fix: 对齐租户端鉴权与后端菜单流程

将登录/用户信息/权限/菜单接口对齐到租户后端，补充默认租户头与令牌刷新逻辑，并强制使用后端菜单模式以保证登录后触发 /auth/menu 加载。
2026-02-06 12:40:55 +08:00
parent 09b73076da
commit a1935f4008
9 changed files with 175 additions and 73 deletions
--- a/apps/web-antd/src/api/core/auth.ts
+++ b/apps/web-antd/src/api/core/auth.ts
@@ -1,20 +1,43 @@
 import { baseRequestClient, requestClient } from '#/api/request';

 export namespace AuthApi {
+  export interface CurrentUserProfile {
+    account?: string;
+    avatar?: string;
+    displayName?: string;
+    merchantId?: null | number | string;
+    permissions?: string[];
+    roles?: string[];
+    tenantId?: number | string;
+    userId?: number | string;
+  }
+
  /** 登录接口参数 */
  export interface LoginParams {
+    account?: string;
    password?: string;
    username?: string;
  }

  /** 登录接口返回值 */
  export interface LoginResult {
-    accessToken: string;
+    accessToken?: string;
+    accessTokenExpiresAt?: string;
+    isNewUser?: boolean;
+    refreshToken?: string;
+    refreshTokenExpiresAt?: string;
+    user?: CurrentUserProfile;
  }

-  export interface RefreshTokenResult {
-    data: string;
-    status: number;
+  export interface RefreshTokenParams {
+    refreshToken: string;
+  }
+
+  export interface ApiResponse<T> {
+    code: number;
+    data: T;
+    message?: string;
+    success: boolean;
  }
 }

@@ -22,30 +45,33 @@ export namespace AuthApi {
 * 登录
 */
 export async function loginApi(data: AuthApi.LoginParams) {
-  return requestClient.post<AuthApi.LoginResult>('/auth/login', data);
+  const account = data.account ?? data.username;
+  return requestClient.post<AuthApi.LoginResult>('/auth/login', {
+    account,
+    password: data.password,
+  });
 }

 /**
 * 刷新accessToken
 */
-export async function refreshTokenApi() {
-  return baseRequestClient.post<AuthApi.RefreshTokenResult>('/auth/refresh', {
-    withCredentials: true,
-  });
+export async function refreshTokenApi(data: AuthApi.RefreshTokenParams) {
+  return baseRequestClient.post<AuthApi.ApiResponse<AuthApi.LoginResult>>(
+    '/auth/refresh',
+    data,
+  );
 }

 /**
 * 退出登录
 */
 export async function logoutApi() {
-  return baseRequestClient.post('/auth/logout', {
-    withCredentials: true,
-  });
+  return baseRequestClient.post('/auth/logout');
 }

 /**
 * 获取用户权限码
 */
 export async function getAccessCodesApi() {
-  return requestClient.get<string[]>('/auth/codes');
+  return requestClient.get<string[]>('/auth/permissions');
 }
--- a/apps/web-antd/src/api/core/menu.ts
+++ b/apps/web-antd/src/api/core/menu.ts
@@ -6,5 +6,5 @@ import { requestClient } from '#/api/request';
 * 获取用户所有菜单
 */
 export async function getAllMenusApi() {
-  return requestClient.get<RouteRecordStringComponent[]>('/menu/all');
+  return requestClient.get<RouteRecordStringComponent[]>('/auth/menu');
 }
--- a/apps/web-antd/src/api/core/user.ts
+++ b/apps/web-antd/src/api/core/user.ts
@@ -2,9 +2,46 @@ import type { UserInfo } from '@vben/types';

 import { requestClient } from '#/api/request';

+const TENANT_STORAGE_KEY = 'sys-tenant-id';
+
+interface TenantUserProfile {
+  account?: string;
+  avatar?: string;
+  displayName?: string;
+  merchantId?: null | number | string;
+  permissions?: string[];
+  roles?: string[];
+  tenantId?: number | string;
+  userId?: number | string;
+}
+
+function normalizeId(value: null | number | string | undefined) {
+  if (value === null || value === undefined) {
+    return '';
+  }
+  return String(value);
+}
+
+function mapProfileToUserInfo(profile: TenantUserProfile): UserInfo {
+  return {
+    avatar: profile.avatar ?? '',
+    desc: '',
+    homePath: '',
+    realName: profile.displayName ?? profile.account ?? '',
+    roles: profile.roles ?? [],
+    token: '',
+    userId: normalizeId(profile.userId),
+    username: profile.account ?? '',
+  };
+}
+
 /**
 * 获取用户信息
 */
 export async function getUserInfoApi() {
-  return requestClient.get<UserInfo>('/user/info');
+  const profile = await requestClient.get<TenantUserProfile>('/auth/profile');
+  if (profile.tenantId !== null && profile.tenantId !== undefined) {
+    localStorage.setItem(TENANT_STORAGE_KEY, String(profile.tenantId));
+  }
+  return mapProfileToUserInfo(profile);
 }
--- a/apps/web-antd/src/api/request.ts
+++ b/apps/web-antd/src/api/request.ts
@@ -20,6 +20,46 @@ import { useAuthStore } from '#/store';
 import { refreshTokenApi } from './core';

 const { apiURL } = useAppConfig(import.meta.env, import.meta.env.PROD);
+const TENANT_HEADER_KEY = 'X-Tenant-Id';
+const TENANT_STORAGE_KEY = 'sys-tenant-id';
+const DEV_TENANT_ID = import.meta.env.DEV ? import.meta.env.VITE_TENANT_ID : '';
+
+function getHeaderValue(headers: any, key: string) {
+  if (!headers) {
+    return '';
+  }
+
+  if (typeof headers.get === 'function') {
+    return headers.get(key) || headers.get(key.toLowerCase()) || '';
+  }
+
+  return headers[key] || headers[key.toLowerCase()] || '';
+}
+
+function setHeaderValue(headers: any, key: string, value: string) {
+  if (!headers) {
+    return;
+  }
+
+  if (typeof headers.set === 'function') {
+    headers.set(key, value);
+    return;
+  }
+
+  headers[key] = value;
+}
+
+function resolveTenantId() {
+  const hostname = window.location.hostname;
+  const hostnameParts = hostname.split('.').filter(Boolean);
+  const isIpAddress = /^\d+\.\d+\.\d+\.\d+$/.test(hostname);
+  const subdomainTenantId =
+    hostnameParts.length > 2 && !isIpAddress ? hostnameParts[0] : '';
+
+  const storageTenantId = localStorage.getItem(TENANT_STORAGE_KEY) || '';
+
+  return subdomainTenantId || storageTenantId || DEV_TENANT_ID || '';
+}

 function createRequestClient(baseURL: string, options?: RequestClientOptions) {
  const client = new RequestClient({
@@ -50,10 +90,27 @@ function createRequestClient(baseURL: string, options?: RequestClientOptions) {
   */
  async function doRefreshToken() {
    const accessStore = useAccessStore();
-    const resp = await refreshTokenApi();
-    const newToken = resp.data;
-    accessStore.setAccessToken(newToken);
-    return newToken;
+    const currentRefreshToken = accessStore.refreshToken;
+
+    if (!currentRefreshToken) {
+      throw new Error('refresh token is required');
+    }
+
+    const resp = await refreshTokenApi({
+      refreshToken: currentRefreshToken,
+    });
+
+    const tokenData = resp?.data;
+    const newAccessToken = tokenData?.accessToken;
+    const newRefreshToken = tokenData?.refreshToken ?? currentRefreshToken;
+
+    if (!newAccessToken) {
+      throw new Error('access token is missing in refresh response');
+    }
+
+    accessStore.setAccessToken(newAccessToken);
+    accessStore.setRefreshToken(newRefreshToken);
+    return newAccessToken;
  }

  function formatToken(token: null | string) {
@@ -65,8 +122,20 @@ function createRequestClient(baseURL: string, options?: RequestClientOptions) {
    fulfilled: async (config) => {
      const accessStore = useAccessStore();

-      config.headers.Authorization = formatToken(accessStore.accessToken);
-      config.headers['Accept-Language'] = preferences.app.locale;
+      const authorization = formatToken(accessStore.accessToken);
+      if (authorization) {
+        setHeaderValue(config.headers, 'Authorization', authorization);
+      }
+      setHeaderValue(config.headers, 'Accept-Language', preferences.app.locale);
+
+      const headerTenantId = getHeaderValue(config.headers, TENANT_HEADER_KEY);
+      if (!headerTenantId) {
+        const tenantId = resolveTenantId();
+        if (tenantId) {
+          setHeaderValue(config.headers, TENANT_HEADER_KEY, String(tenantId));
+        }
+      }
+
      return config;
    },
  });
@@ -76,7 +145,7 @@ function createRequestClient(baseURL: string, options?: RequestClientOptions) {
    defaultResponseInterceptor({
      codeField: 'code',
      dataField: 'data',
-      successCode: 0,
+      successCode: 200,
    }),
  );