feat: 增加开发模式 URL 免登录
- 新增 dev-only 且仅限本机访问的 admin 免登入口 - 管理端支持通过 ?devLogin=admin 自动换取登录态并清理 URL 参数 - 删除未受保护的临时 token 接口并补充关键单测
This commit is contained in:
@@ -0,0 +1,37 @@
|
||||
package tech.easyflow.admin.controller.auth;
|
||||
|
||||
import cn.dev33.satoken.annotation.SaIgnore;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import tech.easyflow.auth.config.DevLoginGuard;
|
||||
import tech.easyflow.auth.entity.LoginVO;
|
||||
import tech.easyflow.auth.service.AuthService;
|
||||
import tech.easyflow.common.domain.Result;
|
||||
import tech.easyflow.common.web.jsonbody.JsonBody;
|
||||
|
||||
@Profile("dev")
|
||||
@RestController
|
||||
@RequestMapping("/api/v1/auth/")
|
||||
@ConditionalOnProperty(prefix = "easyflow.login.dev-bypass", name = "enabled", havingValue = "true")
|
||||
public class DevLoginController {
|
||||
|
||||
private final AuthService authService;
|
||||
private final DevLoginGuard devLoginGuard;
|
||||
|
||||
public DevLoginController(AuthService authService, DevLoginGuard devLoginGuard) {
|
||||
this.authService = authService;
|
||||
this.devLoginGuard = devLoginGuard;
|
||||
}
|
||||
|
||||
@SaIgnore
|
||||
@PostMapping("dev-login")
|
||||
public Result<LoginVO> devLogin(HttpServletRequest request,
|
||||
@JsonBody(value = "account", required = true) String account) {
|
||||
devLoginGuard.checkAccess(request, account);
|
||||
return Result.ok(authService.devLogin(account));
|
||||
}
|
||||
}
|
||||
@@ -1,33 +0,0 @@
|
||||
package tech.easyflow.admin.controller.system;
|
||||
|
||||
import cn.dev33.satoken.annotation.SaIgnore;
|
||||
import cn.dev33.satoken.stp.StpUtil;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import tech.easyflow.common.constant.Constants;
|
||||
import tech.easyflow.common.domain.Result;
|
||||
import tech.easyflow.common.entity.LoginAccount;
|
||||
|
||||
import java.math.BigInteger;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/api/temp-token")
|
||||
public class SysTempTokenController {
|
||||
|
||||
@GetMapping("/create")
|
||||
@SaIgnore
|
||||
public Result<String> createTempToken() {
|
||||
|
||||
StpUtil.login(0);
|
||||
String tokenValue = StpUtil.getTokenValue();
|
||||
LoginAccount loginAccount = new LoginAccount();
|
||||
loginAccount.setId(BigInteger.valueOf(0));
|
||||
loginAccount.setLoginName("匿名用户");
|
||||
loginAccount.setTenantId(BigInteger.ZERO);
|
||||
loginAccount.setDeptId(BigInteger.ZERO);
|
||||
StpUtil.getSession().set(Constants.LOGIN_USER_KEY, loginAccount);
|
||||
|
||||
return Result.ok("", tokenValue);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user