fix: harden learning auth flow

2026-04-01 10:33:02 +08:00
parent 923302ca78
commit 90e12c26c7
6 changed files with 111 additions and 68 deletions
--- a/src/main/java/com/example/demo/security/LearningRoutePolicy.java
+++ b/src/main/java/com/example/demo/security/LearningRoutePolicy.java
@@ -0,0 +1,30 @@
+package com.example.demo.security;
+
+public final class LearningRoutePolicy {
+
+    private LearningRoutePolicy() {
+    }
+
+    public static boolean isProtectedPage(String uri) {
+        return "/".equals(uri)
+            || "/home".equals(uri)
+            || "/index.html".equals(uri)
+            || "/users.html".equals(uri)
+            || "/aop.html".equals(uri)
+            || "/events.html".equals(uri);
+    }
+
+    public static boolean isProtectedApi(String uri) {
+        return uri.startsWith("/api/secure/")
+            || uri.equals("/api/users")
+            || uri.startsWith("/api/users/")
+            || "/aop".equals(uri)
+            || uri.startsWith("/aop/")
+            || uri.startsWith("/api/lab/")
+            || isLearnRoute(uri);
+    }
+
+    public static boolean isLearnRoute(String uri) {
+        return "/learn".equals(uri) || uri.startsWith("/learn/");
+    }
+}