dataease · fit2cloud-chenyw · Nov 4, 2025 · Nov 4, 2025
diff --git a/backend/alembic/versions/048_authentication_ddl.py b/backend/alembic/versions/048_authentication_ddl.py
@@ -0,0 +1,40 @@
+"""048_authentication_ddl
+
+Revision ID: 073bf544b373
+Revises: c1b794a961ce
+Create Date: 2025-10-30 14:11:29.786938
+
+"""
+from alembic import op
+import sqlalchemy as sa
+import sqlmodel.sql.sqltypes
+
+# revision identifiers, used by Alembic.
+revision = '073bf544b373'
+down_revision = 'c1b794a961ce'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('sys_authentication',
+    sa.Column('id', sa.BigInteger(), nullable=False),
+    sa.Column('name', sa.String(255), nullable=False),
+    sa.Column('type', sa.Integer(), nullable=False),
+    sa.Column('config', sa.Text(), nullable=True),
+    sa.Column('enable', sa.Boolean(), nullable=False),
+    sa.Column('valid', sa.Boolean(), nullable=False),
+    sa.Column('create_time', sa.BigInteger(), nullable=False),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_sys_authentication_id'), 'sys_authentication', ['id'], unique=False)
+
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_index(op.f('ix_sys_authentication_id'), table_name='sys_authentication')
+    op.drop_table('sys_authentication')
+    # ### end Alembic commands ###
diff --git a/backend/alembic/versions/049_user_platform_ddl.py b/backend/alembic/versions/049_user_platform_ddl.py
@@ -0,0 +1,42 @@
+"""049_user_platform_ddl
+
+Revision ID: b58a71ca6ae3
+Revises: 073bf544b373
+Create Date: 2025-11-04 12:31:56.481582
+
+"""
+from alembic import op
+import sqlalchemy as sa
+import sqlmodel.sql.sqltypes
+
+# revision identifiers, used by Alembic.
+revision = 'b58a71ca6ae3'
+down_revision = '073bf544b373'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('sys_user_platform',
+    sa.Column('uid', sa.BigInteger(), nullable=False),
+    sa.Column('origin', sa.Integer(), server_default='0', nullable=False),
+    sa.Column('platform_uid', sa.String(255), nullable=False),
+    sa.Column('id', sa.BigInteger(), nullable=False),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_sys_user_platform_id'), 'sys_user_platform', ['id'], unique=False)
+
+    op.add_column('sys_user', sa.Column('origin', sa.Integer(), server_default='0', nullable=False))
+
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+
+    op.drop_column('sys_user', 'origin')
+
+    op.drop_index(op.f('ix_sys_user_platform_id'), table_name='sys_user_platform')
+    op.drop_table('sys_user_platform')
+    # ### end Alembic commands ###
diff --git a/backend/apps/system/api/login.py b/backend/apps/system/api/login.py
@@ -1,6 +1,7 @@
 from typing import Annotated
-from fastapi import APIRouter, Depends, HTTPException
+from fastapi import APIRouter, Depends, HTTPException, Request
 from fastapi.security import OAuth2PasswordRequestForm
+from apps.system.schemas.logout_schema import LogoutSchema
 from apps.system.schemas.system_schema import BaseUserDTO
 from common.core.deps import SessionDep, Trans
 from common.utils.crypto import sqlbot_decrypt
@@ -9,6 +10,7 @@
 from datetime import timedelta
 from common.core.config import settings
 from common.core.schemas import Token
+from sqlbot_xpack.authentication.manage import logout as xpack_logout
 router = APIRouter(tags=["login"], prefix="/login")
 
 @router.post("/access-token")
@@ -30,4 +32,10 @@ async def local_login(
     user_dict = user.to_dict()
     return Token(access_token=create_access_token(
         user_dict, expires_delta=access_token_expires
-    ))
+    ))
+
+@router.post("/logout")    
+async def logout(session: SessionDep, request: Request, dto: LogoutSchema):
+    if dto.origin != 0:
+        return await xpack_logout(session, request, dto)
+    return None
diff --git a/backend/apps/system/models/system_model.py b/backend/apps/system/models/system_model.py
@@ -55,4 +55,16 @@ class AssistantBaseModel(SQLModel):
 
 class AssistantModel(SnowflakeBase, AssistantBaseModel, table=True):
     __tablename__ = "sys_assistant"
-
+
+
+class AuthenticationBaseModel(SQLModel):
+    name: str = Field(max_length=255, nullable=False)
+    type: int = Field(nullable=False, default=0)
+    config: Optional[str] = Field(sa_type = Text(), nullable=True)
+
+
+class AuthenticationModel(SnowflakeBase, AuthenticationBaseModel, table=True):
+    __tablename__ = "sys_authentication"
+    create_time: Optional[int] = Field(default=0, sa_type=BigInteger())
+    enable: bool = Field(default=False, nullable=False)
+    valid: bool = Field(default=False, nullable=False)
diff --git a/backend/apps/system/models/user.py b/backend/apps/system/models/user.py
@@ -15,9 +15,20 @@ class BaseUserPO(SQLModel):
     password: str = Field(default_factory=default_md5_pwd, max_length=255)
     email: str = Field(max_length=255)
     status: int = Field(default=0, nullable=False)
+    origin: int = Field(nullable=False, default=0)
     create_time: int = Field(default_factory=get_timestamp, sa_type=BigInteger(), nullable=False)
     language: str = Field(max_length=255, default="zh-CN")
 
 class UserModel(SnowflakeBase, BaseUserPO, table=True):
     __tablename__ = "sys_user"
 
+
+class UserPlatformBase(SQLModel):
+    uid: int = Field(nullable=False, sa_type=BigInteger())
+    origin: int = Field(nullable=False, default=0)
+    platform_uid: str = Field(max_length=255, nullable=False)
+
+class UserPlatformModel(SnowflakeBase, UserPlatformBase, table=True):
+    __tablename__ = "sys_user_platform"
+
+
diff --git a/backend/apps/system/schemas/auth.py b/backend/apps/system/schemas/auth.py
@@ -1,4 +1,5 @@
 
+from typing import Optional
 from pydantic import BaseModel
 from enum import Enum
 
@@ -16,4 +17,5 @@ class CacheName(Enum):
     ASSISTANT_INFO = "assistant:info"
     ASSISTANT_DS = "assistant:ds"
     def __str__(self):
-        return self.value
+        return self.value
+
diff --git a/backend/apps/system/schemas/logout_schema.py b/backend/apps/system/schemas/logout_schema.py
@@ -0,0 +1,9 @@
+from typing import Optional
+from pydantic import BaseModel
+
+
+class LogoutSchema(BaseModel):
+    token: Optional[str] = None
+    flag: Optional[str] = 'default'
+    origin: Optional[int] = 0
+    data: Optional[str] = None
diff --git a/backend/apps/system/schemas/system_schema.py b/backend/apps/system/schemas/system_schema.py
@@ -53,6 +53,7 @@ class UserCreator(BaseUser):
     name: str = Field(min_length=1, max_length=100, description="用户名")
     email: str = Field(min_length=1, max_length=100, description="用户邮箱")
     status: int = 1
+    origin: Optional[int] = 0
     oid_list: Optional[list[int]] = None
 
     """ @field_validator("email")
@@ -70,7 +71,7 @@ class UserGrid(UserEditor):
     create_time: int
     language: str = "zh-CN"
     # space_name: Optional[str] = None
-    origin: str = ''
+    # origin: str = ''
 
 
 class PwdEditor(BaseModel):

diff --git a/backend/common/utils/http_utils.py b/backend/common/utils/http_utils.py
@@ -0,0 +1,31 @@
+from typing import Tuple
+import requests
+from urllib.parse import urlparse
+from requests.exceptions import RequestException, Timeout
+
+def verify_url(url: str, timeout: int = 5) -> Tuple[bool, str]:
+    try:
+        parsed = urlparse(url)
+        if not all([parsed.scheme, parsed.netloc]):
+            return False, "无效的 URL 格式"
+
+        if parsed.scheme not in ['http', 'https']:
+            return False, "URL 必须以 http 或 https 开头"
+
+        response = requests.get(
+            url,
+            timeout=timeout,
+            verify=False  # 忽略 SSL 证书验证
+        )
+
+        if response.status_code < 400:
+            return True, "URL 可达"
+        else:
+            return False, f"服务器返回错误状态码: {response.status_code}"
+
+    except Timeout:
+        return False, f"连接超时 (>{timeout}秒)"
+    except RequestException as e:
+        return False, f"连接失败: {str(e)}"
+    except Exception as e:
+        return False, f"验证过程发生错误: {str(e)}"
diff --git a/backend/common/utils/whitelist.py b/backend/common/utils/whitelist.py
@@ -33,7 +33,10 @@
     "/system/assistant/info/*",
     "/system/assistant/app/*",
     "/system/assistant/picture/*",
-    "/datasource/uploadExcel"
+    "/datasource/uploadExcel",
+    "/system/authentication/platform/status",
+    "/system/authentication/login/*",
+    "/system/authentication/sso/*",
 ]
 
 class WhitelistChecker:

diff --git a/frontend/src/api/login.ts b/frontend/src/api/login.ts
@@ -14,6 +14,6 @@ export const AuthApi = {
       },
     })
   },
-  logout: () => request.post('/auth/logout'),
+  logout: (data: any) => request.post('/login/logout', data),
   info: () => request.get('/user/info'),
 }
diff --git a/frontend/src/assets/svg/logo_cas.svg b/frontend/src/assets/svg/logo_cas.svg
diff --git a/frontend/src/assets/svg/logo_dingtalk.svg b/frontend/src/assets/svg/logo_dingtalk.svg
diff --git a/frontend/src/assets/svg/logo_lark.svg b/frontend/src/assets/svg/logo_lark.svg
diff --git a/frontend/src/assets/svg/logo_ldap.svg b/frontend/src/assets/svg/logo_ldap.svg