123

ruoyi-screen/.env.development

@@ -15,5 +15,5 @@ VITE_WEATHER_APP_ID=36793262
 VITE_WEATHER_APP_SECRET=t6a6z0H8
 VITE_WEATHER_CITY=巴青
 
-# 大屏免密登录（RSA 加密 UUID，见 doc/大屏/免密登录/大屏免密登录技术方案.md）
+# 大屏免密登录（获取公钥 + RSA 加密 UUID）
 VITE_SCREEN_AUTO_LOGIN=true

ruoyi-screen/src/router/index.js

@@ -1,7 +1,15 @@
 import { createRouter, createWebHistory } from "vue-router"
 import ScreenLayout from "../layout/ScreenLayout.vue"
 import { getToken } from "../utils/auth"
-import { ensureScreenAutoLogin, isScreenAutoLoginEnabled } from "../utils/screenAutoLogin"
+import {
+  ensureScreenAutoLogin,
+  getUrlScreenLoginCipher,
+  SCREEN_LOGIN_CIPHER_ERROR,
+  SCREEN_LOGIN_UUID_ERROR,
+  stripScreenLoginTokenQuery,
+  stripScreenLoginUuidQuery,
+  tryScreenLoginWithCipher
+} from "../utils/screenAutoLogin"
 
 /**
  * 大屏路由表（路径与后端 /bigScreen/* 业务对应，便于联调）
@@ -88,7 +96,59 @@ const router = createRouter({
   routes
 })
 
-/** 未登录跳转登录页；已登录访问 /login 则进首页；启用免密时先尝试自动登录 */
+/** URL ?token= 密文登录；失败则提示公钥不对并跳转登录页 */
+async function tryLoginWithUrlToken(to, next) {
+  const cipher = getUrlScreenLoginCipher(to.query)
+  if (!cipher) {
+    return false
+  }
+  try {
+    await tryScreenLoginWithCipher(cipher)
+    const query = stripScreenLoginTokenQuery(to.query)
+    if (to.path === "/login") {
+      const redirect =
+        typeof to.query.redirect === "string" ? to.query.redirect : "/home"
+      next({ path: redirect, replace: true })
+      return true
+    }
+    next({ path: to.path, query, replace: true })
+    return true
+  } catch {
+    next({
+      path: "/login",
+      query: { screenLoginError: SCREEN_LOGIN_CIPHER_ERROR },
+      replace: true
+    })
+    return true
+  }
+}
+
+/** URL ?uuid= 免密登录；失败则提示并跳转登录页 */
+async function tryLoginWithUrlUuid(to, next) {
+  const { attempted, ok } = await ensureScreenAutoLogin(to.query)
+  if (!attempted) {
+    return false
+  }
+  if (ok) {
+    const query = stripScreenLoginUuidQuery(to.query)
+    if (to.path === "/login") {
+      const redirect =
+        typeof to.query.redirect === "string" ? to.query.redirect : "/home"
+      next({ path: redirect, replace: true })
+      return true
+    }
+    next({ path: to.path, query, replace: true })
+    return true
+  }
+  next({
+    path: "/login",
+    query: { screenLoginError: SCREEN_LOGIN_UUID_ERROR },
+    replace: true
+  })
+  return true
+}
+
+/** 未登录跳转登录页；URL ?token= / ?uuid= 优先 */
 router.beforeEach(async (to, _from, next) => {
   const token = getToken()
   if (to.path === "/login") {
@@ -96,26 +156,22 @@ router.beforeEach(async (to, _from, next) => {
       next({ path: "/home" })
       return
     }
-    if (isScreenAutoLoginEnabled()) {
-      const ok = await ensureScreenAutoLogin()
-      if (ok) {
-        const redirect =
-          typeof to.query.redirect === "string" ? to.query.redirect : "/home"
-        next({ path: redirect })
-        return
-      }
+    if (await tryLoginWithUrlToken(to, next)) {
+      return
+    }
+    if (await tryLoginWithUrlUuid(to, next)) {
+      return
     }
     next()
     return
   }
   const needAuth = to.matched.some((r) => r.meta.requiresAuth)
   if (needAuth && !getToken()) {
-    if (isScreenAutoLoginEnabled()) {
-      const ok = await ensureScreenAutoLogin()
-      if (ok) {
-        next()
-        return
-      }
+    if (await tryLoginWithUrlToken(to, next)) {
+      return
+    }
+    if (await tryLoginWithUrlUuid(to, next)) {
+      return
     }
     next({ path: "/login", query: { redirect: to.fullPath } })
     return

ruoyi-screen/src/utils/screenAutoLogin.js

@@ -2,9 +2,16 @@ import JSEncrypt from 'jsencrypt/bin/jsencrypt.min'
 import { getScreenPublicKey, screenAutoLogin } from '@/api/login'
 import { getToken, setToken } from '@/utils/auth'
 
+/** URL 密文登录失败时展示给用户的提示 */
+export const SCREEN_LOGIN_CIPHER_ERROR = '公钥不对'
+
+/** URL uuid 免密登录失败时展示给用户的提示 */
+export const SCREEN_LOGIN_UUID_ERROR = '免密失败，请联系管理员获取免登ID'
+
 /** 同一会话内仅尝试一次免密登录，避免反复请求 */
 let autoLoginState = null
 let autoLoginPromise = null
+let autoLoginUuid = null
 
 export function isScreenAutoLoginEnabled() {
   return import.meta.env.VITE_SCREEN_AUTO_LOGIN === 'true'
@@ -13,58 +20,136 @@ export function isScreenAutoLoginEnabled() {
 export function resetScreenAutoLoginState() {
   autoLoginState = null
   autoLoginPromise = null
+  autoLoginUuid = null
+}
+
+/** 从路由 query 读取 RSA 密文（?token=xxxx） */
+export function getUrlScreenLoginCipher(query) {
+  const raw = query?.token
+  if (typeof raw !== 'string' || !raw.trim()) {
+    return ''
+  }
+  try {
+    return decodeURIComponent(raw.trim())
+  } catch {
+    return raw.trim()
+  }
+}
+
+/** 从路由 query 读取免登 UUID（?uuid=xxxx） */
+export function getUrlScreenLoginUuid(query) {
+  const raw = query?.uuid
+  if (typeof raw !== 'string' || !raw.trim()) {
+    return ''
+  }
+  try {
+    return decodeURIComponent(raw.trim())
+  } catch {
+    return raw.trim()
+  }
+}
+
+/** 去掉 URL 中的 token，避免密文残留在地址栏 */
+export function stripScreenLoginTokenQuery(query = {}) {
+  const next = { ...query }
+  delete next.token
+  return next
+}
+
+/** 去掉 URL 中的 uuid */
+export function stripScreenLoginUuidQuery(query = {}) {
+  const next = { ...query }
+  delete next.uuid
+  return next
 }
 
 /**
- * RSA 加密 UUID 换取 JWT（见 doc/大屏/免密登录/大屏免密登录技术方案.md）
+ * 使用 URL 传入的 RSA 密文换取 JWT
+ * @param {string} cipher
  * @returns {Promise<string>} JWT
  */
-export async function tryScreenAutoLogin() {
-  const keyRes = await getScreenPublicKey()
-  const publicKey = keyRes.data?.publicKey
-  if (!publicKey) {
-    throw new Error('未获取到 RSA 公钥')
+export async function tryScreenLoginWithCipher(cipher) {
+  if (!cipher) {
+    throw new Error(SCREEN_LOGIN_CIPHER_ERROR)
+  }
+  try {
+    const loginRes = await screenAutoLogin(cipher)
+    if (!loginRes?.token) {
+      throw new Error(SCREEN_LOGIN_CIPHER_ERROR)
+    }
+    setToken(loginRes.token)
+    autoLoginState = 'ok'
+    return loginRes.token
+  } catch {
+    throw new Error(SCREEN_LOGIN_CIPHER_ERROR)
   }
+}
 
-  const uuid = crypto.randomUUID()
-  const encryptor = new JSEncrypt()
-  encryptor.setPublicKey(publicKey)
-  const cipher = encryptor.encrypt(uuid)
-  if (!cipher) {
-    throw new Error('RSA 加密失败')
+/**
+ * 获取公钥 → RSA 加密 URL 中的 UUID → 换取 JWT
+ * @param {string} uuid
+ * @returns {Promise<string>} JWT
+ */
+export async function tryScreenAutoLogin(uuid) {
+  if (!uuid) {
+    throw new Error(SCREEN_LOGIN_UUID_ERROR)
   }
+  try {
+    const keyRes = await getScreenPublicKey()
+    const publicKey = keyRes.data?.publicKey
+    if (!publicKey) {
+      throw new Error(SCREEN_LOGIN_UUID_ERROR)
+    }
+
+    const encryptor = new JSEncrypt()
+    encryptor.setPublicKey(publicKey)
+    const cipher = encryptor.encrypt(uuid)
+    if (!cipher) {
+      throw new Error(SCREEN_LOGIN_UUID_ERROR)
+    }
 
-  const loginRes = await screenAutoLogin(cipher)
-  if (!loginRes.token) {
-    throw new Error('免密登录未返回 token')
+    const loginRes = await screenAutoLogin(cipher)
+    if (!loginRes?.token) {
+      throw new Error(SCREEN_LOGIN_UUID_ERROR)
+    }
+    setToken(loginRes.token)
+    return loginRes.token
+  } catch {
+    throw new Error(SCREEN_LOGIN_UUID_ERROR)
   }
-  setToken(loginRes.token)
-  return loginRes.token
 }
 
 /**
- * 路由守卫用：已登录直接通过；未启用免密则 false；否则尝试一次免密登录
- * @returns {Promise<boolean>}
+ * 路由守卫用：URL 含 uuid 时尝试免密登录
+ * @returns {Promise<{ attempted: boolean, ok: boolean }>}
  */
-export async function ensureScreenAutoLogin() {
+export async function ensureScreenAutoLogin(query) {
   if (getToken()) {
-    return true
+    return { attempted: false, ok: true }
   }
   if (!isScreenAutoLoginEnabled()) {
-    return false
+    return { attempted: false, ok: false }
   }
-  if (autoLoginState === 'fail') {
-    return false
+
+  const uuid = getUrlScreenLoginUuid(query)
+  if (!uuid) {
+    return { attempted: false, ok: false }
+  }
+
+  if (autoLoginState === 'fail' && autoLoginUuid === uuid) {
+    return { attempted: true, ok: false }
   }
-  if (autoLoginState === 'ok') {
-    return !!getToken()
+  if (autoLoginState === 'ok' && getToken()) {
+    return { attempted: false, ok: true }
   }
-  if (autoLoginState === 'pending' && autoLoginPromise) {
-    return autoLoginPromise
+  if (autoLoginState === 'pending' && autoLoginPromise && autoLoginUuid === uuid) {
+    const ok = await autoLoginPromise
+    return { attempted: true, ok }
   }
 
+  autoLoginUuid = uuid
   autoLoginState = 'pending'
-  autoLoginPromise = tryScreenAutoLogin()
+  autoLoginPromise = tryScreenAutoLogin(uuid)
     .then(() => {
       autoLoginState = 'ok'
       return true
@@ -74,5 +159,6 @@ export async function ensureScreenAutoLogin() {
       return false
     })
 
-  return autoLoginPromise
+  const ok = await autoLoginPromise
+  return { attempted: true, ok }
 }

ruoyi-screen/src/views/login/index.vue

@@ -102,6 +102,13 @@ function onKeyupEnter() {
 }
 
 onMounted(() => {
+  const urlError = route.query.screenLoginError
+  if (typeof urlError === 'string' && urlError) {
+    errorMsg.value = urlError
+    const query = { ...route.query }
+    delete query.screenLoginError
+    router.replace({ path: '/login', query })
+  }
   loadRemembered()
   refreshCaptcha()
 })

ruoyi-ui/src/layout/components/Sidebar/Logo.vue

@@ -80,7 +80,7 @@ export default {
       color: #fff;
       font-weight: 600;
       line-height: 50px;
-      font-size: 11px;
+      font-size: 14px;
       font-family: Avenir, Helvetica Neue, Arial, Helvetica, sans-serif;
       vertical-align: middle;
     }