feat: 未登录时访问 /is-login 设置 code 401

--story=1011773 --user=刘瑞斌 【通用功能】未登录时 is-login 接口返回 401 状态码 https://www.tapd.cn/55049933/s/1365408

framework/gateway/src/main/java/io/metersphere/gateway/filter/AuthFilter.java

@@ -0,0 +1,50 @@
+package io.metersphere.gateway.filter;
+
+import io.metersphere.commons.constants.SessionConstants;
+import io.metersphere.commons.utils.JSON;
+import io.metersphere.commons.utils.RsaKey;
+import io.metersphere.commons.utils.RsaUtil;
+import io.metersphere.controller.handler.ResultHolder;
+import org.springframework.core.io.buffer.DataBuffer;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Component;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+import org.springframework.web.server.WebFilterChain;
+import reactor.core.publisher.Mono;
+
+import java.nio.charset.StandardCharsets;
+import java.security.NoSuchAlgorithmException;
+
+@Component
+public class AuthFilter implements WebFilter {
+
+    @Override
+    public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+        // 放行不是 /is-login 的接口
+        if (!exchange.getRequest().getURI().getRawPath().equals("/is-login")) {
+            return chain.filter(exchange);
+        }
+
+        RsaKey rsaKey = null;
+        try {
+            rsaKey = RsaUtil.getRsaKey();
+        } catch (NoSuchAlgorithmException e) {
+        }
+        // 从请求头中获取Auth Token
+        String authToken = exchange.getRequest().getHeaders().getFirst(SessionConstants.HEADER_TOKEN);
+        String csrfToken = exchange.getRequest().getHeaders().getFirst(SessionConstants.CSRF_TOKEN);
+        if (authToken == null || csrfToken == null) {
+            // 将错误信息转换为JSON格式
+            byte[] body = JSON.toJSONString(ResultHolder.error(rsaKey.getPublicKey())).getBytes(StandardCharsets.UTF_8);
+            // 设置响应体和响应类型
+            exchange.getResponse().getHeaders().setContentType(MediaType.APPLICATION_JSON);
+            exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
+            DataBuffer buffer = exchange.getResponse().bufferFactory().wrap(body);
+            return exchange.getResponse().writeWith(Mono.just(buffer));
+        } else {
+            return chain.filter(exchange);
+        }
+    }
+}

framework/sdk-parent/frontend/src/plugins/request.js

@@ -83,7 +83,7 @@ const checkAuth = response => {
     clearLocalStorage();
     return;
   }
-  if (response.headers["authentication-status"] === "invalid" || response.status === 401) {
+  if (response.headers["authentication-status"] === "invalid") {
     clearLocalStorage();
   }
 }
@@ -110,6 +110,13 @@ instance.interceptors.response.use(response => {
 }, error => {
   let msg;
   if (error.response && error.response.headers) {
+    // 仅处理 /is-login
+    if (error.response.status === 401
+      && error.response.data.success === false
+      && error.response.request.responseURL.endsWith("/is-login")) {
+      return Promise.reject(error.response.data);
+    }
+
     // 判断错误标记
     if (error.response.status === 402) {
       if (error.response.headers['redirect']) {

framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/LoginController.java

@@ -52,7 +52,7 @@ public class LoginController {
 
 
     @GetMapping(value = "/is-login")
-    public ResultHolder isLogin(@RequestHeader(name = SessionConstants.HEADER_TOKEN, required = false) String sessionId) throws Exception {
+    public ResultHolder isLogin(@RequestHeader(name = SessionConstants.HEADER_TOKEN, required = false) String sessionId, HttpServletResponse response) throws Exception {
         RsaKey rsaKey = RsaUtil.getRsaKey();
         Object user = redisIndexedSessionRepository.getSessionRedisOperations().opsForHash().get("spring:session:sessions:" + sessionId, "sessionAttr:user");
         if (user != null) {
@@ -69,6 +69,8 @@ public class LoginController {
             }
             return ResultHolder.success(sessionUser);
         }
+        // 没登录状态码返回401
+        response.setStatus(401);
         return ResultHolder.error(rsaKey.getPublicKey());
     }