From d145f3608d0a95543244ebbc310044219865e9df Mon Sep 17 00:00:00 2001 From: zhx Date: Thu, 25 Jun 2026 21:48:44 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=94=A8=E6=88=B7=E7=99=BB?= =?UTF-8?q?=E5=BD=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../gateway-service/internal/transport/http/middleware.go | 4 +++- .../gateway-service/internal/transport/http/response_test.go | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/services/gateway-service/internal/transport/http/middleware.go b/services/gateway-service/internal/transport/http/middleware.go index 84186b5d..693b2980 100644 --- a/services/gateway-service/internal/transport/http/middleware.go +++ b/services/gateway-service/internal/transport/http/middleware.go @@ -53,7 +53,9 @@ func (h *Handler) withAuth(jwtVerifier *auth.Verifier, next http.HandlerFunc) ht ctx := auth.WithClaims(request.Context(), claims) if claims.TokenType == auth.TokenTypePendingRegistration { if !pendingRegistrationAllowedPath(request.URL.Path) { - httpkit.WriteError(writer, request.WithContext(ctx), http.StatusForbidden, httpkit.CodeProfileRequired, "profile required") + // pending token 是“已验证三方身份但还不是用户”的注册态凭证;拒绝业务接口时不能返回 401/403, + // 否则旧 Flutter 会把它当认证失败触发 refresh,pending session 又没有 refresh token,最终清登录态。 + httpkit.WriteError(writer, request.WithContext(ctx), http.StatusPreconditionRequired, httpkit.CodeProfileRequired, "profile required") return } next.ServeHTTP(writer, request.WithContext(ctx)) diff --git a/services/gateway-service/internal/transport/http/response_test.go b/services/gateway-service/internal/transport/http/response_test.go index bf63a241..0f97e5a3 100644 --- a/services/gateway-service/internal/transport/http/response_test.go +++ b/services/gateway-service/internal/transport/http/response_test.go @@ -8565,7 +8565,7 @@ func TestPendingRegistrationTokenIsRejectedOutsideRegistrationWhitelist(t *testi router.ServeHTTP(recorder, request) - assertEnvelope(t, recorder, http.StatusForbidden, httpkit.CodeProfileRequired, "req-pending-denied") + assertEnvelope(t, recorder, http.StatusPreconditionRequired, httpkit.CodeProfileRequired, "req-pending-denied") } func TestProfileGateRejectsIncompleteUsersForRoomIMRTCPaidCapabilities(t *testing.T) {