feat: use session url

MoeexT · MoeexT · commit 8b210d926b4a · 2026-03-27T14:31:20.000+08:00
diff --git a/backend/api-gateway/pom.xml b/backend/api-gateway/pom.xml
@@ -109,6 +109,10 @@
             <artifactId>mockito-junit-jupiter</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-core</artifactId>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/backend/api-gateway/src/main/java/com/datamate/gateway/common/filter/AuthFilter.java b/backend/api-gateway/src/main/java/com/datamate/gateway/common/filter/AuthFilter.java
@@ -11,6 +11,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 import org.springframework.cloud.gateway.filter.GlobalFilter;
+import org.springframework.core.Ordered;
 import org.springframework.core.io.buffer.DataBuffer;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
@@ -29,7 +30,7 @@
 @Slf4j
 @Component
 @RequiredArgsConstructor
-public class AuthFilter implements GlobalFilter {
+public class AuthFilter implements GlobalFilter, Ordered {
     private static final String AUTH_HEADER = "Authorization";
 
     private static final String TOKEN_PREFIX = "Bearer ";
@@ -95,4 +96,14 @@ private Mono<Void> sendUnauthorizedResponse(ServerWebExchange exchange) {
         DataBuffer buffer = response.bufferFactory().wrap(bytes);
         return response.writeWith(Mono.just(buffer));
     }
+
+    /**
+     * JWT 认证优先级低于 SSO
+     *
+     * @return order value (2 = lower priority than SSO filter)
+     */
+    @Override
+    public int getOrder() {
+        return 2;
+    }
 }
diff --git a/backend/api-gateway/src/main/java/com/datamate/gateway/common/filter/OmsAuthFilter.java b/backend/api-gateway/src/main/java/com/datamate/gateway/common/filter/OmsAuthFilter.java
@@ -4,6 +4,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 import org.springframework.cloud.gateway.filter.GlobalFilter;
+import org.springframework.core.Ordered;
 import org.springframework.http.HttpCookie;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.server.reactive.ServerHttpRequest;
@@ -20,13 +21,13 @@
 
 /**
  * OmsAuthFilter is a global filter that authenticates requests to the OMS service.
- * 
+ *
  * @author songyongtan
  * @date 2026-03-16
  */
 @Slf4j
 @Component
-public class OmsAuthFilter implements GlobalFilter {
+public class OmsAuthFilter implements GlobalFilter, Ordered {
     private static final String USER_NAME_HEADER = "X-User-Name";
     private static final String USER_GROUP_ID_HEADER = "X-User-Group-Id";
     private static final String AUTH_TOKEN_KEY = "__Host-X-Auth-Token";
@@ -122,7 +123,7 @@ private String getRealIp(ServerHttpRequest request) {
 
     /**
      * getToken gets the token value from cookies.
-     * 
+     *
      * @param cookies  the cookies map
      * @param tokenKey the token key
      * @return the token value
@@ -133,4 +134,14 @@ private String getToken(MultiValueMap<String, HttpCookie> cookies, String tokenK
         }
         return "";
     }
+
+    /**
+     * SSO 认证优先级最高
+     *
+     * @return order value (1 = highest priority for auth filters)
+     */
+    @Override
+    public int getOrder() {
+        return 1;
+    }
 }
diff --git a/backend/api-gateway/src/main/java/com/datamate/gateway/interfaces/dto/UserResponse.java b/backend/api-gateway/src/main/java/com/datamate/gateway/interfaces/dto/UserResponse.java
@@ -0,0 +1,45 @@
+package com.datamate.gateway.interfaces.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * 用户信息响应
+ *
+ * 支持双认证模式：
+ * - SSO: 通过 OMS 单点登录
+ * - JWT: 通过本地 JWT Token 认证
+ * - NONE: 未登录
+ */
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class UserResponse {
+    /**
+     * 用户名
+     */
+    private String username;
+
+    /**
+     * 邮箱（JWT 模式可用）
+     */
+    private String email;
+
+    /**
+     * 用户组 ID（SSO 模式可用）
+     */
+    private String groupId;
+
+    /**
+     * 是否已认证
+     */
+    private Boolean authenticated;
+
+    /**
+     * 认证模式
+     */
+    private String authMode;  // "SSO" | "JWT" | "NONE"
+}
diff --git a/backend/api-gateway/src/main/java/com/datamate/gateway/interfaces/rest/UserController.java b/backend/api-gateway/src/main/java/com/datamate/gateway/interfaces/rest/UserController.java
@@ -4,15 +4,20 @@
 import com.datamate.common.infrastructure.common.Response;
 import com.datamate.common.infrastructure.exception.CommonErrorCode;
 import com.datamate.gateway.application.UserApplicationService;
+import com.datamate.gateway.domain.service.UserService;
 import com.datamate.gateway.interfaces.dto.LoginRequest;
 import com.datamate.gateway.interfaces.dto.LoginResponse;
 import com.datamate.gateway.interfaces.dto.RegisterRequest;
+import com.datamate.gateway.interfaces.dto.UserResponse;
+import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -30,6 +35,7 @@
 @RequiredArgsConstructor
 public class UserController {
     private final UserApplicationService userApplicationService;
+    private final UserService userService;
 
     @PostMapping("/login")
     @IgnoreResponseWrap
@@ -48,4 +54,54 @@ public ResponseEntity<Response<LoginResponse>> register(@Valid @RequestBody Regi
                 .orElseGet(() -> ResponseEntity.status(HttpStatus.BAD_REQUEST)
                         .body(Response.error(CommonErrorCode.SIGNUP_ERROR)));
     }
+
+    /**
+     * 获取当前登录用户信息（支持双模式）
+     * 优先级：
+     * 1. SSO 模式：检查 OMS 请求头 (X-User-Name, X-User-Group-Id)
+     * 2. JWT 模式：检查 Authorization Bearer Token
+     * 3. 未登录：返回 authenticated=false
+     *
+     * @param request HTTP 请求
+     * @return 用户信息（包含认证模式）
+     */
+    @GetMapping("/me")
+    public Response<UserResponse> getCurrentUser(HttpServletRequest request) {
+        // 优先检查 SSO 模式（OMS 请求头）
+        String ssoUsername = request.getHeader("X-User-Name");
+        String ssoGroupId = request.getHeader("X-User-Group-Id");
+
+        if (StringUtils.isNotBlank(ssoUsername)) {
+            log.info("SSO mode: user={}, groupId={}", ssoUsername, ssoGroupId);
+            return Response.ok(UserResponse.builder()
+                    .username(ssoUsername)
+                    .groupId(ssoGroupId)
+                    .authenticated(true)
+                    .authMode("SSO")
+                    .build());
+        }
+
+        // 检查独立登录模式（JWT Token）
+        String authHeader = request.getHeader("Authorization");
+        if (authHeader != null && authHeader.startsWith("Bearer ")) {
+            String token = authHeader.substring(7);
+            String username = userService.validateToken(token);
+
+            if (StringUtils.isNotBlank(username)) {
+                log.info("JWT mode: user={}", username);
+                return Response.ok(UserResponse.builder()
+                        .username(username)
+                        .authenticated(true)
+                        .authMode("JWT")
+                        .build());
+            }
+        }
+
+        // 未登录
+        log.debug("User not authenticated");
+        return Response.ok(UserResponse.builder()
+                .authenticated(false)
+                .authMode("NONE")
+                .build());
+    }
 }
diff --git a/frontend/src/i18n/locales/en/common.json b/frontend/src/i18n/locales/en/common.json
@@ -7,15 +7,22 @@
     "actions": {
       "login": "Login",
       "register": "Register",
-      "logout": "Logout"
+      "logout": "Logout",
+      "gotoLogin": "Go to Login"
     },
+    "authMode": {
+      "sso": "SSO Login",
+      "jwt": "JWT Login"
+    },
+    "group": "Group",
     "messages": {
       "loginSuccess": "Login successful",
       "loginFailed": "Login failed, please try again later",
       "signupSuccess": "Registration successful, auto-login",
       "signupFailed": "Registration failed, please try again later",
       "logoutSuccess": "Logged out successfully",
-      "passwordMismatch": "Passwords do not match"
+      "passwordMismatch": "Passwords do not match",
+      "useSSO": "Please use ModelEngine single sign-on to register"
     },
     "loginDialog": {
       "title": "Login",
diff --git a/frontend/src/i18n/locales/zh/common.json b/frontend/src/i18n/locales/zh/common.json
@@ -7,15 +7,22 @@
     "actions": {
       "login": "登录",
       "register": "注册",
-      "logout": "退出登录"
+      "logout": "退出登录",
+      "gotoLogin": "前往登录"
     },
+    "authMode": {
+      "sso": "单点登录",
+      "jwt": "令牌登录"
+    },
+    "group": "用户组",
     "messages": {
       "loginSuccess": "登录成功",
       "loginFailed": "登录失败，请稍后重试",
       "signupSuccess": "注册成功，已自动登录",
       "signupFailed": "注册失败，请稍后重试",
       "logoutSuccess": "已退出登录",
-      "passwordMismatch": "两次输入的密码不一致"
+      "passwordMismatch": "两次输入的密码不一致",
+      "useSSO": "请使用 ModelEngine 单点登录进行注册"
     },
     "loginDialog": {
       "title": "登录",
diff --git a/frontend/src/pages/Layout/Header.tsx b/frontend/src/pages/Layout/Header.tsx
