opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-04-26 02:06:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix/webapp no permission page 260 (#20730)

Browse Source
This commit is contained in:
NFish 2025-06-06 14:27:25 +08:00 committed by GitHub
parent 4835d78529
commit 26f291396d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 105 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
web/app/(shareLayout)/webapp-signin/page.tsx
View File

@ -23,10 +23,12 @@ const WebSSOForm: FC = () => {
const redirectUrl = searchParams.get('redirect_url') const redirectUrl = searchParams.get('redirect_url')
const tokenFromUrl = searchParams.get('web_sso_token') const tokenFromUrl = searchParams.get('web_sso_token')
const message = searchParams.get('message') const message = searchParams.get('message')
const code = searchParams.get('code')
const getSigninUrl = useCallback(() => { const getSigninUrl = useCallback(() => {
const params = new URLSearchParams(searchParams) const params = new URLSearchParams(searchParams)
params.delete('message') params.delete('message')
params.delete('code')
return `/webapp-signin?${params.toString()}` return `/webapp-signin?${params.toString()}`
}, [searchParams]) }, [searchParams])
@ -85,8 +87,8 @@ const WebSSOForm: FC = () => {
if (message) { if (message) {
return <div className='flex h-full flex-col items-center justify-center gap-y-4'> return <div className='flex h-full flex-col items-center justify-center gap-y-4'>
<AppUnavailable className='h-auto w-auto' code={t('share.common.appUnavailable')} unknownReason={message} /> <AppUnavailable className='h-auto w-auto' code={code || t('share.common.appUnavailable')} unknownReason={message} />
<span className='system-sm-regular cursor-pointer text-text-tertiary' onClick={backToHome}>{t('share.login.backToHome')}</span> <span className='system-sm-regular cursor-pointer text-text-tertiary' onClick={backToHome}>{code === '403' ? t('common.userProfile.logout') : t('share.login.backToHome')}</span>
</div> </div>
} }
if (!redirectUrl) { if (!redirectUrl) {

6
web/app/components/app/app-publisher/index.tsx
View File

@ -253,7 +253,7 @@ const AppPublisher = ({
onClick={() => { onClick={() => {
setShowAppAccessControl(true) setShowAppAccessControl(true)
}}> }}>
<div className='flex grow items-center gap-x-1.5 pr-1'> <div className='flex grow items-center gap-x-1.5 pr-1 overflow-hidden'>
{appDetail?.access_mode === AccessMode.ORGANIZATION {appDetail?.access_mode === AccessMode.ORGANIZATION
&& <> && <>
<RiBuildingLine className='h-4 w-4 shrink-0 text-text-secondary' /> <RiBuildingLine className='h-4 w-4 shrink-0 text-text-secondary' />
@ -263,7 +263,9 @@ const AppPublisher = ({
{appDetail?.access_mode === AccessMode.SPECIFIC_GROUPS_MEMBERS {appDetail?.access_mode === AccessMode.SPECIFIC_GROUPS_MEMBERS
&& <> && <>
<RiLockLine className='h-4 w-4 shrink-0 text-text-secondary' /> <RiLockLine className='h-4 w-4 shrink-0 text-text-secondary' />
<p className='system-sm-medium text-text-secondary'>{t('app.accessControlDialog.accessItems.specific')}</p> <div className='grow truncate'>
<span className='system-sm-medium text-text-secondary'>{t('app.accessControlDialog.accessItems.specific')}</span>
</div>
</> </>
} }
{appDetail?.access_mode === AccessMode.PUBLIC {appDetail?.access_mode === AccessMode.PUBLIC

35
web/app/components/base/chat/chat-with-history/index.tsx
View File

@ -1,9 +1,13 @@
'use client'
import type { FC } from 'react' import type { FC } from 'react'
import { import {
useCallback,
useEffect, useEffect,
useState, useState,
} from 'react' } from 'react'
import { useAsyncEffect } from 'ahooks' import { useAsyncEffect } from 'ahooks'
import { useTranslation } from 'react-i18next'
import { usePathname, useRouter, useSearchParams } from 'next/navigation'
import { useThemeContext } from '../embedded-chatbot/theme/theme-context' import { useThemeContext } from '../embedded-chatbot/theme/theme-context'
import { import {
ChatWithHistoryContext, ChatWithHistoryContext,
@ -17,8 +21,9 @@ import ChatWrapper from './chat-wrapper'
import type { InstalledApp } from '@/models/explore' import type { InstalledApp } from '@/models/explore'
import Loading from '@/app/components/base/loading' import Loading from '@/app/components/base/loading'
import useBreakpoints, { MediaType } from '@/hooks/use-breakpoints' import useBreakpoints, { MediaType } from '@/hooks/use-breakpoints'
import { checkOrSetAccessToken } from '@/app/components/share/utils' import { checkOrSetAccessToken, removeAccessToken } from '@/app/components/share/utils'
import AppUnavailable from '@/app/components/base/app-unavailable' import AppUnavailable from '@/app/components/base/app-unavailable'
import useDocumentTitle from '@/hooks/use-document-title'
type ChatWithHistoryProps = { type ChatWithHistoryProps = {
className?: string className?: string
@ -37,6 +42,7 @@ const ChatWithHistory: FC<ChatWithHistoryProps> = ({
chatShouldReloadKey, chatShouldReloadKey,
isMobile, isMobile,
themeBuilder, themeBuilder,
isInstalledApp,
} = useChatWithHistoryContext() } = useChatWithHistoryContext()
const chatReady = (!showConfigPanelBeforeChat || !!appPrevChatTree.length) const chatReady = (!showConfigPanelBeforeChat || !!appPrevChatTree.length)
@ -53,13 +59,36 @@ const ChatWithHistory: FC<ChatWithHistoryProps> = ({
} }
}, [site, customConfig, themeBuilder]) }, [site, customConfig, themeBuilder])
useDocumentTitle(site?.title || 'Chat')
const { t } = useTranslation()
const searchParams = useSearchParams()
const router = useRouter()
const pathname = usePathname()
const getSigninUrl = useCallback(() => {
const params = new URLSearchParams(searchParams)
params.delete('message')
params.set('redirect_url', pathname)
return `/webapp-signin?${params.toString()}`
}, [searchParams, pathname])
const backToHome = useCallback(() => {
removeAccessToken()
const url = getSigninUrl()
router.replace(url)
}, [getSigninUrl, router])
if (appInfoLoading) { if (appInfoLoading) {
return ( return (
<Loading type='app' /> <Loading type='app' />
) )
} }
if (!userCanAccess) if (!userCanAccess) {
return <AppUnavailable code={403} unknownReason='no permission.' /> return <div className='flex h-full flex-col items-center justify-center gap-y-2'>
<AppUnavailable className='h-auto w-auto' code={403} unknownReason='no permission.' />
{!isInstalledApp && <span className='system-sm-regular cursor-pointer text-text-tertiary' onClick={backToHome}>{t('common.userProfile.logout')}</span>}
</div>
}
if (appInfoError) { if (appInfoError) {
return ( return (

39
web/app/components/base/chat/embedded-chatbot/index.tsx
View File

@ -1,10 +1,14 @@
'use client'
import { import {
useCallback,
useEffect, useEffect,
useState, useState,
} from 'react' } from 'react'
import { useAsyncEffect } from 'ahooks' import { useAsyncEffect } from 'ahooks'
import { useTranslation } from 'react-i18next' import { useTranslation } from 'react-i18next'
import { RiLoopLeftLine } from '@remixicon/react' import { RiLoopLeftLine } from '@remixicon/react'
import { usePathname, useRouter, useSearchParams } from 'next/navigation'
import Tooltip from '../../tooltip'
import { import {
EmbeddedChatbotContext, EmbeddedChatbotContext,
useEmbeddedChatbotContext, useEmbeddedChatbotContext,
@ -12,8 +16,7 @@ import {
import { useEmbeddedChatbot } from './hooks' import { useEmbeddedChatbot } from './hooks'
import { isDify } from './utils' import { isDify } from './utils'
import { useThemeContext } from './theme/theme-context' import { useThemeContext } from './theme/theme-context'
import cn from '@/utils/classnames' import { checkOrSetAccessToken, removeAccessToken } from '@/app/components/share/utils'
import { checkOrSetAccessToken } from '@/app/components/share/utils'
import AppUnavailable from '@/app/components/base/app-unavailable' import AppUnavailable from '@/app/components/base/app-unavailable'
import useBreakpoints, { MediaType } from '@/hooks/use-breakpoints' import useBreakpoints, { MediaType } from '@/hooks/use-breakpoints'
import Loading from '@/app/components/base/loading' import Loading from '@/app/components/base/loading'
@ -21,7 +24,8 @@ import LogoHeader from '@/app/components/base/logo/logo-embedded-chat-header'
import Header from '@/app/components/base/chat/embedded-chatbot/header' import Header from '@/app/components/base/chat/embedded-chatbot/header'
import ConfigPanel from '@/app/components/base/chat/embedded-chatbot/config-panel' import ConfigPanel from '@/app/components/base/chat/embedded-chatbot/config-panel'
import ChatWrapper from '@/app/components/base/chat/embedded-chatbot/chat-wrapper' import ChatWrapper from '@/app/components/base/chat/embedded-chatbot/chat-wrapper'
import Tooltip from '@/app/components/base/tooltip' import cn from '@/utils/classnames'
import useDocumentTitle from '@/hooks/use-document-title'
const Chatbot = () => { const Chatbot = () => {
const { t } = useTranslation() const { t } = useTranslation()
@ -36,6 +40,7 @@ const Chatbot = () => {
appChatListDataLoading, appChatListDataLoading,
handleNewConversation, handleNewConversation,
themeBuilder, themeBuilder,
isInstalledApp,
} = useEmbeddedChatbotContext() } = useEmbeddedChatbotContext()
const chatReady = (!showConfigPanelBeforeChat || !!appPrevChatList.length) const chatReady = (!showConfigPanelBeforeChat || !!appPrevChatList.length)
@ -54,14 +59,36 @@ const Chatbot = () => {
} }
}, [site, customConfig, themeBuilder]) }, [site, customConfig, themeBuilder])
useDocumentTitle(site?.title || 'Chat')
const searchParams = useSearchParams()
const router = useRouter()
const pathname = usePathname()
const getSigninUrl = useCallback(() => {
const params = new URLSearchParams(searchParams)
params.delete('message')
params.set('redirect_url', pathname)
return `/webapp-signin?${params.toString()}`
}, [searchParams, pathname])
const backToHome = useCallback(() => {
removeAccessToken()
const url = getSigninUrl()
router.replace(url)
}, [getSigninUrl, router])
if (appInfoLoading) { if (appInfoLoading) {
return ( return (
<Loading type='app' /> <Loading type='app' />
) )
} }
if (!userCanAccess) if (!userCanAccess) {
return <AppUnavailable code={403} unknownReason='no permission.' /> return <div className='flex h-full flex-col items-center justify-center gap-y-2'>
<AppUnavailable className='h-auto w-auto' code={403} unknownReason='no permission.' />
{!isInstalledApp && <span className='system-sm-regular cursor-pointer text-text-tertiary' onClick={backToHome}>{t('common.userProfile.logout')}</span>}
</div>
}
if (appInfoError) { if (appInfoError) {
return ( return (
@ -118,7 +145,6 @@ const EmbeddedChatbotWrapper = () => {
appInfoError, appInfoError,
appInfoLoading, appInfoLoading,
appData, appData,
accessMode,
userCanAccess, userCanAccess,
appParams, appParams,
appMeta, appMeta,
@ -146,7 +172,6 @@ const EmbeddedChatbotWrapper = () => {
return <EmbeddedChatbotContext.Provider value={{ return <EmbeddedChatbotContext.Provider value={{
userCanAccess, userCanAccess,
accessMode,
appInfoError, appInfoError,
appInfoLoading, appInfoLoading,
appData, appData,

29
web/app/components/share/text-generation/index.tsx
View File

@ -10,12 +10,12 @@ import { XMarkIcon } from '@heroicons/react/24/outline'
import { usePathname, useRouter, useSearchParams } from 'next/navigation' import { usePathname, useRouter, useSearchParams } from 'next/navigation'
import TabHeader from '../../base/tab-header' import TabHeader from '../../base/tab-header'
import Button from '../../base/button' import Button from '../../base/button'
import { checkOrSetAccessToken } from '../utils'
import AppUnavailable from '../../base/app-unavailable' import AppUnavailable from '../../base/app-unavailable'
import { checkOrSetAccessToken, removeAccessToken } from '../utils'
import s from './style.module.css' import s from './style.module.css'
import MenuDropdown from './menu-dropdown'
import RunBatch from './run-batch' import RunBatch from './run-batch'
import ResDownload from './run-batch/res-download' import ResDownload from './run-batch/res-download'
import MenuDropdown from './menu-dropdown'
import cn from '@/utils/classnames' import cn from '@/utils/classnames'
import useBreakpoints, { MediaType } from '@/hooks/use-breakpoints' import useBreakpoints, { MediaType } from '@/hooks/use-breakpoints'
import RunOnce from '@/app/components/share/text-generation/run-once' import RunOnce from '@/app/components/share/text-generation/run-once'
@ -41,6 +41,7 @@ import { Resolution, TransferMethod } from '@/types/app'
import { useAppFavicon } from '@/hooks/use-app-favicon' import { useAppFavicon } from '@/hooks/use-app-favicon'
import { useGetAppAccessMode, useGetUserCanAccessApp } from '@/service/access-control' import { useGetAppAccessMode, useGetUserCanAccessApp } from '@/service/access-control'
import { AccessMode } from '@/models/access-control' import { AccessMode } from '@/models/access-control'
import { useGlobalPublicStore } from '@/context/global-public-context'
const GROUP_SIZE = 5 // to avoid RPM(Request per minute) limit. The group task finished then the next group. const GROUP_SIZE = 5 // to avoid RPM(Request per minute) limit. The group task finished then the next group.
enum TaskStatus { enum TaskStatus {
@ -113,6 +114,7 @@ const TextGeneration: FC<IMainProps> = ({
const { isPending: isGettingAccessMode, data: appAccessMode } = useGetAppAccessMode({ appId, isInstalledApp }) const { isPending: isGettingAccessMode, data: appAccessMode } = useGetAppAccessMode({ appId, isInstalledApp })
const { isPending: isCheckingPermission, data: userCanAccessResult } = useGetUserCanAccessApp({ appId, isInstalledApp }) const { isPending: isCheckingPermission, data: userCanAccessResult } = useGetUserCanAccessApp({ appId, isInstalledApp })
const systemFeatures = useGlobalPublicStore(s => s.systemFeatures)
// save message // save message
const [savedMessages, setSavedMessages] = useState<SavedMessage[]>([]) const [savedMessages, setSavedMessages] = useState<SavedMessage[]>([])
const fetchSavedMessage = async () => { const fetchSavedMessage = async () => {
@ -544,14 +546,31 @@ const TextGeneration: FC<IMainProps> = ({
</div> </div>
) )
if (!appId || !siteInfo || !promptConfig || isGettingAccessMode || isCheckingPermission) { const getSigninUrl = useCallback(() => {
const params = new URLSearchParams(searchParams)
params.delete('message')
params.set('redirect_url', pathname)
return `/webapp-signin?${params.toString()}`
}, [searchParams, pathname])
const backToHome = useCallback(() => {
removeAccessToken()
const url = getSigninUrl()
router.replace(url)
}, [getSigninUrl, router])
if (!appId || !siteInfo || !promptConfig || (systemFeatures.webapp_auth.enabled && (isGettingAccessMode || isCheckingPermission))) {
return ( return (
<div className='flex items-center h-screen'> <div className='flex items-center h-screen'>
<Loading type='app' /> <Loading type='app' />
</div>) </div>)
} }
if (!userCanAccessResult?.result) if (systemFeatures.webapp_auth.enabled && !userCanAccessResult?.result) {
return <AppUnavailable code={403} unknownReason='no permission.' /> return <div className='flex h-full flex-col items-center justify-center gap-y-2'>
<AppUnavailable className='h-auto w-auto' code={403} unknownReason='no permission.' />
{!isInstalledApp && <span className='system-sm-regular cursor-pointer text-text-tertiary' onClick={backToHome}>{t('common.userProfile.logout')}</span>}
</div>
}
return ( return (
<> <>

14
web/service/base.ts
View File

@ -122,12 +122,13 @@ function unicodeToChar(text: string) {
}) })
} }
function requiredWebSSOLogin(message?: string) { function requiredWebSSOLogin(message?: string, code?: number) {
removeAccessToken()
const params = new URLSearchParams() const params = new URLSearchParams()
params.append('redirect_url', globalThis.location.pathname) params.append('redirect_url', globalThis.location.pathname)
if (message) if (message)
params.append('message', message) params.append('message', message)
if (code)
params.append('code', String(code))
globalThis.location.href = `/webapp-signin?${params.toString()}` globalThis.location.href = `/webapp-signin?${params.toString()}`
} }
@ -518,10 +519,12 @@ export const ssePost = (
res.json().then((data: any) => { res.json().then((data: any) => {
if (isPublicAPI) { if (isPublicAPI) {
if (data.code === 'web_app_access_denied') if (data.code === 'web_app_access_denied')
requiredWebSSOLogin(data.message) requiredWebSSOLogin(data.message, 403)
if (data.code === 'web_sso_auth_required') if (data.code === 'web_sso_auth_required') {
removeAccessToken()
requiredWebSSOLogin() requiredWebSSOLogin()
}
if (data.code === 'unauthorized') { if (data.code === 'unauthorized') {
removeAccessToken() removeAccessToken()
@ -575,10 +578,11 @@ export const request = async<T>(url: string, options = {}, otherOptions?: IOther
const { code, message } = errRespData const { code, message } = errRespData
// webapp sso // webapp sso
if (code === 'web_app_access_denied') { if (code === 'web_app_access_denied') {
requiredWebSSOLogin(message) requiredWebSSOLogin(message, 403)
return Promise.reject(err) return Promise.reject(err)
} }
if (code === 'web_sso_auth_required') { if (code === 'web_sso_auth_required') {
removeAccessToken()
requiredWebSSOLogin() requiredWebSSOLogin()
return Promise.reject(err) return Promise.reject(err)
} }