feat: 增加开发模式 URL 免登录

- 新增 dev-only 且仅限本机访问的 admin 免登入口 - 管理端支持通过 ?devLogin=admin 自动换取登录态并清理 URL 参数 - 删除未受保护的临时 token 接口并补充关键单测
2026-03-07 18:16:42 +08:00
parent 37e185e74a
commit a93f7ca216
14 changed files with 459 additions and 96 deletions
--- a/easyflow-modules/easyflow-module-auth/src/test/java/tech/easyflow/auth/config/DevLoginGuardTest.java
+++ b/easyflow-modules/easyflow-module-auth/src/test/java/tech/easyflow/auth/config/DevLoginGuardTest.java
@@ -0,0 +1,34 @@
+package tech.easyflow.auth.config;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class DevLoginGuardTest {
+
+    @Test
+    public void shouldAcceptConfiguredAdminAccount() {
+        DevLoginGuard guard = new DevLoginGuard(createProperties());
+        Assert.assertTrue(guard.isAllowedAccount("admin"));
+        Assert.assertFalse(guard.isAllowedAccount("guest"));
+        Assert.assertFalse(guard.isAllowedAccount(null));
+    }
+
+    @Test
+    public void shouldRecognizeLoopbackAddresses() {
+        DevLoginGuard guard = new DevLoginGuard(createProperties());
+        Assert.assertTrue(guard.isLoopbackAddress("127.0.0.1"));
+        Assert.assertTrue(guard.isLoopbackAddress("::1"));
+        Assert.assertFalse(guard.isLoopbackAddress("192.168.1.10"));
+        Assert.assertFalse(guard.isLoopbackAddress("not-an-ip"));
+    }
+
+    private LoginProperties createProperties() {
+        LoginProperties properties = new LoginProperties();
+        LoginProperties.DevBypassProperties devBypass = new LoginProperties.DevBypassProperties();
+        devBypass.setEnabled(true);
+        devBypass.setAccount("admin");
+        devBypass.setLoopbackOnly(true);
+        properties.setDevBypass(devBypass);
+        return properties;
+    }
+}