Merge remote-tracking branch 'base-version/main' into dev

zt-gateway/src/main/java/com/zt/plat/gateway/filter/security/TokenAuthenticationFilter.java

@@ -44,6 +44,8 @@ public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
     private static final TypeReference<CommonResult<OAuth2AccessTokenCheckRespDTO>> CHECK_RESULT_TYPE_REFERENCE
             = new TypeReference<CommonResult<OAuth2AccessTokenCheckRespDTO>>() {};
 
+    private static final String ADMIN_DATABUS_PORTAL_PREFIX = "/admin-api/databus/api/portal";
+
     /**
      * 空的 LoginUser 的结果
      *
@@ -85,6 +87,13 @@ public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
         // 移除 login-user 的请求头，避免伪造模拟
         exchange = SecurityFrameworkUtils.removeLoginUser(exchange);
 
+        // API Portal 通过网关访问时无需认证，直接放行
+        String rawPath = exchange.getRequest().getURI().getRawPath();
+        if (rawPath != null && (rawPath.equals(ADMIN_DATABUS_PORTAL_PREFIX)
+                || rawPath.startsWith(ADMIN_DATABUS_PORTAL_PREFIX + "/"))) {
+            return chain.filter(exchange);
+        }
+
         // 情况一，如果没有 Token 令牌，则直接继续 filter
         String token = SecurityFrameworkUtils.obtainAuthorization(exchange);
         if (StrUtil.isEmpty(token)) {