Skip to content

fix: exclude resource/download ssoInterceptor #289

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hexqi merged 3 commits into from
Jan 30, 2026
Merged

fix: exclude resource/download ssoInterceptor #289

hexqi merged 3 commits into from
Jan 30, 2026

Conversation

@msslulu
Copy link
Contributor

@msslulu msslulu commented Jan 20, 2026
edited by coderabbitai bot
Loading

English | 简体中文

PR

PR Checklist

Please check if your PR fulfills the following requirements:

  • The commit message follows our Commit Message Guidelines
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)
  • Built its own designer, fully self-validated

PR Type

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Documentation content changes
  • Other... Please describe:

Background and solution

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Does this PR introduce a breaking change?

  • Yes
  • No

Other information

Summary by CodeRabbit

  • Bug Fixes
    • Updated authentication configuration to allow direct access to material center resource downloads (restoring uninterrupted download of image and file resources). No other user-facing behavior changed.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link

coderabbitai bot commented Jan 20, 2026
edited
Loading

Walkthrough

Added "/material-center/api/resource/download/*" to the SSO interceptor exclusion list in LoginConfig alongside an existing chat completions exclusion; no signature or control-flow changes.

Changes

Cohort / File(s) Summary
SSO Interceptor Configuration
base/src/main/java/com/tinyengine/it/login/config/LoginConfig.java		 Added "/material-center/api/resource/download/*" to excludePathPatterns alongside "/app-center/api/chat/completions"; comment 图片文件资源下载 present.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 I hop the path where downloads play,
Quiet leaves of data on display,
A gentle skip, the gate swings wide,
Materials gather at my side,
I twitch my nose and dance with pride.

🚥 Pre-merge checks | ✅ 2 | ❌ 1
❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly indicates the main change: excluding a resource/download path from ssoInterceptor, which directly matches the code modification shown in the raw summary.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Tip

🧪 Unit Test Generation v2 is now available!

We have significantly improved our unit test generation capabilities.

To enable: Add this to your .coderabbit.yaml configuration:

reviews:
  finishing_touches:
    unit_tests:
      enabled: true

Try it out by using the @coderabbitai generate unit tests command on your code files or under ✨ Finishing Touches on the walkthrough!

Have feedback? Share your thoughts on our Discord thread!

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Jan 20, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Fix all issues with AI agents 
In `@base/src/main/java/com/tinyengine/it/login/config/LoginConfig.java`:
- Around line 45-46: LoginConfig currently whitelists
"/material-center/api/resource/download/*", making downloads publicly
accessible; confirm whether that is intentional. If it is intentional, document
the decision by adding a clear comment and/or configuration flag (e.g.,
allowPublicResourceDownloads) near the whitelist in LoginConfig and add a
unit/integration test that verifies public access; if it is NOT intentional,
remove "/material-center/api/resource/download/*" from the whitelist (or move it
behind SSO enforcement) so the download endpoints require authentication.

hexqi
hexqi previously approved these changes Jan 21, 2026
View reviewed changes
@hexqi hexqi added this to the v2.10.0 milestone Jan 29, 2026
hexqi
hexqi reviewed Jan 29, 2026
View reviewed changes
@hexqi hexqi merged commit 4222f27 into opentiny:develop Jan 30, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@hexqi hexqi hexqi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v2.10.0

Development

Successfully merging this pull request may close these issues.

2 participants

@msslulu @hexqi