zfc/sub2api
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
sub2api/frontend/src/router/index.ts
DaydreamCoding b19da9c7fe feat(dingtalk): 钉钉 OAuth 登录接入与 internal_only 用户属性同步 
⚠️ 应用类型约束:当前实现仅支持「钉钉登录-企业内部应用」(DingTalk 开放平台
internal_app 类型)。第三方个人应用、第三方企业应用类型暂不支持——OAuth 流程
相同但 corp 校验、跨企业行为不同。backend 通过 DingTalkAppKind 校验对非
internal_app 类型 fail-closed(硬约束)。

钉钉 OAuth 登录主链
- 4 步 OAuth 链:ExchangeCodeForUserToken / GetUnionIdByUserToken /
  GetUserIdByUnionId / GetStaffInfoByUserId;app token 缓存
- pending session 机制持久化 OAuth 中间态;cookie-only token 持久化
- 三种分流:bind_login_required / email_completion / choose_account_action
- corp_restriction_policy 支持 none + internal_only;stale "whitelist" 在
  加载层与写入层均静默 coerce 为 none + slog.Warn
- bypass_registration 开关:企业内部模式豁免全局 REGISTRATION_DISABLED
- isReservedEmail / signup_source / canUnbindProvider / OAuth pending flow
  等横切点支持 dingtalk provider
- migration 136:4 表 CHECK 约束加入 'dingtalk' provider 值

internal_only 模式同步企业邮箱/姓名/部门到用户属性
- SyncCorpEmail / SyncDisplayName / SyncDept 三个独立开关 + 对应
  SyncXxxAttrKey 目标属性 key(默认 dingtalk_email / dingtalk_name /
  dingtalk_department);非 internal_only policy 在写入层与加载层均
  coerce 为 false,admin handler 与 setting_service 双层兜底
- 同步语义:首次注册写 users.username(昵称优先 → 企业姓名 fallback),
  之后每次登录刷新 3 个属性;空值也写入以覆盖旧值
- 邮箱三级 fallback:org_email > email > extension["企业邮箱"]
  (钉钉自定义字段 JSON)
- 部门路径递归向上拼接,跳过 dept_id=1 选首个真实子部门,剥离根组织名
- GetUnionIdByUserToken 同时返回 OIDC /contact/users/me 的 nick 字段;
  新增 GetDeptInfo 调用 OAPI /topapi/v2/department/get
- AuthHandler 注入 UserAttributeService;OAuth pending flow 在
  createPendingOAuthAccount / bindPendingOAuthLogin 分别派发到
  AfterRegistration(syncUsername=true)/ AfterLogin
- migration 137 seed dingtalk_email/name/department 三个用户属性定义

附带修复(同集成路径暴露的两个 OAuth 注册回归)
- LoginOrRegisterOAuthWithTokenPair 新建用户分支用 inferLegacySignupSource
  覆写 caller 显式传入的 signupSource,导致 dingtalk/linuxdo/oidc/wechat
  渠道授权按 email 渠道读取;改为只在 caller 未显式传入时回退邮箱推断
- mergeProviderDefaultGrantSettings 把 parse fallback 默认值
  (Concurrency=5 / Balance=0) 当作"未配置"哨兵,admin 显式设 5 时被误判
  退回全局默认(复现:全局默认 1 + 渠道默认并发 5 + grant_on_signup → 新
  用户实际 concurrency=1);去掉哨兵,admin 任何 >=0 值都覆盖 globalDefaults

前端
- DingTalk Login / Callback / EmailCompletion / ChoiceAccount / Error
  视图;router + auth API client
- admin SettingsView:corp policy radio(none / internal_only)+ bypass
  注册开关 + i18n;internal_only 下展示三同步开关 + 目标 attr key 下拉
  (拉取 user attribute definitions),展示 fieldEmail /
  qyapi_get_department_list 钉钉权限申请提示
- Profile:S1 主动绑定 / S5 解绑钉钉按钮 + 合成邮箱防自锁

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-19 15:27:47 +08:00

895 lines
24 KiB
TypeScript
Raw Blame History

/**
* Vue Router configuration for Sub2API frontend
* Defines all application routes with lazy loading and navigation guards
*/
import { createRouter, createWebHistory, type RouteRecordRaw } from 'vue-router'
import { useAuthStore } from '@/stores/auth'
import { useAppStore } from '@/stores/app'
import { useAdminSettingsStore } from '@/stores/adminSettings'
import { useNavigationLoadingState } from '@/composables/useNavigationLoading'
import { useRoutePrefetch } from '@/composables/useRoutePrefetch'
import { resolveDocumentTitle } from './title'
/**
* Route definitions with lazy loading
*/
const routes: RouteRecordRaw[] = [
// ==================== Setup Routes ====================
{
path: '/setup',
name: 'Setup',
component: () => import('@/views/setup/SetupWizardView.vue'),
meta: {
requiresAuth: false,
title: 'Setup'
}
},
// ==================== Public Routes ====================
{
path: '/home',
name: 'Home',
component: () => import('@/views/HomeView.vue'),
meta: {
requiresAuth: false,
title: 'Home'
}
},
{
path: '/login',
name: 'Login',
component: () => import('@/views/auth/LoginView.vue'),
meta: {
requiresAuth: false,
title: 'Login',
titleKey: 'common.login'
}
},
{
path: '/register',
name: 'Register',
component: () => import('@/views/auth/RegisterView.vue'),
meta: {
requiresAuth: false,
title: 'Register',
titleKey: 'auth.createAccount'
}
},
{
path: '/email-verify',
name: 'EmailVerify',
component: () => import('@/views/auth/EmailVerifyView.vue'),
meta: {
requiresAuth: false,
title: 'Verify Email'
}
},
{
path: '/auth/callback',
name: 'OAuthCallback',
alias: '/auth/oauth/callback',
component: () => import('@/views/auth/OAuthCallbackView.vue'),
meta: {
requiresAuth: false,
title: 'OAuth Callback',
titleKey: 'auth.oauthCallbackPageTitle'
}
},
{
path: '/auth/linuxdo/callback',
name: 'LinuxDoOAuthCallback',
component: () => import('@/views/auth/LinuxDoCallbackView.vue'),
meta: {
requiresAuth: false,
title: 'LinuxDo OAuth Callback',
titleKey: 'auth.linuxdoCallbackPageTitle'
}
},
{
path: '/auth/wechat/callback',
name: 'WeChatOAuthCallback',
component: () => import('@/views/auth/WechatCallbackView.vue'),
meta: {
requiresAuth: false,
title: 'WeChat OAuth Callback',
titleKey: 'auth.wechatCallbackPageTitle'
}
},
{
path: '/auth/wechat/payment/callback',
name: 'WeChatPaymentOAuthCallback',
component: () => import('@/views/auth/WechatPaymentCallbackView.vue'),
meta: {
requiresAuth: false,
title: 'WeChat Payment Callback',
titleKey: 'auth.wechatPaymentCallbackPageTitle'
}
},
{
path: '/auth/dingtalk/callback',
name: 'DingTalkOAuthCallback',
component: () => import('@/views/auth/DingTalkCallbackView.vue'),
meta: {
requiresAuth: false,
title: 'DingTalk OAuth Callback',
titleKey: 'auth.dingtalkCallbackPageTitle'
}
},
{
path: '/auth/dingtalk/email-completion',
name: 'dingtalk-email-completion',
component: () => import('@/views/auth/DingTalkEmailCompletionView.vue'),
meta: {
requiresAuth: false,
title: 'DingTalk Email Completion'
}
},
{
path: '/auth/oidc/callback',
name: 'OIDCOAuthCallback',
component: () => import('@/views/auth/OidcCallbackView.vue'),
meta: {
requiresAuth: false,
title: 'OIDC OAuth Callback',
titleKey: 'auth.oidcCallbackPageTitle'
}
},
{
path: '/forgot-password',
name: 'ForgotPassword',
component: () => import('@/views/auth/ForgotPasswordView.vue'),
meta: {
requiresAuth: false,
title: 'Forgot Password',
titleKey: 'auth.forgotPasswordTitle'
}
},
{
path: '/reset-password',
name: 'ResetPassword',
component: () => import('@/views/auth/ResetPasswordView.vue'),
meta: {
requiresAuth: false,
title: 'Reset Password'
}
},
{
path: '/key-usage',
name: 'KeyUsage',
component: () => import('@/views/KeyUsageView.vue'),
meta: {
requiresAuth: false,
title: 'Key Usage',
}
},
{
path: '/legal/:documentId',
name: 'LegalDocument',
component: () => import('@/views/public/LegalDocumentView.vue'),
meta: {
requiresAuth: false,
title: 'Legal Document'
}
},
// ==================== User Routes ====================
{
path: '/',
redirect: '/home'
},
{
path: '/dashboard',
name: 'Dashboard',
component: () => import('@/views/user/DashboardView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: false,
title: 'Dashboard',
titleKey: 'dashboard.title',
descriptionKey: 'dashboard.welcomeMessage'
}
},
{
path: '/keys',
name: 'Keys',
component: () => import('@/views/user/KeysView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: false,
title: 'API Keys',
titleKey: 'keys.title',
descriptionKey: 'keys.description'
}
},
{
path: '/usage',
name: 'Usage',
component: () => import('@/views/user/UsageView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: false,
title: 'Usage Records',
titleKey: 'usage.title',
descriptionKey: 'usage.description'
}
},
{
path: '/redeem',
name: 'Redeem',
component: () => import('@/views/user/RedeemView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: false,
title: 'Redeem Code',
titleKey: 'redeem.title',
descriptionKey: 'redeem.description'
}
},
{
path: '/affiliate',
name: 'Affiliate',
component: () => import('@/views/user/AffiliateView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: false,
title: 'Affiliate',
titleKey: 'affiliate.title',
descriptionKey: 'affiliate.description'
}
},
{
path: '/available-channels',
name: 'UserAvailableChannels',
component: () => import('@/views/user/AvailableChannelsView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: false,
title: 'Available Channels',
titleKey: 'availableChannels.title',
descriptionKey: 'availableChannels.description'
}
},
{
path: '/profile',
name: 'Profile',
component: () => import('@/views/user/ProfileView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: false,
title: 'Profile',
titleKey: 'profile.title',
descriptionKey: 'profile.description'
}
},
{
path: '/subscriptions',
name: 'Subscriptions',
component: () => import('@/views/user/SubscriptionsView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: false,
title: 'My Subscriptions',
titleKey: 'userSubscriptions.title',
descriptionKey: 'userSubscriptions.description'
}
},
{
path: '/purchase',
name: 'PurchaseSubscription',
component: () => import('@/views/user/PaymentView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: false,
title: 'Purchase Subscription',
titleKey: 'nav.buySubscription',
descriptionKey: 'purchase.description',
requiresPayment: true
}
},
{
path: '/orders',
name: 'OrderList',
component: () => import('@/views/user/UserOrdersView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: false,
title: 'My Orders',
titleKey: 'nav.myOrders',
requiresPayment: true
}
},
{
path: '/payment/qrcode',
name: 'PaymentQRCode',
component: () => import('@/views/user/PaymentQRCodeView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: false,
title: 'Payment',
titleKey: 'payment.qr.scanToPay',
requiresPayment: true
}
},
{
path: '/payment/result',
name: 'PaymentResult',
component: () => import('@/views/user/PaymentResultView.vue'),
meta: {
requiresAuth: false,
requiresAdmin: false,
title: 'Payment Result',
titleKey: 'payment.result.success',
requiresPayment: false
}
},
{
path: '/payment/stripe',
name: 'StripePayment',
component: () => import('@/views/user/StripePaymentView.vue'),
meta: {
requiresAuth: false,
requiresAdmin: false,
title: 'Stripe Payment',
titleKey: 'payment.stripePay',
requiresPayment: false
}
},
{
path: '/payment/airwallex',
name: 'AirwallexPayment',
component: () => import('@/views/user/AirwallexPaymentView.vue'),
meta: {
requiresAuth: false,
requiresAdmin: false,
title: 'Airwallex Payment',
titleKey: 'payment.airwallexPay',
requiresPayment: false
}
},
{
path: '/payment/stripe-popup',
name: 'StripePopup',
component: () => import('@/views/user/StripePopupView.vue'),
meta: {
requiresAuth: false,
requiresAdmin: false,
title: 'Payment',
requiresPayment: false
}
},
{
path: '/custom/:id',
name: 'CustomPage',
component: () => import('@/views/user/CustomPageView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: false,
title: 'Custom Page',
titleKey: 'customPage.title',
}
},
// ==================== Admin Routes ====================
{
path: '/admin',
redirect: '/admin/dashboard'
},
{
path: '/admin/dashboard',
name: 'AdminDashboard',
component: () => import('@/views/admin/DashboardView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Admin Dashboard',
titleKey: 'admin.dashboard.title',
descriptionKey: 'admin.dashboard.description'
}
},
{
path: '/admin/ops',
name: 'AdminOps',
component: () => import('@/views/admin/ops/OpsDashboard.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Ops Monitoring',
titleKey: 'admin.ops.title',
descriptionKey: 'admin.ops.description'
}
},
{
path: '/admin/users',
name: 'AdminUsers',
component: () => import('@/views/admin/UsersView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'User Management',
titleKey: 'admin.users.title',
descriptionKey: 'admin.users.description'
}
},
{
path: '/admin/groups',
name: 'AdminGroups',
component: () => import('@/views/admin/GroupsView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Group Management',
titleKey: 'admin.groups.title',
descriptionKey: 'admin.groups.description'
}
},
{
path: '/admin/channels',
redirect: '/admin/channels/pricing'
},
{
path: '/admin/channels/pricing',
name: 'AdminChannels',
component: () => import('@/views/admin/ChannelsView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Channel Management',
titleKey: 'admin.channels.title',
descriptionKey: 'admin.channels.description'
}
},
{
path: '/admin/channels/monitor',
name: 'AdminChannelMonitor',
component: () => import('@/views/admin/ChannelMonitorView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Channel Monitor',
titleKey: 'admin.channelMonitor.title',
descriptionKey: 'admin.channelMonitor.description'
}
},
{
path: '/monitor',
name: 'ChannelStatus',
component: () => import('@/views/user/ChannelStatusView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: false,
title: 'Channel Status',
titleKey: 'nav.channelStatus'
}
},
{
path: '/admin/subscriptions',
name: 'AdminSubscriptions',
component: () => import('@/views/admin/SubscriptionsView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Subscription Management',
titleKey: 'admin.subscriptions.title',
descriptionKey: 'admin.subscriptions.description'
}
},
{
path: '/admin/accounts',
name: 'AdminAccounts',
component: () => import('@/views/admin/AccountsView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Account Management',
titleKey: 'admin.accounts.title',
descriptionKey: 'admin.accounts.description'
}
},
{
path: '/admin/announcements',
name: 'AdminAnnouncements',
component: () => import('@/views/admin/AnnouncementsView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Announcements',
titleKey: 'admin.announcements.title',
descriptionKey: 'admin.announcements.description'
}
},
{
path: '/admin/proxies',
name: 'AdminProxies',
component: () => import('@/views/admin/ProxiesView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Proxy Management',
titleKey: 'admin.proxies.title',
descriptionKey: 'admin.proxies.description'
}
},
{
path: '/admin/redeem',
name: 'AdminRedeem',
component: () => import('@/views/admin/RedeemView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Redeem Code Management',
titleKey: 'admin.redeem.title',
descriptionKey: 'admin.redeem.description'
}
},
{
path: '/admin/promo-codes',
name: 'AdminPromoCodes',
component: () => import('@/views/admin/PromoCodesView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Promo Code Management',
titleKey: 'admin.promo.title',
descriptionKey: 'admin.promo.description'
}
},
{
path: '/admin/settings',
name: 'AdminSettings',
component: () => import('@/views/admin/SettingsView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'System Settings',
titleKey: 'admin.settings.title',
descriptionKey: 'admin.settings.description'
}
},
{
path: '/admin/risk-control',
name: 'AdminRiskControl',
component: () => import('@/views/admin/RiskControlView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Risk Control',
titleKey: 'admin.riskControl.title',
descriptionKey: 'admin.riskControl.description',
requiresRiskControl: true
}
},
{
path: '/admin/usage',
name: 'AdminUsage',
component: () => import('@/views/admin/UsageView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Usage Records',
titleKey: 'admin.usage.title',
descriptionKey: 'admin.usage.description'
}
},
{
path: '/admin/affiliates',
redirect: '/admin/affiliates/invites'
},
{
path: '/admin/affiliates/invites',
name: 'AdminAffiliateInvites',
component: () => import('@/views/admin/affiliates/AdminAffiliateInvitesView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Affiliate Invite Records',
titleKey: 'nav.affiliateInviteRecords',
descriptionKey: 'admin.affiliates.invitesDescription'
}
},
{
path: '/admin/affiliates/rebates',
name: 'AdminAffiliateRebates',
component: () => import('@/views/admin/affiliates/AdminAffiliateRebatesView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Affiliate Rebate Records',
titleKey: 'nav.affiliateRebateRecords',
descriptionKey: 'admin.affiliates.rebatesDescription'
}
},
{
path: '/admin/affiliates/transfers',
name: 'AdminAffiliateTransfers',
component: () => import('@/views/admin/affiliates/AdminAffiliateTransfersView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Affiliate Transfer Records',
titleKey: 'nav.affiliateTransferRecords',
descriptionKey: 'admin.affiliates.transfersDescription'
}
},
// ==================== Payment Admin Routes ====================
{
path: '/admin/orders/dashboard',
name: 'AdminPaymentDashboard',
component: () => import('@/views/admin/orders/AdminPaymentDashboardView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Payment Dashboard',
titleKey: 'nav.paymentDashboard',
requiresPayment: true
}
},
{
path: '/admin/orders',
name: 'AdminOrders',
component: () => import('@/views/admin/orders/AdminOrdersView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Order Management',
titleKey: 'nav.orderManagement',
requiresPayment: true
}
},
{
path: '/admin/orders/plans',
name: 'AdminPaymentPlans',
component: () => import('@/views/admin/orders/AdminPaymentPlansView.vue'),
meta: {
requiresAuth: true,
requiresAdmin: true,
title: 'Subscription Plans',
titleKey: 'nav.paymentPlans',
requiresPayment: true
}
},
// ==================== 404 Not Found ====================
{
path: '/:pathMatch(.*)*',
name: 'NotFound',
component: () => import('@/views/NotFoundView.vue'),
meta: {
title: '404 Not Found'
}
}
]
/**
* Create router instance
*/
const router = createRouter({
history: createWebHistory(import.meta.env.BASE_URL),
routes,
scrollBehavior(_to, _from, savedPosition) {
// Scroll to saved position when using browser back/forward
if (savedPosition) {
return savedPosition
}
// Scroll to top for new routes
return { top: 0 }
}
})
/**
* Navigation guard: Authentication check
*/
let authInitialized = false
// 初始化导航加载状态和预加载
const navigationLoading = useNavigationLoadingState()
// 延迟初始化预加载,传入 router 实例
let routePrefetch: ReturnType<typeof useRoutePrefetch> | null = null
const BACKEND_MODE_ALLOWED_PATHS = ['/login', '/key-usage', '/setup', '/payment/result', '/payment/airwallex', '/legal']
const BACKEND_MODE_CALLBACK_PATHS = [
'/auth/callback',
'/auth/linuxdo/callback',
'/auth/dingtalk/callback',
'/auth/dingtalk/email-completion',
'/auth/oidc/callback',
'/auth/wechat/callback',
'/auth/wechat/payment/callback',
]
const BACKEND_MODE_PENDING_AUTH_PATHS = ['/register', '/email-verify']
function isBackendModePublicRouteAllowed(path: string, hasPendingAuthSession: boolean): boolean {
if (BACKEND_MODE_ALLOWED_PATHS.some((allowedPath) => path === allowedPath || path.startsWith(allowedPath))) {
return true
}
if (BACKEND_MODE_CALLBACK_PATHS.some((callbackPath) => path === callbackPath)) {
return true
}
if (hasPendingAuthSession && BACKEND_MODE_PENDING_AUTH_PATHS.some((allowedPath) => path === allowedPath)) {
return true
}
return false
}
router.beforeEach((to, _from, next) => {
// 开始导航加载状态
navigationLoading.startNavigation()
const authStore = useAuthStore()
// Restore auth state from localStorage on first navigation (page refresh)
if (!authInitialized) {
authStore.checkAuth()
authInitialized = true
}
// Set page title
const appStore = useAppStore()
// For custom pages, use menu item label as document title
if (to.name === 'CustomPage') {
const id = to.params.id as string
const publicItems = appStore.cachedPublicSettings?.custom_menu_items ?? []
const adminSettingsStore = useAdminSettingsStore()
const menuItem = publicItems.find((item) => item.id === id)
?? (authStore.isAdmin ? adminSettingsStore.customMenuItems.find((item) => item.id === id) : undefined)
if (menuItem?.label) {
const siteName = appStore.siteName || 'Sub2API'
document.title = `${menuItem.label} - ${siteName}`
} else {
document.title = resolveDocumentTitle(to.meta.title, appStore.siteName, to.meta.titleKey as string)
}
} else {
document.title = resolveDocumentTitle(to.meta.title, appStore.siteName, to.meta.titleKey as string)
}
// Check if route requires authentication
const requiresAuth = to.meta.requiresAuth !== false // Default to true
const requiresAdmin = to.meta.requiresAdmin === true
// If route doesn't require auth, allow access
if (!requiresAuth) {
// If already authenticated and trying to access login/register, redirect to appropriate dashboard
if (authStore.isAuthenticated && (to.path === '/login' || to.path === '/register')) {
// In backend mode, non-admin users should NOT be redirected away from login
// (they are blocked from all protected routes, so redirecting would cause a loop)
if (appStore.backendModeEnabled && !authStore.isAdmin) {
next()
return
}
// Admin users go to admin dashboard, regular users go to user dashboard
next(authStore.isAdmin ? '/admin/dashboard' : '/dashboard')
return
}
// Backend mode: block public pages for unauthenticated users (except login, key-usage, setup)
if (appStore.backendModeEnabled && !authStore.isAuthenticated) {
const isAllowed = isBackendModePublicRouteAllowed(to.path, authStore.hasPendingAuthSession)
if (!isAllowed) {
next('/login')
return
}
}
next()
return
}
// Route requires authentication
if (!authStore.isAuthenticated) {
// Not authenticated, redirect to login
next({
path: '/login',
query: { redirect: to.fullPath } // Save intended destination
})
return
}
// Check admin requirement
if (requiresAdmin && !authStore.isAdmin) {
// User is authenticated but not admin, redirect to user dashboard
next('/dashboard')
return
}
// Check payment requirement (internal payment system only)
if (to.meta.requiresPayment) {
const paymentEnabled = appStore.cachedPublicSettings?.payment_enabled
if (!paymentEnabled) {
next(authStore.isAdmin ? '/admin/dashboard' : '/dashboard')
return
}
}
if (to.meta.requiresRiskControl) {
const riskControlEnabled = appStore.cachedPublicSettings?.risk_control_enabled === true
if (!riskControlEnabled) {
next(authStore.isAdmin ? '/admin/settings' : '/dashboard')
return
}
}
// 简易模式下限制访问某些页面
if (authStore.isSimpleMode) {
const restrictedPaths = [
'/admin/groups',
'/admin/subscriptions',
'/admin/redeem',
'/subscriptions',
'/redeem'
]
if (restrictedPaths.some((path) => to.path.startsWith(path))) {
// 简易模式下访问受限页面,重定向到仪表板
next(authStore.isAdmin ? '/admin/dashboard' : '/dashboard')
return
}
}
// Backend mode: admin gets full access, non-admin blocked
if (appStore.backendModeEnabled) {
if (authStore.isAuthenticated && authStore.isAdmin) {
next()
return
}
const isAllowed = isBackendModePublicRouteAllowed(to.path, authStore.hasPendingAuthSession)
if (!isAllowed) {
next('/login')
return
}
}
// All checks passed, allow navigation
next()
})
/**
* Navigation guard: End loading and trigger prefetch
*/
router.afterEach((to) => {
// 结束导航加载状态
navigationLoading.endNavigation()
// 懒初始化预加载(首次导航时创建,传入 router 实例)
if (!routePrefetch) {
routePrefetch = useRoutePrefetch(router)
}
// 触发路由预加载(在浏览器空闲时执行)
routePrefetch.triggerPrefetch(to)
})
/**
* Navigation guard: Error handling
* Handles dynamic import failures caused by deployment updates
*/
router.onError((error) => {
console.error('Router error:', error)
// Check if this is a dynamic import failure (chunk loading error)
const isChunkLoadError =
error.message?.includes('Failed to fetch dynamically imported module') ||
error.message?.includes('Loading chunk') ||
error.message?.includes('Loading CSS chunk') ||
error.name === 'ChunkLoadError'
if (isChunkLoadError) {
// Avoid infinite reload loop by checking sessionStorage
const reloadKey = 'chunk_reload_attempted'
const lastReload = sessionStorage.getItem(reloadKey)
const now = Date.now()
// Allow reload if never attempted or more than 10 seconds ago
if (!lastReload || now - parseInt(lastReload) > 10000) {
sessionStorage.setItem(reloadKey, now.toString())
console.warn('Chunk load error detected, reloading page to fetch latest version...')
window.location.reload()
} else {
console.error('Chunk load error persists after reload. Please clear browser cache.')
}
}
})
export default router
Reference in New Issue View Git Blame Copy Permalink