feat(dev): env-gated local auth bypass for development

.env 里设 DEV_BYPASS_AUTH=1 + VITE_DEV_BYPASS_AUTH=1 即可本地免登录调试。前端判定强制要求 import.meta.env.DEV，避免生产构建误启用。后端塞入 dev 身份（含所有权限 / BI-SCHEDULE-OPT 角色），保证 c.get('user') 下游依赖不会 crash。新增 src/vite-env.d.ts 引入 vite/client 类型以访问 import.meta.env。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-24 11:00:30 +08:00
parent a472e543ce
commit 9ea2f306c4
3 changed files with 33 additions and 0 deletions
--- a/src/auth/AuthProvider.tsx
+++ b/src/auth/AuthProvider.tsx
@@ -36,6 +36,23 @@ export default function AuthProvider({ children }: { children: ReactNode }) {
  }, []);

  async function authenticate() {
+    // 本地开发免登录开关：.env 里设 VITE_DEV_BYPASS_AUTH=1 启用，仅 dev 生效
+    if (import.meta.env.DEV && import.meta.env.VITE_DEV_BYPASS_AUTH === '1') {
+      setState({
+        isLoading: false,
+        isAuthenticated: true,
+        user: {
+          userId: 'dev-local',
+          userName: '本地开发',
+          permissionLevel: 'full',
+          depName: '',
+          roles: ['所有权限', 'BI-SCHEDULE-OPT'],
+        },
+        error: null,
+      });
+      return;
+    }
+
    // 1. 检查 sessionStorage 中是否有 JWT
    const savedToken = sessionStorage.getItem('bi_jwt');
    if (savedToken) {
--- a/src/server/auth/middleware.ts
+++ b/src/server/auth/middleware.ts
@@ -14,6 +14,21 @@ export async function authMiddleware(c: Context, next: Next) {
    return next();
  }

+  // 本地开发免登录开关：.env 里设 DEV_BYPASS_AUTH=1 启用
+  if (process.env.DEV_BYPASS_AUTH === '1') {
+    const devUser: AuthUser = {
+      userId: 'dev-local',
+      userName: '本地开发',
+      loginName: 'dev-local',
+      depCode: '',
+      depName: '',
+      permissionLevel: 'full',
+      roles: ['所有权限', 'BI-SCHEDULE-OPT'],
+    };
+    c.set('user', devUser);
+    return next();
+  }
+
  // 跳过不需要认证的路径
  if (path === '/api/health' || path.startsWith('/api/auth/')) {
    return next();
--- a/src/vite-env.d.ts
+++ b/src/vite-env.d.ts
@@ -0,0 +1 @@
+/// <reference types="vite/client" />