From 13e7f3439af58581303fd41aeaf629162a8aea4f Mon Sep 17 00:00:00 2001
From: zhenhui <1276357500@qq.com>
Date: Thu, 21 May 2026 15:20:24 +0800
Subject: [PATCH] =?UTF-8?q?1.=E4=BC=98=E5=8C=96=E6=8B=89=E5=8F=96=E5=85=AC?=
 =?UTF-8?q?=E5=91=8A=E5=88=97=E8=A1=A8=E6=8E=A5=E5=8F=A3/api/notice/notice?=
 =?UTF-8?q?List,=E4=B8=8D=E9=9C=80=E8=A6=81token=E9=89=B4=E6=9D=83?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/api/controller/Notice.php     | 10 ++++++++--
 docs/36字花-移动端接口设计草案.md |  2 ++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/app/api/controller/Notice.php b/app/api/controller/Notice.php
index bb31b29..ddea833 100644
--- a/app/api/controller/Notice.php
+++ b/app/api/controller/Notice.php
@@ -11,6 +11,11 @@ use support\Response;
 
 class Notice extends MobileBase
 {
+    /** 公告列表：公开接口，无需 auth-token / user-token */
+    protected array $noNeedLogin = ['noticeList'];
+
+    protected array $noNeedAuthToken = ['noticeList'];
+
     public function noticeList(Request $request): Response
     {
         $response = $this->initializeMobile($request);
@@ -32,8 +37,9 @@ class Notice extends MobileBase
             }
         }
         $readMap = [];
-        if ($popoutNoticeIds !== []) {
-            $readRows = UserNoticeRead::where('user_id', $this->auth->id)->whereIn('notice_id', $popoutNoticeIds)->column('notice_id');
+        $userId = ($this->auth && $this->auth->isLogin()) ? $this->auth->id : 0;
+        if ($userId > 0 && $popoutNoticeIds !== []) {
+            $readRows = UserNoticeRead::where('user_id', $userId)->whereIn('notice_id', $popoutNoticeIds)->column('notice_id');
             $readMap = array_flip($readRows);
         }
 
diff --git a/docs/36字花-移动端接口设计草案.md b/docs/36字花-移动端接口设计草案.md
index 9267635..9ae5359 100644
--- a/docs/36字花-移动端接口设计草案.md
+++ b/docs/36字花-移动端接口设计草案.md
@@ -14,6 +14,7 @@
   - `POST` 时请求头 `Content-Type: application/json`，参数放在 JSON body
   - `GET` 兼容模式下，参数走 URL query string
   - **例外**：公告模块 `/api/notice/noticeList`、`/api/notice/noticeConfirm` **仅支持 `GET`**，参数一律走 URL query string
+  - **公告列表免鉴权**：`GET /api/notice/noticeList` **无需** `auth-token`、`user-token`；若仍携带 `user-token` 则强弹窗项可返回该用户真实的 `is_read`
   - 鉴权类接口 `/api/v1/authToken` 仍为 `GET`
 - 时间：UTC 时间戳（秒） + 服务端时区配置
 - 金额：数字传输（如 `"100.00"`），客户端展示统一保留两位小数（存储仍为 `decimal(18,2)`）
@@ -714,6 +715,7 @@
 
 ### 6.1 拉取公告列表
 - **GET** `/api/notice/noticeList`
+- **鉴权**：无需 `auth-token`、`user-token`（公开接口）
 
 请求参数（query string）：
 - `page`：int（可选，默认 1）