fix: 完善单点登录传递回调地址和serverUrl的功能。优化token刷新机制,判断单点登录和管理员登录等等不同路径的处理机制。提示词管理的模板数据查找的时候只需要返回固定的5个类型。隐藏评查点设置中关于抽取的自定义模板的选择。
This commit is contained in:
+18
-12
@@ -1,37 +1,43 @@
|
||||
import { type LoaderFunctionArgs, redirect } from "@remix-run/node";
|
||||
import { OAuthClient } from "~/api/login/oauth-client";
|
||||
import { OAUTH_CONFIG } from "~/config/api-config";
|
||||
import { getServerOAuthConfigRuntime } from "~/config/oauth-secret.server";
|
||||
import { sessionStorage } from "~/api/login/auth.server";
|
||||
|
||||
export async function loader({ request }: LoaderFunctionArgs) {
|
||||
const session = await sessionStorage.getSession(request.headers.get("Cookie"));
|
||||
|
||||
// 获取访问令牌
|
||||
|
||||
// 获取访问令牌和用户角色
|
||||
const accessToken = session.get("accessToken");
|
||||
|
||||
if (accessToken) {
|
||||
const userRole = session.get("userRole");
|
||||
|
||||
// 🔑 只有非 admin 用户才需要调用 IDaaS 单点登出
|
||||
const isAdmin = userRole === 'admin';
|
||||
|
||||
if (accessToken && !isAdmin) {
|
||||
try {
|
||||
// 创建OAuth客户端
|
||||
const oauthClient = new OAuthClient(OAUTH_CONFIG);
|
||||
|
||||
// 🔒 安全:使用服务器端专用函数获取完整配置
|
||||
const oauthClient = new OAuthClient(getServerOAuthConfigRuntime());
|
||||
|
||||
// 构建登出后重定向URL
|
||||
const url = new URL(request.url);
|
||||
const redirectUrl = url.searchParams.get("redirect") || `${url.protocol}//${url.host}/login`;
|
||||
|
||||
|
||||
// 调用IDaaS单点登出
|
||||
const logoutSuccess = await oauthClient.logout(accessToken, redirectUrl);
|
||||
|
||||
|
||||
if (!logoutSuccess) {
|
||||
console.warn("IDaaS单点登出失败,但仍清除本地会话");
|
||||
}
|
||||
} catch (error) {
|
||||
console.error("单点登出过程中出错:", error);
|
||||
}
|
||||
} else if (isAdmin) {
|
||||
console.log("admin 用户登出,跳过 IDaaS 单点登出");
|
||||
}
|
||||
|
||||
|
||||
// 无论IDaaS登出是否成功,都清除本地会话
|
||||
const cookie = await sessionStorage.destroySession(session);
|
||||
|
||||
|
||||
return redirect("/login", {
|
||||
headers: {
|
||||
"Set-Cookie": cookie
|
||||
|
||||
Reference in New Issue
Block a user