From 75f0aca5d1134cb0be0e7f7ab60e45ca1937bf2a Mon Sep 17 00:00:00 2001
From: kkfluous <kkfluous@kdemacbook-air.local>
Date: Thu, 16 Apr 2026 21:48:29 +0800
Subject: [PATCH] fix(auth): require jumpToken for access, remove temporary
 bypass
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously: no jumpToken → direct access allowed (临时放行)
Now: no jumpToken → show "请从业务系统跳转访问" unauthorized page

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src/auth/AuthProvider.tsx | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/auth/AuthProvider.tsx b/src/auth/AuthProvider.tsx
index e0cf760..f4586e1 100644
--- a/src/auth/AuthProvider.tsx
+++ b/src/auth/AuthProvider.tsx
@@ -65,8 +65,7 @@ export default function AuthProvider({ children }: { children: ReactNode }) {
     const jumpToken = params.get('jumpToken');
 
     if (!jumpToken) {
-      // 临时：无 token 时直接放行
-      setState({ isLoading: false, isAuthenticated: true, user: null, error: null });
+      setState({ isLoading: false, isAuthenticated: false, user: null, error: '请从业务系统跳转访问' });
       return;
     }