openxiangda 1.0.85 → 1.0.87

package/templates/openxiangda-react-spa/AGENTS.md

@@ -11,6 +11,7 @@
 - 菜单和首页文案优先改 `src/app/navigation.ts`、`src/app/starter-content.ts` 与 `src/pages/admin/AdminDashboardPage.tsx`。
 - 页面、表单、字段、数据范围、流程动作、文件、连接器权限以后端接口为准；前端只做展示保护和清晰状态页。
 - 本地开发通过 Vite `/service` 代理远端平台，保持 HttpOnly Cookie 同域访问。
+- 新公开访问页使用 `/view/:appType/public/*`、`src/resources/routes/`、`src/resources/public-access/` 和 `PublicAccessGate`。不要使用旧 `?publicAccess=guest`。
 
 ## 常用命令
 
@@ -69,6 +70,34 @@ import { PermissionBoundary, useAppMenus, useRuntimeBootstrap } from "openxiangd
 
 `PermissionBoundary` 只能做展示保护，不能替代后端权限。后端返回 401 时跳登录，403 时展示无权限状态。
 
+公开页面需要同时声明 route 和 public access policy：
+
+```json
+{
+  "code": "public.register",
+  "pathPattern": "/view/:appType/public/register",
+  "publicAccess": "guest",
+  "publicPolicyCode": "public_register"
+}
+```
+
+```json
+{
+  "code": "public_register",
+  "mode": "guest",
+  "routeCode": "public.register",
+  "externalRoleCodes": ["external_visitor"],
+  "grants": {
+    "forms": [],
+    "dataViews": [],
+    "functions": [],
+    "connectors": []
+  }
+}
+```
+
+表单、dataView、function、connector 没有被 policy `grants` 显式列出时，公开 guest 默认无权访问。需要数据访问时，把同一个外部角色码加入对应后端权限组。
+
 ## 默认页与覆盖
 
 - 表单提交：`/view/:appType/admin/forms/:formUuid/new`

package/templates/openxiangda-react-spa/src/app/router.tsx

@@ -6,7 +6,11 @@ import {
 } from "react-router-dom";
 import { lazy, Suspense, type ReactNode } from "react";
 import { Sparkles } from "lucide-react";
-import { LoginPage, OpenXiangdaProvider } from "openxiangda/runtime/react";
+import {
+  LoginPage,
+  OpenXiangdaProvider,
+  PublicAccessGate,
+} from "openxiangda/runtime/react";
 
 import { AdminShell } from "@/layouts/AdminShell";
 import { AdminDashboardPage } from "@/pages/admin/AdminDashboardPage";
@@ -29,6 +33,11 @@ const FormRoutePage = lazy(() =>
     default: module.FormRoutePage,
   })),
 );
+const PublicRegisterPage = lazy(() =>
+  import("@/pages/public/PublicRegisterPage").then(module => ({
+    default: module.PublicRegisterPage,
+  })),
+);
 
 const routeElement = (element: ReactNode) => (
   <Suspense
@@ -70,6 +79,17 @@ export const router = createBrowserRouter([
     children: [
       { index: true, element: <Navigate to="admin" replace /> },
       { path: "login", element: <LoginPage /> },
+      {
+        path: "public/register",
+        element: routeElement(
+          <PublicAccessGate
+            policyCode="public_register"
+            routeCode="public.register"
+          >
+            <PublicRegisterPage />
+          </PublicAccessGate>,
+        ),
+      },
       {
         path: "admin",
         element: <AdminShell />,

package/templates/openxiangda-react-spa/src/pages/public/PublicRegisterPage.tsx

@@ -0,0 +1,15 @@
+import { ClipboardList } from "lucide-react";
+
+import { StatePage } from "@/shared/ui";
+
+export function PublicRegisterPage() {
+  return (
+    <StatePage
+      description="请填写报名信息并关注后续通知。"
+      fullScreen
+      icon={<ClipboardList size={24} />}
+      status="PUBLIC"
+      title="公开报名"
+    />
+  );
+}

package/templates/openxiangda-react-spa/src/resources/permissions/page-groups/public-visitor.json

@@ -0,0 +1,8 @@
+{
+  "code": "public_visitor_pages",
+  "name": "外部访问页面权限",
+  "roles": ["external_visitor"],
+  "menuCodes": [],
+  "routeCodes": ["public.register"],
+  "pathPatterns": ["/view/:appType/public/register"]
+}

package/templates/openxiangda-react-spa/src/resources/public-access/public-register.json

@@ -0,0 +1,14 @@
+{
+  "code": "public_register",
+  "name": "公开报名入口",
+  "mode": "guest",
+  "routeCode": "public.register",
+  "pathPattern": "/view/:appType/public/register",
+  "externalRoleCodes": ["external_visitor"],
+  "grants": {
+    "forms": [],
+    "dataViews": [],
+    "functions": [],
+    "connectors": []
+  }
+}

package/templates/openxiangda-react-spa/src/resources/routes/public-register.json

@@ -0,0 +1,8 @@
+{
+  "code": "public.register",
+  "title": "公开报名",
+  "kind": "page",
+  "pathPattern": "/view/:appType/public/register",
+  "publicAccess": "guest",
+  "publicPolicyCode": "public_register"
+}

package/templates/openxiangda-react-spa/tsconfig.app.json

@@ -27,7 +27,7 @@
         "node_modules/openxiangda/runtime"
       ],
       "openxiangda/runtime/react": [
-        "../../packages/sdk/src/runtime/react/openxiangdaProvider.tsx",
+        "../../packages/sdk/src/runtime/react/index.ts",
         "node_modules/openxiangda/runtime/react"
       ]
     }

package/templates/openxiangda-react-spa/vite.config.ts

@@ -27,7 +27,7 @@ const localSdkAliases = existsSync(localSdkRoot)
         find: "openxiangda/runtime/react",
         replacement: fileURLToPath(
           new URL(
-            "../../packages/sdk/src/runtime/react/openxiangdaProvider.tsx",
+            "../../packages/sdk/src/runtime/react/index.ts",
             import.meta.url,
           ),
         ),

package/packages/sdk/dist/openxiangdaProvider-CaXMpsnK.d.mts

@@ -1,328 +0,0 @@
-import React__default, { CSSProperties } from 'react';
-
-type AuthMethodType = "password" | "dingtalk" | "sso" | "guest" | "phone_code" | string;
-interface AuthMethod {
-    type: AuthMethodType;
-    enabled?: boolean;
-    label?: string;
-    protocol?: string;
-    [key: string]: unknown;
-}
-interface LoginMethodsResult {
-    appType: string;
-    configCode?: string;
-    methods: AuthMethod[];
-    registration?: {
-        mode?: string;
-        [key: string]: unknown;
-    };
-    security?: {
-        hideFailureReason?: boolean;
-        [key: string]: unknown;
-    };
-    defaultRedirectUrl?: string;
-}
-interface AuthUser {
-    id: string;
-    username?: string;
-    name?: string;
-    phone?: string | null;
-    email?: string | null;
-    avatar?: string | null;
-    jobNumber?: string | null;
-    departments?: Array<Record<string, unknown>>;
-    affiliatedDepartmentId?: string | null;
-    affiliatedDepartment?: Record<string, unknown> | null;
-    [key: string]: unknown;
-}
-interface AuthTokenData {
-    accessToken: string;
-    refreshToken: string;
-    token?: string;
-    accessTokenExpiresAt?: number;
-    refreshTokenExpiresAt?: number;
-    user?: AuthUser;
-    guestUser?: AuthUser;
-    [key: string]: unknown;
-}
-interface PhoneCodeSendResult {
-    challengeId: string;
-    expiresAt?: string | Date;
-    ttlSeconds?: number;
-    message?: string;
-}
-interface SsoLoginUrlResult {
-    loginUrl: string;
-    protocol?: string;
-}
-interface AuthClientOptions {
-    appType: string;
-    servicePrefix?: string;
-    fetchImpl?: typeof fetch;
-}
-interface PasswordLoginInput {
-    username: string;
-    password: string;
-    clientFingerprint?: string;
-    challengeId?: string;
-    challengeAnswer?: string;
-}
-interface DingTalkLoginInput {
-    code: string;
-    corpId?: string;
-}
-interface GuestLoginInput {
-    guestIdentifier?: string;
-    domain?: string;
-    ipAddress?: string;
-    userAgent?: string;
-    formUuid?: string;
-}
-interface PhoneCodeInput {
-    phone: string;
-    purpose?: "login" | "register" | string;
-}
-interface PhoneCodeLoginInput {
-    phone: string;
-    code: string;
-    challengeId?: string;
-}
-interface PhoneCodeRegisterInput extends PhoneCodeLoginInput {
-    name?: string;
-    email?: string;
-}
-interface SsoLoginUrlInput {
-    protocol?: string;
-    redirectUri?: string;
-}
-interface RefreshInput {
-    refreshToken?: string;
-}
-interface ResolveLoginUrlInput {
-    callbackUrl?: string;
-    callbackParamName?: string;
-    loginUrl?: string;
-}
-interface AppAuthClient {
-    appType: string;
-    servicePrefix: string;
-    getMethods: () => Promise<LoginMethodsResult>;
-    passwordLogin: (input: PasswordLoginInput) => Promise<AuthTokenData>;
-    dingtalkLogin: (input: DingTalkLoginInput) => Promise<AuthTokenData>;
-    guestLogin: (input?: GuestLoginInput) => Promise<AuthTokenData>;
-    sendPhoneCode: (input: PhoneCodeInput) => Promise<PhoneCodeSendResult>;
-    phoneCodeLogin: (input: PhoneCodeLoginInput) => Promise<AuthTokenData>;
-    registerWithPhoneCode: (input: PhoneCodeRegisterInput) => Promise<AuthTokenData>;
-    getSsoLoginUrl: (input?: SsoLoginUrlInput) => Promise<SsoLoginUrlResult>;
-    refresh: (input?: RefreshInput) => Promise<AuthTokenData>;
-    logout: () => Promise<void>;
-    resolveLoginUrl: (input?: ResolveLoginUrlInput) => string;
-}
-declare class AuthClientError extends Error {
-    status?: number;
-    code?: number | string;
-    payload?: unknown;
-    constructor(message: string, options?: {
-        status?: number;
-        code?: number | string;
-        payload?: unknown;
-    });
-}
-declare const createAuthClient: ({ appType, servicePrefix, fetchImpl, }: AuthClientOptions) => AppAuthClient;
-
-interface UseAuthOptions extends Partial<AuthClientOptions> {
-}
-interface UseLoginMethodsState {
-    data: LoginMethodsResult | null;
-    methods: AuthMethod[];
-    loading: boolean;
-    error: Error | null;
-    reload: () => Promise<void>;
-}
-interface LoginPageProps extends UseAuthOptions {
-    title?: React__default.ReactNode;
-    subtitle?: React__default.ReactNode;
-    className?: string;
-    style?: CSSProperties;
-    defaultMethod?: "password" | "phone_code";
-    redirectUrl?: string;
-    redirectOnSuccess?: boolean;
-    onSuccess?: (data: AuthTokenData) => void | Promise<void>;
-}
-declare const useAuth: (options?: UseAuthOptions) => {
-    client: AppAuthClient;
-    getMethods: () => Promise<LoginMethodsResult>;
-    passwordLogin: (input: PasswordLoginInput) => Promise<AuthTokenData>;
-    dingtalkLogin: (input: DingTalkLoginInput) => Promise<AuthTokenData>;
-    guestLogin: (input?: GuestLoginInput) => Promise<AuthTokenData>;
-    sendPhoneCode: (input: PhoneCodeInput) => Promise<PhoneCodeSendResult>;
-    phoneCodeLogin: (input: PhoneCodeLoginInput) => Promise<AuthTokenData>;
-    registerWithPhoneCode: (input: PhoneCodeRegisterInput) => Promise<AuthTokenData>;
-    getSsoLoginUrl: (input?: SsoLoginUrlInput) => Promise<SsoLoginUrlResult>;
-    refresh: (input?: RefreshInput) => Promise<AuthTokenData>;
-    logout: () => Promise<void>;
-    resolveLoginUrl: (input?: ResolveLoginUrlInput) => string;
-};
-declare const useLoginMethods: (options?: UseAuthOptions) => UseLoginMethodsState;
-declare const LoginPage: React__default.FC<LoginPageProps>;
-
-type RuntimeErrorType = "unauthenticated" | "forbidden" | "network" | "unknown";
-type RuntimeRequestError = Error & {
-    type?: RuntimeErrorType;
-    status?: number;
-    code?: number | string;
-    payload?: unknown;
-};
-interface RuntimeErrorSnapshot {
-    type: RuntimeErrorType;
-    status?: number;
-    code?: number | string;
-    message: string;
-    payload?: unknown;
-}
-declare class RuntimeHttpError extends Error {
-    type: RuntimeErrorType;
-    status?: number;
-    code?: number | string;
-    payload?: unknown;
-    constructor(snapshot: RuntimeErrorSnapshot);
-}
-interface RuntimeMenuItem {
-    id: string;
-    name: string;
-    resourceCode?: string | null;
-    routeCode?: string | null;
-    path?: string | null;
-    type?: string;
-    formUuid?: string | null;
-    pageId?: string | null;
-    parentId?: string | null;
-    sortOrder?: number;
-    isHidden?: boolean;
-    icon?: string | null;
-    children?: RuntimeMenuItem[];
-    [key: string]: unknown;
-}
-interface RuntimePagePermissions {
-    appType: string;
-    hasFullAccess: boolean;
-    roleCodes: string[];
-    roleSource?: string;
-    menuFormUuids: string[];
-    menuCodes: string[];
-    routeCodes: string[];
-    pathPatterns: string[];
-}
-interface RuntimeBootstrap {
-    appType: string;
-    app?: Record<string, unknown> | null;
-    user?: Record<string, unknown> | null;
-    runtime?: {
-        mode?: "legacy" | "react-spa" | string;
-        settings?: Record<string, unknown>;
-        activeReleaseId?: string | null;
-        activeBuildId?: string | null;
-        indexUrl?: string | null;
-        assetBaseUrl?: string | null;
-    };
-    permissions?: RuntimePagePermissions;
-    menus?: RuntimeMenuItem[];
-    servicePrefix?: string;
-}
-interface RouteAccessResult {
-    appType: string;
-    canAccess: boolean;
-    routeCode?: string;
-    menuCode?: string;
-    path?: string;
-    status?: number;
-    code?: number | string;
-    message?: string;
-    errorType?: RuntimeErrorType;
-    payload?: unknown;
-    permissions?: RuntimePagePermissions;
-}
-interface RuntimeRequestState<T> {
-    data: T | null;
-    loading: boolean;
-    error: RuntimeRequestError | null;
-}
-interface OpenXiangdaProviderProps {
-    appType?: string;
-    servicePrefix?: string;
-    fetchImpl?: typeof fetch;
-    children: React__default.ReactNode;
-}
-interface OpenXiangdaRuntimeStore extends RuntimeRequestState<RuntimeBootstrap> {
-    appType: string;
-    servicePrefix: string;
-    fetchImpl: typeof fetch;
-    reload: () => Promise<void>;
-}
-declare const OpenXiangdaProvider: React__default.FC<OpenXiangdaProviderProps>;
-declare const useOpenXiangda: () => OpenXiangdaRuntimeStore;
-declare const useRuntimeBootstrap: () => OpenXiangdaRuntimeStore;
-declare const useAppMenus: () => {
-    data: RuntimeMenuItem[];
-    appType: string;
-    servicePrefix: string;
-    fetchImpl: typeof fetch;
-    reload: () => Promise<void>;
-    loading: boolean;
-    error: RuntimeRequestError | null;
-};
-declare const usePermission: () => {
-    data: RuntimePagePermissions | null;
-    appType: string;
-    servicePrefix: string;
-    fetchImpl: typeof fetch;
-    reload: () => Promise<void>;
-    loading: boolean;
-    error: RuntimeRequestError | null;
-};
-interface UseCanAccessRouteInput {
-    routeCode?: string;
-    menuCode?: string;
-    path?: string;
-}
-declare const useCanAccessRoute: (input: UseCanAccessRouteInput) => {
-    canAccess: boolean;
-    data: RouteAccessResult | null;
-    loading: boolean;
-    error: RuntimeRequestError | null;
-};
-interface PermissionBoundaryProps extends UseCanAccessRouteInput {
-    children: React__default.ReactNode;
-    fallback?: React__default.ReactNode | PermissionBoundaryFallback;
-    loadingFallback?: React__default.ReactNode | PermissionBoundaryFallback;
-}
-interface PermissionBoundaryFallbackState {
-    access: ReturnType<typeof useCanAccessRoute>;
-    runtime: ReturnType<typeof useOpenXiangda>;
-    error: RuntimeRequestError | null;
-    errorType: RuntimeErrorType;
-    status?: number;
-    code?: number | string;
-    message: string;
-}
-type PermissionBoundaryFallback = (state: PermissionBoundaryFallbackState) => React__default.ReactNode;
-declare const PermissionBoundary: React__default.FC<PermissionBoundaryProps>;
-interface RuntimeResolveLoginOptions {
-    redirectUri?: string;
-    loginUrl?: string;
-    domain?: string;
-}
-interface RuntimeRedirectLoginOptions extends RuntimeResolveLoginOptions {
-    replace?: boolean;
-}
-interface RuntimeLogoutOptions extends RuntimeRedirectLoginOptions {
-    continueOnError?: boolean;
-}
-declare const useRuntimeAuth: () => {
-    logout: () => Promise<any>;
-    logoutAndRedirect: (options?: RuntimeLogoutOptions) => Promise<string>;
-    redirectToLogin: (options?: RuntimeRedirectLoginOptions) => Promise<string>;
-    resolveLoginUrl: (options?: RuntimeResolveLoginOptions) => Promise<string>;
-};
-
-export { type AppAuthClient as A, type RuntimeRedirectLoginOptions as B, type RuntimeRequestError as C, type DingTalkLoginInput as D, type RuntimeRequestState as E, type RuntimeResolveLoginOptions as F, type GuestLoginInput as G, type SsoLoginUrlResult as H, type UseCanAccessRouteInput as I, type UseLoginMethodsState as J, createAuthClient as K, type LoginMethodsResult as L, useAppMenus as M, useAuth as N, OpenXiangdaProvider as O, type PasswordLoginInput as P, useCanAccessRoute as Q, type RefreshInput as R, type SsoLoginUrlInput as S, useLoginMethods as T, type UseAuthOptions as U, useOpenXiangda as V, usePermission as W, useRuntimeAuth as X, useRuntimeBootstrap as Y, AuthClientError as a, type AuthClientOptions as b, type AuthMethod as c, type AuthMethodType as d, type AuthTokenData as e, type AuthUser as f, LoginPage as g, type LoginPageProps as h, type OpenXiangdaProviderProps as i, PermissionBoundary as j, type PermissionBoundaryFallback as k, type PermissionBoundaryFallbackState as l, type PermissionBoundaryProps as m, type PhoneCodeInput as n, type PhoneCodeLoginInput as o, type PhoneCodeRegisterInput as p, type PhoneCodeSendResult as q, type ResolveLoginUrlInput as r, type RouteAccessResult as s, type RuntimeBootstrap as t, type RuntimeErrorSnapshot as u, type RuntimeErrorType as v, RuntimeHttpError as w, type RuntimeLogoutOptions as x, type RuntimeMenuItem as y, type RuntimePagePermissions as z };