feat: enforce tenant route isolation
This commit is contained in:
@@ -1,9 +1,11 @@
|
||||
package auth
|
||||
|
||||
func (r *Routes) Path() string {
|
||||
return "/v1/auth"
|
||||
return "/t/:tenantCode/v1/auth"
|
||||
}
|
||||
|
||||
func (r *Routes) Middlewares() []any {
|
||||
return []any{}
|
||||
return []any{
|
||||
r.middlewares.TenantResolver,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -199,6 +199,7 @@
|
||||
- 运营统计报表(overview + CSV 导出基础版)。
|
||||
- 超管后台治理能力(健康度/异常监控/内容审核)。
|
||||
- 性能优化(避免 N+1:topics 聚合批量查询)。
|
||||
- 多租户强隔离(/t/:tenantCode/v1 + TenantResolver)。
|
||||
|
||||
## 里程碑建议
|
||||
- M1:完成 P0
|
||||
|
||||
@@ -3,7 +3,10 @@ import { getTenantCode } from './tenant';
|
||||
|
||||
export async function request(endpoint, options = {}) {
|
||||
const tenantCode = getTenantCode();
|
||||
const baseUrl = tenantCode ? `/t/${tenantCode}/v1` : '/v1';
|
||||
if (!tenantCode) {
|
||||
throw new Error('Tenant code missing in URL');
|
||||
}
|
||||
const baseUrl = `/t/${tenantCode}/v1`;
|
||||
const token = localStorage.getItem('token');
|
||||
|
||||
const headers = {
|
||||
@@ -42,7 +45,7 @@ export async function request(endpoint, options = {}) {
|
||||
if (res.status === 401) {
|
||||
localStorage.removeItem('token');
|
||||
localStorage.removeItem('user');
|
||||
const loginPath = tenantCode ? `/t/${tenantCode}/auth/login` : '/auth/login';
|
||||
const loginPath = `/t/${tenantCode}/auth/login`;
|
||||
// Redirect to login if not already there
|
||||
if (!window.location.pathname.includes('/auth/login')) {
|
||||
window.location.href = loginPath;
|
||||
|
||||
Reference in New Issue
Block a user