fix: avoid license required before login

ssongliu · ssongliu · commit bf0b86017877 · 2026-04-28T11:40:34.000+08:00
diff --git a/core/app/api/v2/auth.go b/core/app/api/v2/auth.go
@@ -461,6 +461,28 @@ func (b *BaseApi) UpdateCurrentUser(c *gin.Context) {
 	helper.Success(c)
 }
 
+// @Tags Auth
+// @Summary Reset system password expired
+// @Accept json
+// @Param request body dto.PasswordUpdate true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Security Timestamp
+// @Router /core/auth/expired/reset [post]
+// @x-panel-log {"bodyKeys":[],"paramKeys":[],"BeforeFunctions":[],"formatZH":"重置过期密码","formatEN":"reset an expired Password"}
+func (b *BaseApi) ResetPassword(c *gin.Context) {
+	var req dto.PasswordUpdate
+	if err := helper.CheckBindAndValidate(&req, c); err != nil {
+		return
+	}
+
+	if err := xpack.AuthProvider.HandlePasswordExpired(c, req.OldPassword, req.NewPassword); err != nil {
+		helper.InternalServer(c, err)
+		return
+	}
+	helper.Success(c)
+}
+
 func saveLoginLogs(c *gin.Context, err error) {
 	var logs model.LoginLog
 	if err != nil {
diff --git a/core/app/api/v2/setting.go b/core/app/api/v2/setting.go
@@ -17,7 +17,6 @@ import (
 	"github.com/1Panel-dev/1Panel/core/constant"
 	"github.com/1Panel-dev/1Panel/core/global"
 	"github.com/1Panel-dev/1Panel/core/utils/common"
-	"github.com/1Panel-dev/1Panel/core/utils/xpack"
 	"github.com/gin-gonic/gin"
 )
 
@@ -338,28 +337,6 @@ func (b *BaseApi) UpdatePort(c *gin.Context) {
 	helper.Success(c)
 }
 
-// @Tags System Setting
-// @Summary Reset system password expired
-// @Accept json
-// @Param request body dto.PasswordUpdate true "request"
-// @Success 200
-// @Security ApiKeyAuth
-// @Security Timestamp
-// @Router /core/settings/expired/handle [post]
-// @x-panel-log {"bodyKeys":[],"paramKeys":[],"BeforeFunctions":[],"formatZH":"重置过期密码","formatEN":"reset an expired Password"}
-func (b *BaseApi) HandlePasswordExpired(c *gin.Context) {
-	var req dto.PasswordUpdate
-	if err := helper.CheckBindAndValidate(&req, c); err != nil {
-		return
-	}
-
-	if err := xpack.AuthProvider.HandlePasswordExpired(c, req.OldPassword, req.NewPassword); err != nil {
-		helper.InternalServer(c, err)
-		return
-	}
-	helper.Success(c)
-}
-
 func (b *BaseApi) ReloadSSL(c *gin.Context) {
 	clientIP := c.ClientIP()
 	if clientIP != "127.0.0.1" {
diff --git a/core/app/service/logs.go b/core/app/service/logs.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"net/http"
+	"os"
 
 	"github.com/1Panel-dev/1Panel/core/buserr"
 	"github.com/1Panel-dev/1Panel/core/constant"
@@ -126,7 +127,7 @@ func runRemoteShellScript(url string, args ...string) error {
 	if statusCode < http.StatusOK || statusCode >= http.StatusMultipleChoices {
 		return fmt.Errorf("download script failed, status code: %d", statusCode)
 	}
-	_, err = cmd.NewCommandMgr().RunPipe(cmd.PipeCommand{
+	_, err = cmd.NewCommandMgr(cmd.WithOutputFile(os.DevNull)).RunPipe(cmd.PipeCommand{
 		Name:  "sh",
 		Args:  append([]string{"-s"}, args...),
 		Stdin: bytes.NewReader(script),
diff --git a/core/middleware/password_expired.go b/core/middleware/password_expired.go
@@ -16,9 +16,11 @@ import (
 func PasswordExpired() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		if strings.HasPrefix(c.Request.URL.Path, "/api/v2/core/auth") ||
-			c.Request.URL.Path == "/api/v2/core/settings/expired/handle" ||
 			c.Request.URL.Path == "/api/v2/core/settings/search" ||
-			c.Request.URL.Path == "/api/v2/core/settings/search/base" {
+			c.Request.URL.Path == "/api/v2/core/settings/search/base" ||
+			c.Request.URL.Path == "/api/v2/core/xpackee/licenses/info" ||
+			c.Request.URL.Path == "/api/v2/core/xpackee/licenses/status" ||
+			c.Request.URL.Path == "/api/v2/core/xpackee/licenses/upload" {
 			c.Next()
 			return
 		}
diff --git a/core/router/ro_base.go b/core/router/ro_base.go
@@ -26,14 +26,17 @@ func (s *BaseRouter) InitRouter(Router *gin.RouterGroup) {
 
 		authRouter.POST("/mfa", baseApi.LoadMFA)
 		authRouter.POST("/mfa/bind", baseApi.MFABind)
+
 		authRouter.POST("/passkey/register/begin", baseApi.PasskeyRegisterBegin)
 		authRouter.POST("/passkey/register/finish", baseApi.PasskeyRegisterFinish)
 		authRouter.GET("/passkey/list", baseApi.PasskeyList)
 		authRouter.POST("/passkey/del", baseApi.PasskeyDelete)
+
 		authRouter.POST("/api/generate", baseApi.GenerateApiKey)
 		authRouter.POST("/api/update", baseApi.UpdateApiConfig)
 
 		authRouter.GET("/current", baseApi.GetCurrentUser)
 		authRouter.POST("/current/update", baseApi.UpdateCurrentUser)
+		authRouter.POST("/expired/reset", baseApi.ResetPassword)
 	}
 }
diff --git a/core/router/ro_setting.go b/core/router/ro_setting.go
@@ -18,10 +18,10 @@ func (s *SettingRouter) InitRouter(Router *gin.RouterGroup) {
 	noAuthRouter := Router.Group("settings")
 	baseApi := v2.ApiGroupApp.BaseApi
 	{
-		router.POST("/search", baseApi.GetSettingInfo)
 		router.POST("/search/base", baseApi.GetSettingBaseInfo)
 
 		settingRouter.POST("/by", baseApi.GetSettingByKey)
+		settingRouter.POST("/search", baseApi.GetSettingInfo)
 		settingRouter.POST("/terminal/search", baseApi.GetTerminalSettingInfo)
 		settingRouter.GET("/search/available", baseApi.GetSystemAvailable)
 		settingRouter.POST("/update", baseApi.UpdateSetting)
diff --git a/frontend/src/api/index.ts b/frontend/src/api/index.ts
@@ -94,7 +94,10 @@ class RequestHttp {
                 }
                 if (data.code == ResultEnum.ERRXPACKEE) {
                     globalStore.isXpackEELicensed = false;
-                    router.push({ name: 'XpackEELicenseRequired' });
+                    const routeName = router.currentRoute.value.name;
+                    if (globalStore.isLogin && routeName !== 'entrance' && routeName !== 'login') {
+                        router.push({ name: 'XpackEELicenseRequired' });
+                    }
                     return Promise.reject(data);
                 }
                 if (data.code == ResultEnum.NodeUnBind) {
diff --git a/frontend/src/api/interface/auth.ts b/frontend/src/api/interface/auth.ts
@@ -90,4 +90,8 @@ export namespace Login {
         ipWhiteList: string;
         apiKeyValidityTime: string;
     }
+    export interface PasswordUpdate {
+        oldPassword: string;
+        newPassword: string;
+    }
 }
diff --git a/frontend/src/api/interface/setting.ts b/frontend/src/api/interface/setting.ts
@@ -152,10 +152,6 @@ export namespace Setting {
         key: string;
         sslID: number;
     }
-    export interface PasswordUpdate {
-        oldPassword: string;
-        newPassword: string;
-    }
     export interface PortUpdate {
         serverPort: number;
     }
diff --git a/frontend/src/api/modules/auth.ts b/frontend/src/api/modules/auth.ts
@@ -38,6 +38,17 @@ export const getWelcomePage = () => {
 export const getUserInfo = () => {
     return http.get<Login.AuthInfo>('/core/auth/current');
 };
+export const updateUserInfo = (params: Login.AuthInfoUpdate) => {
+    let request = deepCopy(params) as Login.AuthInfoUpdate;
+    if (request.oldPassword) {
+        request.oldPassword = Base64.encode(request.oldPassword);
+    }
+    if (request.password) {
+        request.password = Base64.encode(request.password);
+    }
+    return http.post<any>('/core/auth/current/update', request);
+};
+
 export const loadMFA = (params: Login.MFARequest) => {
     return http.post<Login.MFAInfo>(`/core/auth/mfa`, params);
 };
@@ -66,13 +77,6 @@ export const passkeyDelete = (id: string) => {
     return http.post(`/core/auth/passkey/del`, { id });
 };
 
-export const updateUserInfo = (params: Login.AuthInfoUpdate) => {
-    let request = deepCopy(params) as Login.AuthInfoUpdate;
-    if (request.oldPassword) {
-        request.oldPassword = Base64.encode(request.oldPassword);
-    }
-    if (request.password) {
-        request.password = Base64.encode(request.password);
-    }
-    return http.post<any>('/core/auth/current/update', request);
+export const handleExpired = (param: Login.PasswordUpdate) => {
+    return http.post(`/core/auth/expired/reset`, param);
 };
diff --git a/frontend/src/api/modules/setting.ts b/frontend/src/api/modules/setting.ts
@@ -148,9 +148,6 @@ export const updateProxy = (params: Setting.ProxyUpdate) => {
     request.proxyType = request.proxyType === 'close' ? '' : request.proxyType;
     return http.post(`/core/settings/proxy/update`, request);
 };
-export const updatePassword = (param: Setting.PasswordUpdate) => {
-    return http.post(`/core/settings/password/update`, param);
-};
 export const loadInterfaceAddr = () => {
     return http.get(`/core/settings/interface`);
 };
@@ -169,9 +166,6 @@ export const loadSSLInfo = () => {
 export const downloadSSL = () => {
     return http.download<any>(`/core/settings/ssl/download`);
 };
-export const handleExpired = (param: Setting.PasswordUpdate) => {
-    return http.post(`/core/settings/expired/handle`, param);
-};
 export const getAppStoreConfig = (node?: string) => {
     const params = node ? `?operateNode=${node}` : '';
     return http.get<App.AppStoreConfig>(`/core/settings/apps/store/config${params}`);
diff --git a/frontend/src/layout/components/Sidebar/components/Collapse.vue b/frontend/src/layout/components/Sidebar/components/Collapse.vue
@@ -271,9 +271,9 @@ const logout = () => {
     })
         .then(async () => {
             await logOutApi();
-            router.push({ name: 'entrance', params: { code: globalStore.entrance } });
             globalStore.setLogStatus(false);
             globalStore.clearAuthInfo();
+            router.push({ name: 'entrance', params: { code: globalStore.entrance } });
             MsgSuccess(i18n.global.t('commons.msg.operationSuccess'));
         })
         .catch(() => {});
diff --git a/frontend/src/layout/components/Sidebar/components/user-info/index.vue b/frontend/src/layout/components/Sidebar/components/user-info/index.vue
@@ -855,9 +855,9 @@ const onSubmit = async (formEl: FormInstance | undefined) => {
             loading.value = false;
             open.value = false;
             MsgSuccess(i18n.global.t('commons.msg.operationSuccess'));
-            router.push({ name: 'entrance', params: { code: globalStore.entrance } });
             globalStore.setLogStatus(false);
             globalStore.clearAuthInfo();
+            router.push({ name: 'entrance', params: { code: globalStore.entrance } });
         })
         .catch(() => {
             loading.value = false;
diff --git a/frontend/src/routers/index.ts b/frontend/src/routers/index.ts
@@ -9,10 +9,63 @@ import { MsgError } from '@/utils/message';
 const axiosCanceler = new AxiosCanceler();
 
 let isRedirecting = false;
+let loginStatusLoading: Promise<boolean> | null = null;
 let xpackEELoading: Promise<boolean> | null = null;
 let licenseStatusLoading: Promise<boolean> | null = null;
+let loginStatusLoaded = false;
+let xpackEEStatusLoaded = false;
+let licenseStatusLoaded = false;
+const xpackEELicenseCheckWhiteList = ['XpackEELicenseRequired', 'entrance', 'login', 'Expired'];
+
+const clearLoginStatus = () => {
+    const globalStore = GlobalStore();
+    globalStore.setLogStatus(false);
+    globalStore.clearAuthInfo();
+    globalStore.isXpackEELicensed = false;
+    loginStatusLoaded = false;
+    licenseStatusLoaded = false;
+};
+
+const loadLoginStatus = async () => {
+    const globalStore = GlobalStore();
+    if (!globalStore.isLogin) {
+        return false;
+    }
+    if (loginStatusLoaded) {
+        return true;
+    }
+    if (!loginStatusLoading) {
+        loginStatusLoading = fetch('/api/v2/core/auth/current', {
+            credentials: 'include',
+            headers: {
+                CurrentNode: encodeURIComponent(globalStore.currentNode),
+            },
+        })
+            .then((res) => res.json())
+            .then((res) => {
+                const loggedIn = res?.code === 200;
+                if (!loggedIn) {
+                    clearLoginStatus();
+                    return false;
+                }
+                loginStatusLoaded = true;
+                return true;
+            })
+            .catch(() => {
+                clearLoginStatus();
+                return false;
+            })
+            .finally(() => {
+                loginStatusLoading = null;
+            });
+    }
+    return loginStatusLoading;
+};
 
 const loadXpackEEStatus = async () => {
+    if (xpackEEStatusLoaded) {
+        return GlobalStore().isXpackEE;
+    }
     if (!xpackEELoading) {
         xpackEELoading = fetch('/api/v2/core/auth/setting', {
             credentials: 'include',
@@ -21,6 +74,7 @@ const loadXpackEEStatus = async () => {
             .then((res) => {
                 const globalStore = GlobalStore();
                 globalStore.isXpackEE = !!res?.data?.isXpackEE;
+                xpackEEStatusLoaded = true;
                 return globalStore.isXpackEE;
             })
             .catch(() => GlobalStore().isXpackEE)
@@ -32,6 +86,9 @@ const loadXpackEEStatus = async () => {
 };
 
 const loadXpackEELicenseStatus = async () => {
+    if (licenseStatusLoaded) {
+        return GlobalStore().isXpackEELicensed;
+    }
     if (!licenseStatusLoading) {
         licenseStatusLoading = fetch('/api/v2/core/xpackee/licenses/status', {
             credentials: 'include',
@@ -40,7 +97,13 @@ const loadXpackEELicenseStatus = async () => {
             },
         })
             .then((res) => res.json())
-            .then((res) => res?.data?.status === 'Bound')
+            .then((res) => {
+                const globalStore = GlobalStore();
+                const licensed = res?.data?.status === 'Bound';
+                globalStore.isXpackEELicensed = licensed;
+                licenseStatusLoaded = true;
+                return licensed;
+            })
             .catch(() => false)
             .finally(() => {
                 licenseStatusLoading = null;
@@ -53,7 +116,21 @@ router.beforeEach(async (to, from, next) => {
     NProgress.start();
     axiosCanceler.removeAllPending();
     const globalStore = GlobalStore();
-    if (to.name !== 'entrance' && to.name !== 'XpackEELicenseRequired' && !globalStore.isLogin) {
+    if (globalStore.isLogin) {
+        const loggedIn = await loadLoginStatus();
+        if (!loggedIn) {
+            if (to.name !== 'entrance') {
+                next({
+                    name: 'entrance',
+                    params: to.params,
+                });
+                NProgress.done();
+                return;
+            }
+            return next();
+        }
+    }
+    if (to.name !== 'entrance' && !globalStore.isLogin) {
         next({
             name: 'entrance',
             params: to.params,
@@ -76,15 +153,8 @@ router.beforeEach(async (to, from, next) => {
     if (globalStore.isLogin && to.name !== 'login') {
         await loadXpackEEStatus();
     }
-    if (
-        globalStore.isLogin &&
-        globalStore.isXpackEE &&
-        to.name !== 'XpackEELicenseRequired' &&
-        to.name !== 'entrance' &&
-        to.name !== 'login'
-    ) {
-        const licensed = globalStore.isXpackEELicensed || (await loadXpackEELicenseStatus());
-        globalStore.isXpackEELicensed = licensed;
+    if (globalStore.isLogin && globalStore.isXpackEE && !xpackEELicenseCheckWhiteList.includes(String(to.name))) {
+        const licensed = await loadXpackEELicenseStatus();
         if (!licensed) {
             next({ name: 'XpackEELicenseRequired', query: { code: String(to.params.code || '') } });
             NProgress.done();
@@ -100,7 +170,8 @@ router.beforeEach(async (to, from, next) => {
             NProgress.done();
             return;
         }
-        if (globalStore.isXpackEELicensed) {
+        const licensed = await loadXpackEELicenseStatus();
+        if (licensed) {
             next({ name: 'home' });
             NProgress.done();
             return;
diff --git a/frontend/src/views/setting/expired.vue b/frontend/src/views/setting/expired.vue
@@ -47,7 +47,8 @@
 
 <script setup lang="ts">
 import { ref, onMounted, reactive } from 'vue';
-import { getSettingBaseInfo, handleExpired } from '@/api/modules/setting';
+import { getSettingBaseInfo } from '@/api/modules/setting';
+import { handleExpired } from '@/api/modules/auth';
 import { ElForm } from 'element-plus';
 import i18n from '@/lang';
 import { Rules } from '@/global/form-rules';

Original file line number	Diff line number	Diff line change
`@@ -94,7 +94,10 @@ class RequestHttp {`
`94`	`94`	`}`
`95`	`95`	`if (data.code == ResultEnum.ERRXPACKEE) {`
`96`	`96`	`globalStore.isXpackEELicensed = false;`
`97`		`- router.push({ name: 'XpackEELicenseRequired' });`
	`97`	`+ const routeName = router.currentRoute.value.name;`
	`98`	`+ if (globalStore.isLogin && routeName !== 'entrance' && routeName !== 'login') {`
	`99`	`+ router.push({ name: 'XpackEELicenseRequired' });`
	`100`	`+ }`
`98`	`101`	`return Promise.reject(data);`
`99`	`102`	`}`
`100`	`103`	`if (data.code == ResultEnum.NodeUnBind) {`
Original file line number	Diff line number	Diff line change
`@@ -90,4 +90,8 @@ export namespace Login {`
`90`	`90`	`ipWhiteList: string;`
`91`	`91`	`apiKeyValidityTime: string;`
`92`	`92`	`}`
	`93`	`+ export interface PasswordUpdate {`
	`94`	`+ oldPassword: string;`
	`95`	`+ newPassword: string;`
	`96`	`+ }`
`93`	`97`	`}`
Original file line number	Diff line number	Diff line change
`@@ -152,10 +152,6 @@ export namespace Setting {`
`152`	`152`	`key: string;`
`153`	`153`	`sslID: number;`
`154`	`154`	`}`
`155`		`- export interface PasswordUpdate {`
`156`		`- oldPassword: string;`
`157`		`- newPassword: string;`
`158`		`- }`
`159`	`155`	`export interface PortUpdate {`
`160`	`156`	`serverPort: number;`
`161`	`157`	`}`