From 425f8710c47a51df9ef473265bd42a75df3bfef1 Mon Sep 17 00:00:00 2001
From: Joe <1264204425@qq.com>
Date: Mon, 5 Aug 2024 14:04:16 +0800
Subject: [PATCH] feat: web sso app

---
 api/controllers/console/app/app.py            | 28 +++++++++++++++++++
 api/controllers/web/passport.py               |  6 ++--
 api/services/enterprise/enterprise_service.py |  8 +++++-
 api/services/feature_service.py               |  7 +++++
 4 files changed, 46 insertions(+), 3 deletions(-)

diff --git a/api/controllers/console/app/app.py b/api/controllers/console/app/app.py
index 2f304b970c..7763da4c66 100644
--- a/api/controllers/console/app/app.py
+++ b/api/controllers/console/app/app.py
@@ -17,6 +17,7 @@ from fields.app_fields import (
 from libs.login import login_required
 from services.app_dsl_service import AppDslService
 from services.app_service import AppService
+from services.feature_service import FeatureService
 
 ALLOW_CREATE_APP_MODES = ['chat', 'agent-chat', 'advanced-chat', 'workflow', 'completion']
 
@@ -362,6 +363,32 @@ class AppTraceApi(Resource):
         return {"result": "success"}
 
 
+class AppSSOApi(Resource):
+
+    @setup_required
+    @login_required
+    @account_initialization_required
+    def get(self):
+        return FeatureService.get_system_features().model_dump()
+
+    @setup_required
+    @login_required
+    @account_initialization_required
+    def patch(self):
+        parser = reqparse.RequestParser()
+        parser.add_argument('exclude_app_id_list', type=list, location='json')
+
+        if not current_user.is_editor:
+            raise Forbidden()
+
+        args = parser.parse_args()
+
+        current_user_id = current_user.id
+        FeatureService.update_web_sso_exclude_apps(args['exclude_app_id_list'], current_user_id)
+
+        return {"result": "success"}
+
+
 api.add_resource(AppListApi, '/apps')
 api.add_resource(AppImportApi, '/apps/import')
 api.add_resource(AppImportFromUrlApi, '/apps/import/url')
@@ -373,3 +400,4 @@ api.add_resource(AppIconApi, '/apps/<uuid:app_id>/icon')
 api.add_resource(AppSiteStatus, '/apps/<uuid:app_id>/site-enable')
 api.add_resource(AppApiStatus, '/apps/<uuid:app_id>/api-enable')
 api.add_resource(AppTraceApi, '/apps/<uuid:app_id>/trace')
+api.add_resource(AppSSOApi, '/apps/web-sso')
diff --git a/api/controllers/web/passport.py b/api/controllers/web/passport.py
index ccc8683a79..8a067ea8de 100644
--- a/api/controllers/web/passport.py
+++ b/api/controllers/web/passport.py
@@ -14,10 +14,12 @@ from services.feature_service import FeatureService
 
 class PassportResource(Resource):
     """Base resource for passport."""
-    def get(self):
 
+    def get(self, app_id):
         system_features = FeatureService.get_system_features()
-        if system_features.sso_enforced_for_web:
+        web_sso_exclude_apps = system_features.sso_exclude_apps
+
+        if system_features.sso_enforced_for_web and app_id not in web_sso_exclude_apps:
             raise WebSSOAuthRequiredError()
 
         app_code = request.headers.get('X-App-Code')
diff --git a/api/services/enterprise/enterprise_service.py b/api/services/enterprise/enterprise_service.py
index 115d0d5523..cf54ee0663 100644
--- a/api/services/enterprise/enterprise_service.py
+++ b/api/services/enterprise/enterprise_service.py
@@ -5,4 +5,10 @@ class EnterpriseService:
 
     @classmethod
     def get_info(cls):
-        return EnterpriseRequest.send_request('GET', '/info')
+        return EnterpriseRequest.send_request("GET", "/inner/api/info")
+
+    @classmethod
+    def update_web_sso_exclude_apps(cls, app_id_list, user_id):
+        return EnterpriseRequest.send_request(
+            "PATCH", "/inner/api/web-sso-exclude-apps", json={"app_id_list": app_id_list, "user_id": user_id}
+        )
diff --git a/api/services/feature_service.py b/api/services/feature_service.py
index 83e675a9d2..d2d11a1798 100644
--- a/api/services/feature_service.py
+++ b/api/services/feature_service.py
@@ -41,6 +41,7 @@ class SystemFeatureModel(BaseModel):
     sso_enforced_for_signin_protocol: str = ''
     sso_enforced_for_web: bool = False
     sso_enforced_for_web_protocol: str = ''
+    sso_exclude_apps: list = []
 
 
 class FeatureService:
@@ -116,3 +117,9 @@ class FeatureService:
         features.sso_enforced_for_signin_protocol = enterprise_info['sso_enforced_for_signin_protocol']
         features.sso_enforced_for_web = enterprise_info['sso_enforced_for_web']
         features.sso_enforced_for_web_protocol = enterprise_info['sso_enforced_for_web_protocol']
+        features.sso_exclude_apps = enterprise_info['sso_exclude_apps']
+
+    @classmethod
+    def update_web_sso_exclude_apps(cls, app_id_list, user_id):
+        EnterpriseService.update_web_sso_exclude_apps(app_id_list, user_id)
+        return True