openxiangda 1.0.84 → 1.0.85

package/packages/sdk/dist/runtime/react.cjs

@@ -20,18 +20,23 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // packages/sdk/src/runtime/react/openxiangdaProvider.tsx
 var openxiangdaProvider_exports = {};
 __export(openxiangdaProvider_exports, {
+  AuthClientError: () => AuthClientError,
+  LoginPage: () => LoginPage,
   OpenXiangdaProvider: () => OpenXiangdaProvider,
   PermissionBoundary: () => PermissionBoundary,
   RuntimeHttpError: () => RuntimeHttpError,
+  createAuthClient: () => createAuthClient,
   useAppMenus: () => useAppMenus,
+  useAuth: () => useAuth,
   useCanAccessRoute: () => useCanAccessRoute,
+  useLoginMethods: () => useLoginMethods,
   useOpenXiangda: () => useOpenXiangda,
   usePermission: () => usePermission,
   useRuntimeAuth: () => useRuntimeAuth,
   useRuntimeBootstrap: () => useRuntimeBootstrap
 });
 module.exports = __toCommonJS(openxiangdaProvider_exports);
-var import_react = require("react");
+var import_react2 = require("react");
 
 // packages/sdk/src/runtime/core/fetch.ts
 var createBoundFetch = (fetchImpl) => {
@@ -39,8 +44,610 @@ var createBoundFetch = (fetchImpl) => {
   return ((input, init) => baseFetch.call(globalThis, input, init));
 };
 
-// packages/sdk/src/runtime/react/openxiangdaProvider.tsx
+// packages/sdk/src/runtime/react/auth.tsx
+var import_react = require("react");
+var import_antd = require("antd");
+var import_icons = require("@ant-design/icons");
+
+// packages/sdk/src/runtime/core/auth.ts
+var AuthClientError = class extends Error {
+  constructor(message, options = {}) {
+    super(message);
+    this.name = "AuthClientError";
+    this.status = options.status;
+    this.code = options.code;
+    this.payload = options.payload;
+  }
+};
+var createAuthClient = ({
+  appType,
+  servicePrefix = "/service",
+  fetchImpl
+}) => {
+  const normalizedAppType = String(appType || "").trim();
+  if (!normalizedAppType) {
+    throw new Error("appType \u4E0D\u80FD\u4E3A\u7A7A");
+  }
+  const boundFetch = createBoundFetch(fetchImpl);
+  const request = async (path, options = {}) => {
+    const response = await boundFetch(buildServiceUrl(servicePrefix, path), {
+      credentials: "include",
+      ...options,
+      headers: {
+        accept: "application/json",
+        ...options.body ? { "content-type": "application/json" } : {},
+        ...options.headers || {}
+      }
+    });
+    const payload = await readPayload(response);
+    const code = getRecordValue(payload, "code");
+    if (!response.ok || typeof code === "number" && code >= 400) {
+      throw new AuthClientError(
+        String(getRecordValue(payload, "message") || `Auth request failed: ${response.status}`),
+        { status: response.status, code, payload }
+      );
+    }
+    return unwrapPayload(payload);
+  };
+  const appAuthPath = (suffix) => `/openxiangda-api/v1/apps/${encodeURIComponent(normalizedAppType)}/auth${suffix}`;
+  return {
+    appType: normalizedAppType,
+    servicePrefix,
+    getMethods: () => request(appAuthPath("/methods")),
+    passwordLogin: (input) => request(appAuthPath("/password/login"), postJson(input)),
+    dingtalkLogin: (input) => request(appAuthPath("/dingtalk/login"), postJson(input)),
+    guestLogin: (input) => request(appAuthPath("/guest/login"), postJson(input || {})),
+    sendPhoneCode: (input) => request(appAuthPath("/phone-code/send"), postJson(input)),
+    phoneCodeLogin: (input) => request(appAuthPath("/phone-code/login"), postJson(input)),
+    registerWithPhoneCode: (input) => request(appAuthPath("/phone-code/register"), postJson(input)),
+    getSsoLoginUrl: (input) => request(appAuthPath("/sso/login-url"), postJson(input || {})),
+    refresh: (input) => request(appAuthPath("/refresh"), postJson(input || {})),
+    logout: async () => {
+      await request(appAuthPath("/logout"), { method: "POST" });
+    },
+    resolveLoginUrl: (input) => resolveLoginUrl(normalizedAppType, input || {})
+  };
+};
+var postJson = (body) => ({
+  method: "POST",
+  body: JSON.stringify(body || {})
+});
+var buildServiceUrl = (servicePrefix, path) => {
+  const prefix = servicePrefix.endsWith("/") ? servicePrefix.slice(0, -1) : servicePrefix;
+  const suffix = path.startsWith("/") ? path : `/${path}`;
+  return `${prefix}${suffix}`;
+};
+var readPayload = async (response) => {
+  try {
+    return await response.json();
+  } catch {
+    return null;
+  }
+};
+var unwrapPayload = (payload) => {
+  if (!payload || typeof payload !== "object") return payload;
+  const record = payload;
+  if ("data" in record) return record.data;
+  return payload;
+};
+var getRecordValue = (value, key) => {
+  if (!value || typeof value !== "object") return void 0;
+  return value[key];
+};
+var resolveLoginUrl = (appType, {
+  callbackUrl = getCurrentHref(),
+  callbackParamName = "callback",
+  loginUrl
+}) => {
+  const target = loginUrl || `/view/${encodeURIComponent(appType)}/login`;
+  if (!callbackUrl) return target;
+  try {
+    const base = typeof window !== "undefined" ? window.location.origin : "http://localhost";
+    const url = new URL(target, base);
+    if (!url.searchParams.has(callbackParamName)) {
+      url.searchParams.set(callbackParamName, callbackUrl);
+    }
+    if (target.startsWith("http://") || target.startsWith("https://")) {
+      return url.toString();
+    }
+    return `${url.pathname}${url.search}${url.hash}`;
+  } catch {
+    const separator = target.includes("?") ? "&" : "?";
+    return `${target}${separator}${callbackParamName}=${encodeURIComponent(callbackUrl)}`;
+  }
+};
+var getCurrentHref = () => typeof window === "undefined" ? "" : window.location.href;
+
+// packages/sdk/src/runtime/react/auth.tsx
 var import_jsx_runtime = require("react/jsx-runtime");
+var useAuth = (options = {}) => {
+  const runtime = useOpenXiangda();
+  const client = (0, import_react.useMemo)(
+    () => createAuthClient({
+      appType: options.appType || runtime.appType,
+      servicePrefix: options.servicePrefix || runtime.servicePrefix,
+      fetchImpl: options.fetchImpl || runtime.fetchImpl
+    }),
+    [
+      options.appType,
+      options.fetchImpl,
+      options.servicePrefix,
+      runtime.appType,
+      runtime.fetchImpl,
+      runtime.servicePrefix
+    ]
+  );
+  return (0, import_react.useMemo)(
+    () => ({
+      client,
+      getMethods: client.getMethods,
+      passwordLogin: client.passwordLogin,
+      dingtalkLogin: client.dingtalkLogin,
+      guestLogin: client.guestLogin,
+      sendPhoneCode: client.sendPhoneCode,
+      phoneCodeLogin: client.phoneCodeLogin,
+      registerWithPhoneCode: client.registerWithPhoneCode,
+      getSsoLoginUrl: client.getSsoLoginUrl,
+      refresh: client.refresh,
+      logout: client.logout,
+      resolveLoginUrl: client.resolveLoginUrl
+    }),
+    [client]
+  );
+};
+var useLoginMethods = (options = {}) => {
+  const auth = useAuth(options);
+  const [state, setState] = (0, import_react.useState)({
+    data: null,
+    loading: true,
+    error: null
+  });
+  const reload = (0, import_react.useCallback)(async () => {
+    setState((prev) => ({ ...prev, loading: true, error: null }));
+    try {
+      const data = await auth.getMethods();
+      setState({ data, loading: false, error: null });
+    } catch (error) {
+      setState({
+        data: null,
+        loading: false,
+        error: normalizeError(error)
+      });
+    }
+  }, [auth]);
+  (0, import_react.useEffect)(() => {
+    let disposed = false;
+    const run = async () => {
+      setState((prev) => ({ ...prev, loading: true, error: null }));
+      try {
+        const data = await auth.getMethods();
+        if (!disposed) setState({ data, loading: false, error: null });
+      } catch (error) {
+        if (!disposed) {
+          setState({
+            data: null,
+            loading: false,
+            error: normalizeError(error)
+          });
+        }
+      }
+    };
+    void run();
+    return () => {
+      disposed = true;
+    };
+  }, [auth]);
+  return {
+    ...state,
+    methods: state.data?.methods || [],
+    reload
+  };
+};
+var LoginPage = ({
+  title,
+  subtitle,
+  className,
+  style,
+  defaultMethod,
+  redirectUrl,
+  redirectOnSuccess = true,
+  onSuccess,
+  ...authOptions
+}) => {
+  const runtime = useOpenXiangda();
+  const auth = useAuth(authOptions);
+  const methodsState = useLoginMethods(authOptions);
+  const [passwordForm] = import_antd.Form.useForm();
+  const [phoneForm] = import_antd.Form.useForm();
+  const [activeMethod, setActiveMethod] = (0, import_react.useState)(
+    defaultMethod || "password"
+  );
+  const [phonePurpose, setPhonePurpose] = (0, import_react.useState)(
+    "login"
+  );
+  const [phoneChallengeId, setPhoneChallengeId] = (0, import_react.useState)("");
+  const [submitting, setSubmitting] = (0, import_react.useState)(false);
+  const [sendingCode, setSendingCode] = (0, import_react.useState)(false);
+  const [error, setError] = (0, import_react.useState)(null);
+  const methods = methodsState.methods.filter((method) => method.enabled !== false);
+  const passwordMethod = findMethod(methods, "password");
+  const phoneMethod = findMethod(methods, "phone_code");
+  const dingtalkMethod = findMethod(methods, "dingtalk");
+  const ssoMethod = findMethod(methods, "sso");
+  const guestMethod = findMethod(methods, "guest");
+  const allowRegister = methodsState.data?.registration?.mode !== "reject";
+  const tabItems = (0, import_react.useMemo)(() => {
+    const items = [];
+    if (passwordMethod) {
+      items.push({
+        key: "password",
+        label: /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_antd.Space, { size: 6, children: [
+          /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_icons.UserOutlined, {}),
+          /* @__PURE__ */ (0, import_jsx_runtime.jsx)("span", { children: passwordMethod.label || "\u8D26\u53F7\u5BC6\u7801" })
+        ] }),
+        children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+          PasswordLoginForm,
+          {
+            form: passwordForm,
+            loading: submitting,
+            onFinish: async (values) => {
+              setSubmitting(true);
+              setError(null);
+              try {
+                await handleSuccess(
+                  await auth.passwordLogin({
+                    username: values.username,
+                    password: values.password
+                  })
+                );
+              } catch (loginError) {
+                setError(normalizeError(loginError).message);
+              } finally {
+                setSubmitting(false);
+              }
+            }
+          }
+        )
+      });
+    }
+    if (phoneMethod) {
+      items.push({
+        key: "phone_code",
+        label: /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_antd.Space, { size: 6, children: [
+          /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_icons.MobileOutlined, {}),
+          /* @__PURE__ */ (0, import_jsx_runtime.jsx)("span", { children: phoneMethod.label || "\u624B\u673A\u53F7" })
+        ] }),
+        children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+          PhoneCodeLoginForm,
+          {
+            allowRegister,
+            form: phoneForm,
+            loading: submitting,
+            phonePurpose,
+            sendingCode,
+            onPurposeChange: setPhonePurpose,
+            onSendCode: async () => {
+              const values = await phoneForm.validateFields(["phone"]);
+              setSendingCode(true);
+              setError(null);
+              try {
+                const result = await auth.sendPhoneCode({
+                  phone: values.phone,
+                  purpose: phonePurpose
+                });
+                setPhoneChallengeId(result.challengeId);
+              } catch (sendError) {
+                setError(normalizeError(sendError).message);
+              } finally {
+                setSendingCode(false);
+              }
+            },
+            onFinish: async (values) => {
+              setSubmitting(true);
+              setError(null);
+              try {
+                const data = phonePurpose === "register" ? await auth.registerWithPhoneCode({
+                  phone: values.phone,
+                  code: values.code,
+                  challengeId: phoneChallengeId
+                }) : await auth.phoneCodeLogin({
+                  phone: values.phone,
+                  code: values.code,
+                  challengeId: phoneChallengeId
+                });
+                await handleSuccess(data);
+              } catch (loginError) {
+                setError(normalizeError(loginError).message);
+              } finally {
+                setSubmitting(false);
+              }
+            }
+          }
+        )
+      });
+    }
+    return items;
+  }, [
+    allowRegister,
+    auth,
+    handleSuccess,
+    passwordForm,
+    passwordMethod,
+    phoneChallengeId,
+    phoneForm,
+    phoneMethod,
+    phonePurpose,
+    sendingCode,
+    submitting
+  ]);
+  (0, import_react.useEffect)(() => {
+    const firstKey = tabItems[0]?.key;
+    if (firstKey && !tabItems.some((item) => item.key === activeMethod)) {
+      setActiveMethod(firstKey);
+    }
+  }, [activeMethod, tabItems]);
+  const handleDingTalkLogin = async () => {
+    setSubmitting(true);
+    setError(null);
+    try {
+      const code = await requestDingTalkCode(dingtalkMethod);
+      await handleSuccess(
+        await auth.dingtalkLogin({
+          code,
+          corpId: getString(dingtalkMethod, "corpId")
+        })
+      );
+    } catch (loginError) {
+      setError(normalizeError(loginError).message);
+    } finally {
+      setSubmitting(false);
+    }
+  };
+  const handleSsoLogin = async () => {
+    setSubmitting(true);
+    setError(null);
+    try {
+      const redirectUri = getCurrentHref2();
+      const result = await auth.getSsoLoginUrl({
+        protocol: getString(ssoMethod, "protocol") || "cas",
+        redirectUri
+      });
+      window.location.assign(result.loginUrl);
+    } catch (loginError) {
+      setError(normalizeError(loginError).message);
+      setSubmitting(false);
+    }
+  };
+  const handleGuestLogin = async () => {
+    setSubmitting(true);
+    setError(null);
+    try {
+      await handleSuccess(
+        await auth.guestLogin({
+          guestIdentifier: getOrCreateGuestIdentifier(auth.client),
+          domain: getCurrentHostname()
+        })
+      );
+    } catch (loginError) {
+      setError(normalizeError(loginError).message);
+    } finally {
+      setSubmitting(false);
+    }
+  };
+  async function handleSuccess(data) {
+    await onSuccess?.(data);
+    await runtime.reload();
+    if (redirectOnSuccess && typeof window !== "undefined") {
+      window.location.replace(
+        redirectUrl || getCallbackUrl() || `/view/${auth.client.appType}`
+      );
+    }
+  }
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+    "div",
+    {
+      className,
+      style: {
+        minHeight: "100vh",
+        display: "grid",
+        placeItems: "center",
+        padding: 24,
+        background: "#f6f8fb",
+        ...style
+      },
+      children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+        import_antd.Card,
+        {
+          style: {
+            width: "min(100%, 420px)",
+            borderRadius: 8,
+            boxShadow: "0 16px 48px rgba(15, 23, 42, 0.10)"
+          },
+          styles: { body: { padding: 28 } },
+          children: /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_antd.Space, { direction: "vertical", size: 20, style: { width: "100%" }, children: [
+            /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { children: [
+              /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_antd.Typography.Title, { level: 3, style: { margin: 0 }, children: title || "\u5E94\u7528\u767B\u5F55" }),
+              subtitle ? /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_antd.Typography.Text, { type: "secondary", children: subtitle }) : null
+            ] }),
+            methodsState.error ? /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+              import_antd.Alert,
+              {
+                showIcon: true,
+                type: "error",
+                message: methodsState.error.message
+              }
+            ) : null,
+            error ? /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_antd.Alert, { showIcon: true, type: "error", message: error }) : null,
+            methodsState.loading ? /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_antd.Button, { block: true, loading: true, children: "\u52A0\u8F7D\u4E2D" }) : tabItems.length > 0 ? /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+              import_antd.Tabs,
+              {
+                activeKey: activeMethod,
+                items: tabItems,
+                onChange: setActiveMethod
+              }
+            ) : /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_antd.Empty, { description: "\u672A\u542F\u7528\u767B\u5F55\u65B9\u5F0F" }),
+            /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_antd.Space, { direction: "vertical", size: 10, style: { width: "100%" }, children: [
+              dingtalkMethod ? /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+                import_antd.Button,
+                {
+                  block: true,
+                  icon: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_icons.QrcodeOutlined, {}),
+                  loading: submitting,
+                  onClick: handleDingTalkLogin,
+                  children: dingtalkMethod.label || "\u9489\u9489\u514D\u767B"
+                }
+              ) : null,
+              ssoMethod ? /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+                import_antd.Button,
+                {
+                  block: true,
+                  icon: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_icons.SafetyCertificateOutlined, {}),
+                  loading: submitting,
+                  onClick: handleSsoLogin,
+                  children: ssoMethod.label || "SSO \u767B\u5F55"
+                }
+              ) : null,
+              guestMethod ? /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+                import_antd.Button,
+                {
+                  block: true,
+                  icon: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_icons.LoginOutlined, {}),
+                  loading: submitting,
+                  onClick: handleGuestLogin,
+                  children: guestMethod.label || "\u8BBF\u5BA2\u8BBF\u95EE"
+                }
+              ) : null
+            ] })
+          ] })
+        }
+      )
+    }
+  );
+};
+var PasswordLoginForm = ({ form, loading, onFinish }) => /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_antd.Form, { form, layout: "vertical", requiredMark: false, onFinish, children: [
+  /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+    import_antd.Form.Item,
+    {
+      label: "\u8D26\u53F7",
+      name: "username",
+      rules: [{ required: true, message: "\u8BF7\u8F93\u5165\u8D26\u53F7" }],
+      children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_antd.Input, { autoComplete: "username" })
+    }
+  ),
+  /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+    import_antd.Form.Item,
+    {
+      label: "\u5BC6\u7801",
+      name: "password",
+      rules: [{ required: true, message: "\u8BF7\u8F93\u5165\u5BC6\u7801" }],
+      children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_antd.Input.Password, { autoComplete: "current-password" })
+    }
+  ),
+  /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_antd.Button, { block: true, htmlType: "submit", icon: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_icons.LoginOutlined, {}), loading, type: "primary", children: "\u767B\u5F55" })
+] });
+var PhoneCodeLoginForm = ({
+  allowRegister,
+  form,
+  loading,
+  phonePurpose,
+  sendingCode,
+  onPurposeChange,
+  onSendCode,
+  onFinish
+}) => /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_antd.Form, { form, layout: "vertical", requiredMark: false, onFinish, children: [
+  allowRegister ? /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_antd.Form.Item, { style: { marginBottom: 12 }, children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+    import_antd.Tabs,
+    {
+      activeKey: phonePurpose,
+      items: [
+        { key: "login", label: "\u767B\u5F55" },
+        { key: "register", label: "\u6CE8\u518C" }
+      ],
+      onChange: (key) => onPurposeChange(key === "register" ? "register" : "login"),
+      size: "small"
+    }
+  ) }) : null,
+  /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+    import_antd.Form.Item,
+    {
+      label: "\u624B\u673A\u53F7",
+      name: "phone",
+      rules: [{ required: true, message: "\u8BF7\u8F93\u5165\u624B\u673A\u53F7" }],
+      children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_antd.Input, { autoComplete: "tel" })
+    }
+  ),
+  /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+    import_antd.Form.Item,
+    {
+      label: "\u9A8C\u8BC1\u7801",
+      name: "code",
+      rules: [{ required: true, message: "\u8BF7\u8F93\u5165\u9A8C\u8BC1\u7801" }],
+      children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+        import_antd.Input,
+        {
+          addonAfter: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+            import_antd.Button,
+            {
+              loading: sendingCode,
+              onClick: onSendCode,
+              size: "small",
+              type: "link",
+              children: "\u53D1\u9001"
+            }
+          ),
+          autoComplete: "one-time-code"
+        }
+      )
+    }
+  ),
+  /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_antd.Button, { block: true, htmlType: "submit", icon: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_icons.MobileOutlined, {}), loading, type: "primary", children: phonePurpose === "register" ? "\u6CE8\u518C" : "\u767B\u5F55" })
+] });
+var findMethod = (methods, type) => methods.find((method) => method.type === type);
+var normalizeError = (error) => error instanceof Error ? error : new Error(String(error || "\u8BF7\u6C42\u5931\u8D25"));
+var getString = (value, key) => {
+  if (!value || typeof value !== "object") return void 0;
+  const result = value[key];
+  return typeof result === "string" ? result : void 0;
+};
+var requestDingTalkCode = (method) => {
+  const dd = typeof window === "undefined" ? void 0 : window.dd;
+  const corpId = getString(method, "corpId");
+  return new Promise((resolve, reject) => {
+    const requestAuthCode = dd?.runtime?.permission?.requestAuthCode || dd?.requestAuthCode;
+    if (!requestAuthCode) {
+      reject(new Error("\u5F53\u524D\u73AF\u5883\u4E0D\u652F\u6301\u9489\u9489\u514D\u767B"));
+      return;
+    }
+    requestAuthCode({
+      corpId,
+      onSuccess: (result) => {
+        if (result?.code) resolve(result.code);
+        else reject(new Error("\u9489\u9489\u672A\u8FD4\u56DE\u514D\u767B\u7801"));
+      },
+      onFail: (error) => reject(normalizeError(error))
+    });
+  });
+};
+var getOrCreateGuestIdentifier = (client) => {
+  const key = `openxiangda:${client.appType}:guest_id`;
+  if (typeof window === "undefined") return createGuestIdentifier();
+  const current = window.localStorage.getItem(key);
+  if (current) return current;
+  const next = createGuestIdentifier();
+  window.localStorage.setItem(key, next);
+  return next;
+};
+var createGuestIdentifier = () => `guest_${Date.now()}_${Math.random().toString(36).slice(2, 10)}`;
+var getCurrentHref2 = () => typeof window === "undefined" ? "" : window.location.href;
+var getCurrentHostname = () => typeof window === "undefined" ? "" : window.location.hostname;
+var getCallbackUrl = () => {
+  if (typeof window === "undefined") return "";
+  const query = new URLSearchParams(window.location.search);
+  return query.get("callback") || query.get("redirectUri") || "";
+};
+
+// packages/sdk/src/runtime/react/openxiangdaProvider.tsx
+var import_jsx_runtime2 = require("react/jsx-runtime");
 var RuntimeHttpError = class extends Error {
   constructor(snapshot) {
     super(snapshot.message);
@@ -51,24 +658,24 @@ var RuntimeHttpError = class extends Error {
     this.payload = snapshot.payload;
   }
 };
-var OpenXiangdaRuntimeContext = (0, import_react.createContext)(null);
+var OpenXiangdaRuntimeContext = (0, import_react2.createContext)(null);
 var OpenXiangdaProvider = ({
   appType,
   servicePrefix = "/service",
   fetchImpl,
   children
 }) => {
-  const resolvedFetch = (0, import_react.useMemo)(() => createBoundFetch(fetchImpl), [fetchImpl]);
-  const resolvedAppType = (0, import_react.useMemo)(
+  const resolvedFetch = (0, import_react2.useMemo)(() => createBoundFetch(fetchImpl), [fetchImpl]);
+  const resolvedAppType = (0, import_react2.useMemo)(
     () => appType || resolveAppTypeFromLocation(),
     [appType]
   );
-  const [state, setState] = (0, import_react.useState)({
+  const [state, setState] = (0, import_react2.useState)({
     data: null,
     loading: true,
     error: null
   });
-  const reload = (0, import_react.useCallback)(async () => {
+  const reload = (0, import_react2.useCallback)(async () => {
     if (!resolvedAppType) {
       setState({
         data: null,
@@ -83,7 +690,7 @@ var OpenXiangdaProvider = ({
     setState((prev) => ({ ...prev, loading: true, error: null }));
     try {
       const response = await resolvedFetch(
-        buildServiceUrl(
+        buildServiceUrl2(
           servicePrefix,
           `/openxiangda-api/v1/apps/${encodeURIComponent(
             resolvedAppType
@@ -115,10 +722,10 @@ var OpenXiangdaProvider = ({
       });
     }
   }, [resolvedAppType, resolvedFetch, servicePrefix]);
-  (0, import_react.useEffect)(() => {
+  (0, import_react2.useEffect)(() => {
     void reload();
   }, [reload]);
-  const value = (0, import_react.useMemo)(
+  const value = (0, import_react2.useMemo)(
     () => ({
       ...state,
       appType: resolvedAppType,
@@ -128,10 +735,10 @@ var OpenXiangdaProvider = ({
     }),
     [reload, resolvedAppType, resolvedFetch, servicePrefix, state]
   );
-  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(OpenXiangdaRuntimeContext.Provider, { value, children });
+  return /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(OpenXiangdaRuntimeContext.Provider, { value, children });
 };
 var useOpenXiangda = () => {
-  const context = (0, import_react.useContext)(OpenXiangdaRuntimeContext);
+  const context = (0, import_react2.useContext)(OpenXiangdaRuntimeContext);
   if (!context) {
     throw new Error("useOpenXiangda must be used inside OpenXiangdaProvider");
   }
@@ -154,12 +761,12 @@ var usePermission = () => {
 };
 var useCanAccessRoute = (input) => {
   const runtime = useOpenXiangda();
-  const [state, setState] = (0, import_react.useState)({
+  const [state, setState] = (0, import_react2.useState)({
     data: null,
     loading: true,
     error: null
   });
-  (0, import_react.useEffect)(() => {
+  (0, import_react2.useEffect)(() => {
     let disposed = false;
     const check = async () => {
       const permissions = runtime.data?.permissions;
@@ -195,7 +802,7 @@ var useCanAccessRoute = (input) => {
       setState((prev) => ({ ...prev, loading: true, error: null }));
       try {
         const response = await runtime.fetchImpl(
-          buildServiceUrl(
+          buildServiceUrl2(
             runtime.servicePrefix,
             `/openxiangda-api/v1/apps/${encodeURIComponent(
               runtime.appType
@@ -281,23 +888,23 @@ var PermissionBoundary = ({
   const access = useCanAccessRoute({ routeCode, menuCode, path });
   const fallbackState = createPermissionFallbackState(access, runtime);
   if (access.loading) {
-    return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_jsx_runtime.Fragment, { children: renderBoundaryFallback(loadingFallback, fallbackState) });
+    return /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_jsx_runtime2.Fragment, { children: renderBoundaryFallback(loadingFallback, fallbackState) });
   }
   if (!access.canAccess) {
-    return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_jsx_runtime.Fragment, { children: renderBoundaryFallback(fallback, fallbackState) });
+    return /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_jsx_runtime2.Fragment, { children: renderBoundaryFallback(fallback, fallbackState) });
   }
-  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_jsx_runtime.Fragment, { children });
+  return /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_jsx_runtime2.Fragment, { children });
 };
 var useRuntimeAuth = () => {
   const runtime = useOpenXiangda();
-  const resolveLoginUrl = (0, import_react.useCallback)(
+  const resolveLoginUrl2 = (0, import_react2.useCallback)(
     async (options = {}) => {
-      const redirectUri = options.redirectUri || getCurrentHref();
-      const domain = options.domain || getCurrentHostname();
+      const redirectUri = options.redirectUri || getCurrentHref3();
+      const domain = options.domain || getCurrentHostname2();
       const appTenantId = getRecordString(runtime.data?.app, "tenantId");
       try {
         const statusUrl = withQuery(
-          buildServiceUrl(runtime.servicePrefix, "/api/sso/status"),
+          buildServiceUrl2(runtime.servicePrefix, "/api/sso/status"),
           { domain }
         );
         const statusResponse = await runtime.fetchImpl(statusUrl, {
@@ -312,7 +919,7 @@ var useRuntimeAuth = () => {
         );
         if (shouldUseSso) {
           const loginUrlResponse = await runtime.fetchImpl(
-            withQuery(buildServiceUrl(runtime.servicePrefix, "/api/sso/login-url"), {
+            withQuery(buildServiceUrl2(runtime.servicePrefix, "/api/sso/login-url"), {
               domain,
               redirectUri,
               ...sso.tenantId || appTenantId ? { tenantId: String(sso.tenantId || appTenantId) } : {},
@@ -337,9 +944,9 @@ var useRuntimeAuth = () => {
     },
     [runtime.data?.app, runtime.fetchImpl, runtime.servicePrefix]
   );
-  const redirectToLogin = (0, import_react.useCallback)(
+  const redirectToLogin = (0, import_react2.useCallback)(
     async (options = {}) => {
-      const loginUrl = await resolveLoginUrl(options);
+      const loginUrl = await resolveLoginUrl2(options);
       if (typeof window !== "undefined") {
         if (options.replace === false) {
           window.location.assign(loginUrl);
@@ -349,11 +956,11 @@ var useRuntimeAuth = () => {
       }
       return loginUrl;
     },
-    [resolveLoginUrl]
+    [resolveLoginUrl2]
   );
-  const logout = (0, import_react.useCallback)(async () => {
+  const logout = (0, import_react2.useCallback)(async () => {
     const response = await runtime.fetchImpl(
-      buildServiceUrl(runtime.servicePrefix, "/api/auth/logout"),
+      buildServiceUrl2(runtime.servicePrefix, "/api/auth/logout"),
       {
         method: "POST",
         credentials: "include",
@@ -370,7 +977,7 @@ var useRuntimeAuth = () => {
     }
     return payload;
   }, [runtime.fetchImpl, runtime.servicePrefix]);
-  const logoutAndRedirect = (0, import_react.useCallback)(
+  const logoutAndRedirect = (0, import_react2.useCallback)(
     async (options = {}) => {
       try {
         await logout();
@@ -385,10 +992,10 @@ var useRuntimeAuth = () => {
     logout,
     logoutAndRedirect,
     redirectToLogin,
-    resolveLoginUrl
+    resolveLoginUrl: resolveLoginUrl2
   };
 };
-var buildServiceUrl = (servicePrefix, path) => {
+var buildServiceUrl2 = (servicePrefix, path) => {
   const prefix = servicePrefix.endsWith("/") ? servicePrefix.slice(0, -1) : servicePrefix;
   const suffix = path.startsWith("/") ? path : `/${path}`;
   return `${prefix}${suffix}`;
@@ -403,11 +1010,11 @@ var readJsonPayload = async (response) => {
 var createRuntimeHttpError = (response, payload, fallbackMessage) => createRuntimeError({
   type: classifyRuntimeError(
     response.status,
-    getRecordValue(payload, "code")
+    getRecordValue2(payload, "code")
   ),
   status: response.status,
-  code: getRecordValue(payload, "code"),
-  message: getRecordValue(payload, "message") || fallbackMessage,
+  code: getRecordValue2(payload, "code"),
+  message: getRecordValue2(payload, "message") || fallbackMessage,
   payload
 });
 var createRuntimeError = (snapshot) => new RuntimeHttpError({
@@ -483,18 +1090,18 @@ var attachCallback = (loginUrl, callback) => {
     return `${loginUrl}${separator}callback=${encodeURIComponent(callback)}`;
   }
 };
-var getCurrentHref = () => typeof window === "undefined" ? "" : window.location.href;
-var getCurrentHostname = () => typeof window === "undefined" ? "" : window.location.hostname;
+var getCurrentHref3 = () => typeof window === "undefined" ? "" : window.location.href;
+var getCurrentHostname2 = () => typeof window === "undefined" ? "" : window.location.hostname;
 var getRuntimeEnv = (key) => {
   const env = typeof process !== "undefined" ? process.env : void 0;
   return env?.[key];
 };
-var getRecordValue = (value, key) => {
+var getRecordValue2 = (value, key) => {
   if (!value || typeof value !== "object") return void 0;
   return value[key];
 };
 var getRecordString = (value, key) => {
-  const result = getRecordValue(value, key);
+  const result = getRecordValue2(value, key);
   return typeof result === "string" ? result : void 0;
 };
 var resolveAppTypeFromLocation = () => {