feat(dev): env-gated local auth bypass for development

.env 里设 DEV_BYPASS_AUTH=1 + VITE_DEV_BYPASS_AUTH=1 即可本地免登录调试。前端判定强制要求 import.meta.env.DEV，避免生产构建误启用。后端塞入 dev 身份（含所有权限 / BI-SCHEDULE-OPT 角色），保证 c.get('user') 下游依赖不会 crash。新增 src/vite-env.d.ts 引入 vite/client 类型以访问 import.meta.env。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-24 11:00:30 +08:00
parent a472e543ce
commit 9ea2f306c4
3 changed files with 33 additions and 0 deletions
--- a/src/server/auth/middleware.ts
+++ b/src/server/auth/middleware.ts
@@ -14,6 +14,21 @@ export async function authMiddleware(c: Context, next: Next) {
    return next();
  }

+  // 本地开发免登录开关：.env 里设 DEV_BYPASS_AUTH=1 启用
+  if (process.env.DEV_BYPASS_AUTH === '1') {
+    const devUser: AuthUser = {
+      userId: 'dev-local',
+      userName: '本地开发',
+      loginName: 'dev-local',
+      depCode: '',
+      depName: '',
+      permissionLevel: 'full',
+      roles: ['所有权限', 'BI-SCHEDULE-OPT'],
+    };
+    c.set('user', devUser);
+    return next();
+  }
+
  // 跳过不需要认证的路径
  if (path === '/api/health' || path.startsWith('/api/auth/')) {
    return next();