "/login_info";
+        String LOGIN_INFO = BASE + "/login_info";
 
     }
 

api/src/main/java/com/databasir/api/config/SecurityConfig.java

@@ -44,14 +44,20 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                 .successHandler(databasirAuthenticationSuccessHandler)
                 .and()
                 .authorizeRequests()
-                .antMatchers("/login", Routes.Login.REFRESH_ACCESS_TOKEN).permitAll()
+                // 登录和 Token 刷新无需授权
-                .antMatchers("/oauth2/apps", "/oauth2/failure", "/oauth2/authorization/*",
+                .antMatchers("/login", Routes.Login.REFRESH_ACCESS_TOKEN)
-                        "/oauth2/login/*", "/login/oauth2/*")
                 .permitAll()
-                .antMatchers("/", "/*.html", "/js/**", "/css/**", "/img/**", "/*.ico").permitAll()
+                // oauth 回调地址无需鉴权
-                .anyRequest().authenticated()
+                .antMatchers("/oauth2/apps", "/oauth2/authorization/*", "/oauth2/login/*")
+                .permitAll()
+                // 静态资源无需鉴权
+                .antMatchers("/", "/*.html", "/js/**", "/css/**", "/img/**", "/*.ico")
+                .permitAll()
+                // api 请求需要授权
+                .antMatchers("/api/**").authenticated()
                 .and()
-                .exceptionHandling().authenticationEntryPoint(databasirAuthenticationEntryPoint);
+                .exceptionHandling()
+                .authenticationEntryPoint(databasirAuthenticationEntryPoint);
 
         http.addFilterBefore(
                 databasirJwtTokenFilter,