bastion_sso/src/router/index.ts

import { createRouter, createWebHashHistory, type RouteRecordRaw } from 'vue-router'
import { ElMessage } from 'element-plus'
import { authApi } from '@/api/auth'
import { getToken, removeToken } from '@/composables/token'
import { useAuthStore } from '@/stores/auth'

const routes: RouteRecordRaw[] = [
  {
    path: '/login',
    component: () => import('@/pages/LoginPage.vue'),
    meta: { guest: true },
  },
  {
    path: '/oauth-consent',
    component: () => import('@/pages/OauthConsentPage.vue'),
    meta: { guest: true },
  },
  {
    path: '/',
    component: () => import('@/layouts/MainLayout.vue'),
    children: [
      { path: '', component: () => import('@/pages/DashboardPage.vue') },
      { path: 'profile', component: () => import('@/pages/ProfilePage.vue') },
      { path: 'users', component: () => import('@/pages/UsersPage.vue') },
      { path: 'roles', component: () => import('@/pages/RolesPage.vue') },
      { path: 'permissions', component: () => import('@/pages/PermissionsPage.vue') },
      { path: 'servers', component: () => import('@/pages/ServersPage.vue') },
      { path: 'tickets', component: () => import('@/pages/TicketsPage.vue') },
      { path: 'accounts', component: () => import('@/pages/AccountsPage.vue') },
      { path: 'logs', component: () => import('@/pages/LogsPage.vue') },
      { path: 'oauth-clients', component: () => import('@/pages/OauthClientsPage.vue') },
    ],
  },
  { path: '/:pathMatch(.*)*', component: () => import('@/pages/NotFoundPage.vue') },
]

const router = createRouter({
  history: createWebHashHistory(),
  routes,
})

let loaded = false

router.beforeEach(async (to) => {
  const token = getToken()
  const authStore = useAuthStore()

  if (!token && !to.meta.guest) {
    return '/login'
  }

  if (token && !loaded) {
    try {
      const response = await authApi.me()
      authStore.setAuth(response.data.user, response.data.permissions)
      loaded = true
    } catch (error: any) {
      const code = Number(error?.code || 0)
      if (code === 423) {
        loaded = true
        return '/login'
      }
      removeToken()
      authStore.clearAuth()
      loaded = false
      if (code !== 401) {
        ElMessage.error('登录状态无效，请重新登录')
      }
      return '/login'
    }
  }

  if (token && to.meta.guest) {
    const returnTo = typeof to.query.return_to === 'string' ? to.query.return_to : ''
    if (to.path === '/login' && returnTo) {
      return true
    }
    if (to.path === '/oauth-consent') {
      return true
    }
    const forcePasswordChange = Boolean((authStore.user as any)?.force_password_change)
    if (forcePasswordChange) {
      if (to.path === '/login') {
        return true
      }
      return '/login'
    }
    return '/'
  }

  const forcePasswordChange = Boolean((authStore.user as any)?.force_password_change)
  if (token && forcePasswordChange && to.path !== '/login') {
    return '/login'
  }

  return true
})

export default router