fix: Traefik 路由範本加入 /login OIDC redirect

- manager 和一般租戶都加入 {code}-login 路由 (priority 300) - 加入 {code}-oidc-redirect middleware 自動導向 user_oidc/login/1 - 修正 NC 無法透過 /login 觸發 SSO 的問題 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-16 12:50:33 +08:00
parent 47e24dbca9
commit 5662e08218
1 changed files with 30 additions and 0 deletions
--- a/backend/app/services/scheduler/schedule_tenant.py
+++ b/backend/app/services/scheduler/schedule_tenant.py
@@ -209,10 +209,24 @@ def _generate_tenant_route_yaml(tenant, is_active: bool) -> str:
            "    vmis-strip-admin:",
            "      stripPrefix:",
            '        prefixes: ["/admin"]',
            f"    {code}-oidc-redirect:",
            "      redirectRegex:",
            '        regex: ".*"',
            f'        replacement: "https://{domain}/apps/user_oidc/login/1"',
            "        permanent: false",
            "",
        ]
        lines += [
            "  routers:",
            f"    {code}-login:",
            f'      rule: "Host(`{domain}`) && Path(`/login`)"',
            f"      service: {code}-drive",
            "      entryPoints: [websecure]",
            f"      middlewares: [{code}-oidc-redirect]",
            "      tls:",
            "        certResolver: letsencrypt",
            "      priority: 300",
            "",
            f"    {code}-admin:",
            f'      rule: "Host(`{domain}`) && PathPrefix(`/admin`)"',
            f"      service: {code}-vmis",
@@ -255,7 +269,23 @@ def _generate_tenant_route_yaml(tenant, is_active: bool) -> str:
        ]
    else:
        lines += [
            "  middlewares:",
            f"    {code}-oidc-redirect:",
            "      redirectRegex:",
            '        regex: ".*"',
            f'        replacement: "https://{domain}/apps/user_oidc/login/1"',
            "        permanent: false",
            "",
            "  routers:",
            f"    {code}-login:",
            f'      rule: "Host(`{domain}`) && Path(`/login`)"',
            f"      service: {code}-drive",
            "      entryPoints: [websecure]",
            f"      middlewares: [{code}-oidc-redirect]",
            "      tls:",
            "        certResolver: letsencrypt",
            "      priority: 300",
            "",
            f"    {code}-drive:",
            f'      rule: "Host(`{domain}`)"',
            f"      service: {code}-drive",