E-300 (#19726)

Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: Hash Brown <hi@xzd.me> Co-authored-by: crazywoola <427733928@qq.com> Co-authored-by: GareArc <chen4851@purdue.edu> Co-authored-by: Byron.wang <byron@dify.ai> Co-authored-by: Joel <iamjoel007@gmail.com> Co-authored-by: -LAN- <laipz8200@outlook.com> Co-authored-by: Garfield Dai <dai.hai@foxmail.com> Co-authored-by: KVOJJJin <jzongcode@gmail.com> Co-authored-by: Alexi.F <654973939@qq.com> Co-authored-by: Xiyuan Chen <52963600+GareArc@users.noreply.github.com> Co-authored-by: kautsar_masuara <61046989+izon-masuara@users.noreply.github.com> Co-authored-by: achmad-kautsar <achmad.kautsar@insignia.co.id> Co-authored-by: Xin Zhang <sjhpzx@gmail.com> Co-authored-by: kelvintsim <83445753+kelvintsim@users.noreply.github.com> Co-authored-by: zxhlyh <jasonapring2015@outlook.com> Co-authored-by: Zixuan Cheng <61724187+Theysua@users.noreply.github.com>
2025-05-20 12:07:50 +08:00
parent 6a8ca8296b
commit d186daa131
199 changed files with 3618 additions and 1000 deletions
--- a/web/service/access-control.ts
+++ b/web/service/access-control.ts
@@ -0,0 +1,90 @@
+import { useInfiniteQuery, useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
+import { get, post } from './base'
+import { getAppAccessMode, getUserCanAccess } from './share'
+import type { AccessControlAccount, AccessControlGroup, AccessMode, Subject } from '@/models/access-control'
+import type { App } from '@/types/app'
+
+const NAME_SPACE = 'access-control'
+
+export const useAppWhiteListSubjects = (appId: string | undefined, enabled: boolean) => {
+  return useQuery({
+    queryKey: [NAME_SPACE, 'app-whitelist-subjects', appId],
+    queryFn: () => get<{ groups: AccessControlGroup[]; members: AccessControlAccount[] }>(`/enterprise/webapp/app/subjects?appId=${appId}`),
+    enabled: !!appId && enabled,
+    staleTime: 0,
+    gcTime: 0,
+  })
+}
+
+type SearchResults = {
+  currPage: number
+  totalPages: number
+  subjects: Subject[]
+  hasMore: boolean
+}
+
+export const useSearchForWhiteListCandidates = (query: { keyword?: string; groupId?: AccessControlGroup['id']; resultsPerPage?: number }, enabled: boolean) => {
+  return useInfiniteQuery({
+    queryKey: [NAME_SPACE, 'app-whitelist-candidates', query],
+    queryFn: ({ pageParam }) => {
+      const params = new URLSearchParams()
+      Object.keys(query).forEach((key) => {
+        const typedKey = key as keyof typeof query
+        if (query[typedKey])
+          params.append(key, `${query[typedKey]}`)
+      })
+      params.append('pageNumber', `${pageParam}`)
+      return get<SearchResults>(`/enterprise/webapp/app/subject/search?${new URLSearchParams(params).toString()}`)
+    },
+    initialPageParam: 1,
+    getNextPageParam: (lastPage) => {
+      if (lastPage.hasMore)
+        return lastPage.currPage + 1
+      return undefined
+    },
+    gcTime: 0,
+    staleTime: 0,
+    enabled,
+  })
+}
+
+type UpdateAccessModeParams = {
+  appId: App['id']
+  subjects?: Pick<Subject, 'subjectId' | 'subjectType'>[]
+  accessMode: AccessMode
+}
+
+export const useUpdateAccessMode = () => {
+  const queryClient = useQueryClient()
+  return useMutation({
+    mutationKey: [NAME_SPACE, 'update-access-mode'],
+    mutationFn: (params: UpdateAccessModeParams) => {
+      return post('/enterprise/webapp/app/access-mode', { body: params })
+    },
+    onSuccess: () => {
+      queryClient.invalidateQueries({
+        queryKey: [NAME_SPACE, 'app-whitelist-subjects'],
+      })
+    },
+  })
+}
+
+export const useGetAppAccessMode = ({ appId, isInstalledApp = true, enabled }: { appId?: string; isInstalledApp?: boolean; enabled: boolean }) => {
+  return useQuery({
+    queryKey: [NAME_SPACE, 'app-access-mode', appId],
+    queryFn: () => getAppAccessMode(appId!, isInstalledApp),
+    enabled: !!appId && enabled,
+    staleTime: 0,
+    gcTime: 0,
+  })
+}
+
+export const useGetUserCanAccessApp = ({ appId, isInstalledApp = true, enabled }: { appId?: string; isInstalledApp?: boolean; enabled: boolean }) => {
+  return useQuery({
+    queryKey: [NAME_SPACE, 'user-can-access-app', appId],
+    queryFn: () => getUserCanAccess(appId!, isInstalledApp),
+    enabled: !!appId && enabled,
+    staleTime: 0,
+    gcTime: 0,
+  })
+}
--- a/web/service/apps.ts
+++ b/web/service/apps.ts
@@ -1,6 +1,6 @@
 import type { Fetcher } from 'swr'
 import { del, get, patch, post, put } from './base'
-import type { ApiKeysListResponse, AppDailyConversationsResponse, AppDailyEndUsersResponse, AppDailyMessagesResponse, AppDetailResponse, AppListResponse, AppSSOResponse, AppStatisticsResponse, AppTemplatesResponse, AppTokenCostsResponse, AppVoicesListResponse, CreateApiKeyResponse, DSLImportMode, DSLImportResponse, GenerationIntroductionResponse, TracingConfig, TracingStatus, UpdateAppModelConfigResponse, UpdateAppSiteCodeResponse, UpdateOpenAIKeyResponse, ValidateOpenAIKeyResponse, WorkflowDailyConversationsResponse } from '@/models/app'
+import type { ApiKeysListResponse, AppDailyConversationsResponse, AppDailyEndUsersResponse, AppDailyMessagesResponse, AppDetailResponse, AppListResponse, AppStatisticsResponse, AppTemplatesResponse, AppTokenCostsResponse, AppVoicesListResponse, CreateApiKeyResponse, DSLImportMode, DSLImportResponse, GenerationIntroductionResponse, TracingConfig, TracingStatus, UpdateAppModelConfigResponse, UpdateAppSiteCodeResponse, UpdateOpenAIKeyResponse, ValidateOpenAIKeyResponse, WorkflowDailyConversationsResponse } from '@/models/app'
 import type { CommonResponse } from '@/models/common'
 import type { AppIconType, AppMode, ModelConfig } from '@/types/app'
 import type { TracingProvider } from '@/app/(commonLayout)/app/(appDetailLayout)/[appId]/overview/tracing/type'
@@ -13,13 +13,6 @@ export const fetchAppDetail = ({ url, id }: { url: string; id: string }) => {
  return get<AppDetailResponse>(`${url}/${id}`)
 }

-export const fetchAppSSO = async ({ appId }: { appId: string }) => {
-  return get<AppSSOResponse>(`/enterprise/app-setting/sso?appID=${appId}`)
-}
-export const updateAppSSO = async ({ id, enabled }: { id: string; enabled: boolean }) => {
-  return post('/enterprise/app-setting/sso', { body: { app_id: id, enabled } })
-}
-
 export const fetchAppTemplates: Fetcher<AppTemplatesResponse, { url: string }> = ({ url }) => {
  return get<AppTemplatesResponse>(url)
 }
--- a/web/service/base.ts
+++ b/web/service/base.ts
@@ -108,8 +108,12 @@ function unicodeToChar(text: string) {
  })
 }

-function requiredWebSSOLogin() {
-  globalThis.location.href = `/webapp-signin?redirect_url=${globalThis.location.pathname}`
+function requiredWebSSOLogin(message?: string) {
+  const params = new URLSearchParams()
+  params.append('redirect_url', globalThis.location.pathname)
+  if (message)
+    params.append('message', message)
+  globalThis.location.href = `/webapp-signin?${params.toString()}`
 }

 export function format(text: string) {
@@ -397,6 +401,9 @@ export const ssePost = async (
          }).catch(() => {
            res.json().then((data: any) => {
              if (isPublicAPI) {
+                if (data.code === 'web_app_access_denied')
+                  requiredWebSSOLogin(data.message)
+
                if (data.code === 'web_sso_auth_required')
                  requiredWebSSOLogin()

@@ -426,29 +433,29 @@ export const ssePost = async (
        }
        onData?.(str, isFirstMessage, moreInfo)
      },
-      onCompleted,
-      onThought,
-      onMessageEnd,
-      onMessageReplace,
-      onFile,
-      onWorkflowStarted,
-      onWorkflowFinished,
-      onNodeStarted,
-      onNodeFinished,
-      onIterationStart,
-      onIterationNext,
-      onIterationFinish,
-      onLoopStart,
-      onLoopNext,
-      onLoopFinish,
-      onNodeRetry,
-      onParallelBranchStarted,
-      onParallelBranchFinished,
-      onTextChunk,
-      onTTSChunk,
-      onTTSEnd,
-      onTextReplace,
-      onAgentLog,
+        onCompleted,
+        onThought,
+        onMessageEnd,
+        onMessageReplace,
+        onFile,
+        onWorkflowStarted,
+        onWorkflowFinished,
+        onNodeStarted,
+        onNodeFinished,
+        onIterationStart,
+        onIterationNext,
+        onIterationFinish,
+        onLoopStart,
+        onLoopNext,
+        onLoopFinish,
+        onNodeRetry,
+        onParallelBranchStarted,
+        onParallelBranchFinished,
+        onTextChunk,
+        onTTSChunk,
+        onTTSEnd,
+        onTextReplace,
+        onAgentLog,
      )
    }).catch((e) => {
      if (e.toString() !== 'AbortError: The user aborted a request.' && !e.toString().errorMessage.includes('TypeError: Cannot assign to read only property'))
@@ -475,6 +482,10 @@ export const request = async<T>(url: string, options = {}, otherOptions?: IOther
      // special code
      const { code, message } = errRespData
      // webapp sso
+      if (code === 'web_app_access_denied') {
+        requiredWebSSOLogin(message)
+        return Promise.reject(err)
+      }
      if (code === 'web_sso_auth_required') {
        requiredWebSSOLogin()
        return Promise.reject(err)
--- a/web/service/fetch.ts
+++ b/web/service/fetch.ts
@@ -135,9 +135,9 @@ async function base<T>(url: string, options: FetchOptionType = {}, otherOptions:
  let base: string
  if (isMarketplaceAPI)
    base = MARKETPLACE_API_PREFIX
-   else if (isPublicAPI)
+  else if (isPublicAPI)
    base = PUBLIC_API_PREFIX
-   else
+  else
    base = API_PREFIX

  if (getAbortController) {
--- a/web/service/share.ts
+++ b/web/service/share.ts
@@ -33,7 +33,7 @@ import type {
  ConversationItem,
 } from '@/models/share'
 import type { ChatConfig } from '@/app/components/base/chat/types'
-import type { SystemFeatures } from '@/types/feature'
+import type { AccessMode } from '@/models/access-control'

 function getAction(action: 'get' | 'post' | 'del' | 'patch', isInstalledApp: boolean) {
  switch (action) {
@@ -186,10 +186,6 @@ export const fetchAppParams = async (isInstalledApp: boolean, installedAppId = '
  return (getAction('get', isInstalledApp))(getUrl('parameters', isInstalledApp, installedAppId)) as Promise<ChatConfig>
 }

-export const fetchSystemFeatures = async () => {
-  return (getAction('get', false))(getUrl('system-features', false, '')) as Promise<SystemFeatures>
-}
-
 export const fetchWebSAMLSSOUrl = async (appCode: string, redirectUrl: string) => {
  return (getAction('get', false))(getUrl('/enterprise/sso/saml/login', false, ''), {
    params: {
@@ -268,3 +264,17 @@ export const fetchAccessToken = async (appCode: string, userId?: string) => {
  const url = userId ? `/passport?user_id=${encodeURIComponent(userId)}` : '/passport'
  return get(url, { headers }) as Promise<{ access_token: string }>
 }
+
+export const getAppAccessMode = (appId: string, isInstalledApp: boolean) => {
+  if (isInstalledApp)
+    return consoleGet<{ accessMode: AccessMode }>(`/enterprise/webapp/app/access-mode?appId=${appId}`)
+
+  return get<{ accessMode: AccessMode }>(`/webapp/access-mode?appId=${appId}`)
+}
+
+export const getUserCanAccess = (appId: string, isInstalledApp: boolean) => {
+  if (isInstalledApp)
+    return consoleGet<{ result: boolean }>(`/enterprise/webapp/permission?appId=${appId}`)
+
+  return get<{ result: boolean }>(`/webapp/permission?appId=${appId}`)
+}