feat(dev): env-gated local auth bypass for development

.env 里设 DEV_BYPASS_AUTH=1 + VITE_DEV_BYPASS_AUTH=1 即可本地免登录调试。前端判定强制要求 import.meta.env.DEV，避免生产构建误启用。后端塞入 dev 身份（含所有权限 / BI-SCHEDULE-OPT 角色），保证 c.get('user') 下游依赖不会 crash。新增 src/vite-env.d.ts 引入 vite/client 类型以访问 import.meta.env。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-24 11:00:30 +08:00
parent a472e543ce
commit 9ea2f306c4
3 changed files with 33 additions and 0 deletions
--- a/src/auth/AuthProvider.tsx
+++ b/src/auth/AuthProvider.tsx
@@ -36,6 +36,23 @@ export default function AuthProvider({ children }: { children: ReactNode }) {
  }, []);
  async function authenticate() {
    // 本地开发免登录开关：.env 里设 VITE_DEV_BYPASS_AUTH=1 启用，仅 dev 生效
    if (import.meta.env.DEV && import.meta.env.VITE_DEV_BYPASS_AUTH === '1') {
      setState({
        isLoading: false,
        isAuthenticated: true,
        user: {
          userId: 'dev-local',
          userName: '本地开发',
          permissionLevel: 'full',
          depName: '',
          roles: ['所有权限', 'BI-SCHEDULE-OPT'],
        },
        error: null,
      });
      return;
    }
    // 1. 检查 sessionStorage 中是否有 JWT
    const savedToken = sessionStorage.getItem('bi_jwt');
    if (savedToken) {
--- a/src/server/auth/middleware.ts
+++ b/src/server/auth/middleware.ts
@@ -14,6 +14,21 @@ export async function authMiddleware(c: Context, next: Next) {
    return next();
  }
  // 本地开发免登录开关：.env 里设 DEV_BYPASS_AUTH=1 启用
  if (process.env.DEV_BYPASS_AUTH === '1') {
    const devUser: AuthUser = {
      userId: 'dev-local',
      userName: '本地开发',
      loginName: 'dev-local',
      depCode: '',
      depName: '',
      permissionLevel: 'full',
      roles: ['所有权限', 'BI-SCHEDULE-OPT'],
    };
    c.set('user', devUser);
    return next();
  }
  // 跳过不需要认证的路径
  if (path === '/api/health' || path.startsWith('/api/auth/')) {
    return next();
--- a/src/vite-env.d.ts
+++ b/src/vite-env.d.ts
@@ -0,0 +1 @@
 /// <reference types="vite/client" />