From 2a2f4747efcab45819442456f1e286be31e77eaa Mon Sep 17 00:00:00 2001
From: fit2cloud-chenyw <yawen.chen@fit2cloud.com>
Date: Thu, 11 Dec 2025 09:05:52 +0800
Subject: [PATCH] feat(X-Pack): Supports third-party platforms as the default
 login method

---
 backend/apps/system/api/parameter.py          |  6 +-
 backend/apps/system/crud/parameter_manage.py  |  4 +
 backend/common/utils/whitelist.py             |  1 +
 frontend/src/router/index.ts                  |  5 ++
 frontend/src/router/watch.ts                  |  4 +-
 frontend/src/views/login/xpack/Handler.vue    | 84 +++++++++----------
 frontend/src/views/login/xpack/QrcodeLdap.vue |  3 +
 7 files changed, 61 insertions(+), 46 deletions(-)

diff --git a/backend/apps/system/api/parameter.py b/backend/apps/system/api/parameter.py
index dc335281..af254d71 100644
--- a/backend/apps/system/api/parameter.py
+++ b/backend/apps/system/api/parameter.py
@@ -3,11 +3,15 @@
 from sqlbot_xpack.config.model import SysArgModel
 
 
-from apps.system.crud.parameter_manage import get_parameter_args, save_parameter_args
+from apps.system.crud.parameter_manage import get_groups, get_parameter_args, save_parameter_args
 from common.core.deps import SessionDep
 
 router = APIRouter(tags=["system/parameter"], prefix="/system/parameter")
 
+@router.get("/login")
+async def get_login_args(session: SessionDep) -> list[SysArgModel]:
+    return await get_groups(session, "login")
+
 @router.get("")
 async def get_args(session: SessionDep) -> list[SysArgModel]:
     return await get_parameter_args(session)
diff --git a/backend/apps/system/crud/parameter_manage.py b/backend/apps/system/crud/parameter_manage.py
index 118dad51..f80edd29 100644
--- a/backend/apps/system/crud/parameter_manage.py
+++ b/backend/apps/system/crud/parameter_manage.py
@@ -9,6 +9,10 @@ async def get_parameter_args(session: SessionDep) -> list[SysArgModel]:
     group_args = await get_group_args(session=session)
     return [x for x in group_args if not x.pkey.startswith('appearance.')]
 
+async def get_groups(session: SessionDep, flag: str) -> list[SysArgModel]:
+    group_args = await get_group_args(session=session, flag=flag)
+    return group_args
+
 async def save_parameter_args(session: SessionDep, request: Request):
     allow_file_mapping = {
         """ "test_logo": { "types": [".jpg", ".jpeg", ".png", ".svg"], "size": 5 * 1024 * 1024 } """
diff --git a/backend/common/utils/whitelist.py b/backend/common/utils/whitelist.py
index b6565ac0..d9df569b 100644
--- a/backend/common/utils/whitelist.py
+++ b/backend/common/utils/whitelist.py
@@ -36,6 +36,7 @@
     "/system/authentication/platform/status",
     "/system/authentication/login/*",
     "/system/authentication/sso/*",
+    "/system/parameter/login"
 ]
 
 class WhitelistChecker:
diff --git a/frontend/src/router/index.ts b/frontend/src/router/index.ts
index 275d33a4..51f8aba4 100644
--- a/frontend/src/router/index.ts
+++ b/frontend/src/router/index.ts
@@ -231,6 +231,11 @@ export const routes = [
     name: 'assistantTest',
     component: assistantTest,
   },
+  {
+    path: '/admin-login',
+    name: 'admin-login',
+    component: login,
+  },
   {
     path: '/401',
     name: '401',
diff --git a/frontend/src/router/watch.ts b/frontend/src/router/watch.ts
index 7c63f131..432840b3 100644
--- a/frontend/src/router/watch.ts
+++ b/frontend/src/router/watch.ts
@@ -8,7 +8,7 @@ import type { Router } from 'vue-router'
 const appearanceStore = useAppearanceStoreWithOut()
 const userStore = useUserStore()
 const { wsCache } = useCache()
-const whiteList = ['/login']
+const whiteList = ['/login', '/admin-login']
 const assistantWhiteList = ['/assistant', '/embeddedPage', '/401']
 export const watchRouter = (router: Router) => {
   router.beforeEach(async (to: any, from: any, next: any) => {
@@ -40,7 +40,7 @@ export const watchRouter = (router: Router) => {
       next('/chat')
       return
     }
-    if (to.path === '/login') {
+    if (to.path === '/login' || to.path === '/admin-login') {
       console.info(from)
       next('/chat')
     } else {
diff --git a/frontend/src/views/login/xpack/Handler.vue b/frontend/src/views/login/xpack/Handler.vue
index 90d8b5ce..e564583c 100644
--- a/frontend/src/views/login/xpack/Handler.vue
+++ b/frontend/src/views/login/xpack/Handler.vue
@@ -51,7 +51,7 @@
 </template>
 
 <script lang="ts" setup>
-import { ref, onMounted } from 'vue'
+import { ref, onMounted, nextTick, computed } from 'vue'
 import QrcodeLdap from './QrcodeLdap.vue'
 import LdapLoginForm from './LdapLoginForm.vue'
 /* import Oidc from './Oidc.vue'
@@ -77,14 +77,18 @@ defineProps<{
   loading: boolean
 }>()
 const emits = defineEmits(['switchTab', 'autoCallback', 'update:loading'])
-const updateLoading = (show: boolean) => {
-  emits('update:loading', show)
+const updateLoading = (show: boolean, time: number = 1000) => {
+  setTimeout(() => {
+    emits('update:loading', show)
+  }, time)
 }
 const { t } = useI18n()
 interface Categoryparam {
   category: string
   proxy?: string
 }
+
+const adminLogin = computed(() => router.currentRoute?.value?.name === 'admin-login')
 const loginDialogVisible = ref(false)
 const dialogTitle = ref('')
 const dialogInterval = ref<any>(null)
@@ -102,7 +106,7 @@ const userStore = useUserStore()
 const qrStatus = ref(false)
 const loginCategory = ref({} as LoginCategory)
 const anyEnable = ref(false)
-// const qrcodeLdapHandler = ref()
+const qrcodeLdapHandler = ref()
 const oauth2Handler = ref()
 const saml2Handler = ref()
 /* const state = reactive({
@@ -232,21 +236,21 @@ const toMfa = (mfa) => {
     document.getElementsByClassName('preheat-container')[0].setAttribute('style', 'display: none;')
   }
 } */
-/* const ssoLogin = (category) => {
+const ssoLogin = (category: any) => {
   const array = [
-    { category: 'ldap', proxy: '' },
-    { category: 'oidc', proxy: '/oidcbi/#' },
     { category: 'cas', proxy: '/casbi/#' },
+    { category: 'oidc', proxy: '/oidcbi/#' },
+    { category: 'ldap', proxy: '' },
     { category: 'oauth2', proxy: '/#' },
     { category: 'saml2', proxy: '/#' },
   ]
   if (category) {
-    if (category === 1) {
+    if (category === 3) {
       qrcodeLdapHandler.value?.setActive('ldap')
     }
     switcherCategory(array[category - 1])
   }
-} */
+}
 
 const switcherCategory = async (param: Categoryparam) => {
   const { category, proxy } = param
@@ -540,47 +544,41 @@ const callBackType = () => {
   return getQueryString('state')
 }
 
-/* const auto2Platform = async () => {
-  const resultParam = {
-    preheat: true,
-    loadingText: '加载中...',
-    activeName: 'simple',
+const auto2Platform = async () => {
+  if (adminLogin.value) {
+    updateLoading(false, 100)
+    return
   }
-  if (!checkPlatform()) {
-    const res = await loginCategoryApi()
-    const adminLogin = router.currentRoute?.value?.name === 'admin-login'
-    if (adminLogin && (!res.data || res.data === 1)) {
-      emits('autoCallback', resultParam)
-      router.push('/401')
-      return
-    }
-    if (res.data && !adminLogin) {
-      if (res.data === 1) {
-        resultParam.activeName = 'ldap'
-        resultParam.preheat = false
-      } else {
-        resultParam.loadingText = '加载中...'
-        document.getElementsByClassName('ed-loading-text')?.length &&
-          (document.getElementsByClassName('ed-loading-text')[0]['innerText'] =
-            resultParam.loadingText)
-      }
-      nextTick(() => {
-        ssoLogin(res.data)
-      })
-    } else {
-      resultParam.preheat = false
+  const resData = await request.get('/system/parameter/login')
+  let res = 0
+  const resObj = {} as any
+  resData.forEach((item: any) => {
+    resObj[item.pkey] = item.pval
+  })
+  res = parseInt(resObj['login.default_login'] || 0)
+
+  if (res && !adminLogin.value) {
+    if (res === 3) {
+      qrStatusChange('ldap')
+      updateLoading(false)
     }
-  } else if (getQueryString('state')?.includes('fit2clouddeoauth2')) {
-    resultParam.preheat = true
+    nextTick(() => {
+      ssoLogin(res)
+    })
+  } else {
+    updateLoading(false)
   }
-  emits('autoCallback', resultParam)
-} */
+}
 
 onMounted(() => {
+  if (adminLogin.value) {
+    updateLoading(false, 100)
+    return
+  }
   // eslint-disable-next-line no-undef
   const obj = LicenseGenerator.getLicense()
   if (obj?.status !== 'valid') {
-    updateLoading(false)
+    updateLoading(false, 100)
     return
   }
   wsCache.delete('de-platform-client')
@@ -594,7 +592,7 @@ onMounted(() => {
     } else if (state?.includes('oidc')) {
       oidcLogin()
     } else {
-      updateLoading(false)
+      auto2Platform()
     }
     /*  else if (window.location.pathname.includes('/oidcbi/')) {
       platformLogin(2)
diff --git a/frontend/src/views/login/xpack/QrcodeLdap.vue b/frontend/src/views/login/xpack/QrcodeLdap.vue
index cedfee2e..9994c80a 100644
--- a/frontend/src/views/login/xpack/QrcodeLdap.vue
+++ b/frontend/src/views/login/xpack/QrcodeLdap.vue
@@ -139,6 +139,9 @@ const setActive = (active?: string) => {
   }
   validComponentList.value[index] = componentMap.value[activeComponent.value]
   activeComponent.value = item.key
+  if (active === 'ldap') {
+    hiddenDefaultTabs()
+  }
 }
 defineExpose({
   setActive,