2026-04-14 21:48:53 +08:00
|
|
|
import router from '@/router'
|
|
|
|
|
|
2026-04-11 15:59:14 +08:00
|
|
|
const DEFAULT_BASE_URL = ''
|
|
|
|
|
|
|
|
|
|
function getBaseUrl(): string {
|
|
|
|
|
return localStorage.getItem('hermes_server_url') || DEFAULT_BASE_URL
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-15 09:13:27 +08:00
|
|
|
export function getApiKey(): string {
|
2026-04-11 15:59:14 +08:00
|
|
|
return localStorage.getItem('hermes_api_key') || ''
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export function setServerUrl(url: string) {
|
|
|
|
|
localStorage.setItem('hermes_server_url', url)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export function setApiKey(key: string) {
|
|
|
|
|
localStorage.setItem('hermes_api_key', key)
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-14 21:48:53 +08:00
|
|
|
export function clearApiKey() {
|
|
|
|
|
localStorage.removeItem('hermes_api_key')
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export function hasApiKey(): boolean {
|
|
|
|
|
return !!getApiKey()
|
|
|
|
|
}
|
|
|
|
|
|
2026-05-23 18:44:53 +08:00
|
|
|
export type StoredUserRole = 'super_admin' | 'admin'
|
|
|
|
|
|
|
|
|
|
export function getStoredUserRole(): StoredUserRole | null {
|
|
|
|
|
const token = getApiKey()
|
|
|
|
|
const payload = token.split('.')[1]
|
|
|
|
|
if (!payload) return null
|
|
|
|
|
try {
|
|
|
|
|
const normalized = payload.replace(/-/g, '+').replace(/_/g, '/')
|
|
|
|
|
const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, '=')
|
|
|
|
|
const data = JSON.parse(atob(padded)) as { role?: unknown }
|
|
|
|
|
return data.role === 'super_admin' || data.role === 'admin' ? data.role : null
|
|
|
|
|
} catch {
|
|
|
|
|
return null
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export function isStoredSuperAdmin(): boolean {
|
|
|
|
|
return getStoredUserRole() === 'super_admin'
|
|
|
|
|
}
|
|
|
|
|
|
2026-05-24 09:25:52 +08:00
|
|
|
export function getActiveProfileName(): string | null {
|
2026-05-23 18:44:53 +08:00
|
|
|
return localStorage.getItem('hermes_active_profile_name')
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function bodyHasProfileSelector(body: BodyInit | null | undefined): boolean {
|
|
|
|
|
if (typeof body !== 'string') return false
|
2026-05-04 12:46:26 +08:00
|
|
|
try {
|
2026-05-23 18:44:53 +08:00
|
|
|
const parsed = JSON.parse(body) as { profile?: unknown }
|
|
|
|
|
return typeof parsed?.profile === 'string' && parsed.profile.trim().length > 0
|
2026-05-04 12:46:26 +08:00
|
|
|
} catch {
|
2026-05-23 18:44:53 +08:00
|
|
|
return false
|
2026-05-04 12:46:26 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-05-23 18:44:53 +08:00
|
|
|
function shouldAttachProfileHeader(path: string, options: RequestInit): boolean {
|
|
|
|
|
try {
|
|
|
|
|
const url = new URL(path, 'http://hermes.local')
|
|
|
|
|
if (url.searchParams.has('profile')) return false
|
|
|
|
|
if (url.pathname.startsWith('/api/hermes/profiles')) return false
|
|
|
|
|
} catch {
|
|
|
|
|
if (path.startsWith('/api/hermes/profiles')) return false
|
|
|
|
|
}
|
|
|
|
|
return !bodyHasProfileSelector(options.body)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function emitAuthNotice(kind: 'expired' | 'forbidden') {
|
|
|
|
|
if (typeof window === 'undefined') return
|
|
|
|
|
window.dispatchEvent(new CustomEvent('hermes-auth-notice', { detail: { kind } }))
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-11 15:59:14 +08:00
|
|
|
export async function request<T>(path: string, options: RequestInit = {}): Promise<T> {
|
|
|
|
|
const base = getBaseUrl()
|
|
|
|
|
const url = `${base}${path}`
|
|
|
|
|
const headers: Record<string, string> = {
|
|
|
|
|
'Content-Type': 'application/json',
|
|
|
|
|
...options.headers as Record<string, string>,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const apiKey = getApiKey()
|
|
|
|
|
if (apiKey) {
|
|
|
|
|
headers['Authorization'] = `Bearer ${apiKey}`
|
|
|
|
|
}
|
|
|
|
|
|
2026-05-23 18:44:53 +08:00
|
|
|
// Inject active profile header for request-scoped endpoints. Explicit profile
|
|
|
|
|
// selectors in the URL/body and profile-name routes are validated directly.
|
2026-05-04 12:46:26 +08:00
|
|
|
const profileName = getActiveProfileName()
|
2026-05-23 18:44:53 +08:00
|
|
|
if (profileName && shouldAttachProfileHeader(path, options)) {
|
2026-04-19 20:59:25 +08:00
|
|
|
headers['X-Hermes-Profile'] = profileName
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-11 15:59:14 +08:00
|
|
|
const res = await fetch(url, { ...options, headers })
|
|
|
|
|
|
2026-04-16 20:24:09 +08:00
|
|
|
// Global 401 handler — only redirect to login for local BFF endpoints
|
|
|
|
|
// Proxied gateway requests should not trigger logout
|
|
|
|
|
const isLocalBff = !path.startsWith('/api/hermes/v1/') &&
|
2026-05-23 18:44:53 +08:00
|
|
|
!path.startsWith('/v1/')
|
2026-04-16 20:24:09 +08:00
|
|
|
|
|
|
|
|
if (res.status === 401 && isLocalBff) {
|
2026-04-15 11:00:47 +08:00
|
|
|
clearApiKey()
|
2026-05-23 18:44:53 +08:00
|
|
|
emitAuthNotice('expired')
|
2026-04-15 11:00:47 +08:00
|
|
|
if (router.currentRoute.value.name !== 'login') {
|
|
|
|
|
router.replace({ name: 'login' })
|
|
|
|
|
}
|
2026-04-14 21:48:53 +08:00
|
|
|
throw new Error('Unauthorized')
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-11 15:59:14 +08:00
|
|
|
if (!res.ok) {
|
|
|
|
|
const text = await res.text().catch(() => '')
|
2026-05-23 18:44:53 +08:00
|
|
|
if (res.status === 403 && isLocalBff) {
|
|
|
|
|
if (text.includes('User is disabled or does not exist')) {
|
|
|
|
|
clearApiKey()
|
|
|
|
|
emitAuthNotice('expired')
|
|
|
|
|
if (router.currentRoute.value.name !== 'login') {
|
|
|
|
|
router.replace({ name: 'login' })
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
emitAuthNotice('forbidden')
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-04-11 15:59:14 +08:00
|
|
|
throw new Error(`API Error ${res.status}: ${text || res.statusText}`)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return res.json()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export function getBaseUrlValue(): string {
|
|
|
|
|
return getBaseUrl()
|
|
|
|
|
}
|
