fix(share): stabilize revoke API and error diagnostics#39
Merged
Conversation
…e as public endpoint in middleware\n- generate share URLs with frontend AUTH_URL and HashRouter path\n- update testing/integration docs to hash-based embed URLs\n- include manual test helper script\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add Share button to EditorTopNav between Save and Preview - Import and render ShareDashboardDialog in Editor component - Only show share button when projectId exists - Use Share2 icon from lucide-react Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…eature/share-link-embed
- Fix ShareDashboardDialog props interface: isOpen->open, onClose->onOpenChange - Add 'share' translation to both zh and en editor i18n files - Remove i18n fallback value in EditorTopNav - Ensure share button click handler works correctly This fixes the issue where clicking share button had no effect. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- surface backend error details when create/revoke share link fails - show actionable hint when dashboard is not found (save first) - preserve generated share URL in dialog state after creation - fully localize share dialog strings (zh/en) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- use same AUTH_SECRET fallback as login/auth helpers - prevent false Unauthorized in middleware when AUTH_SECRET is unset - restore bearer token auth for share link create endpoint Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- use localStorage token when in-memory tokenRef is temporarily empty - prevents intermittent Unauthorized on share link creation - keeps embed token behavior unchanged Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- fallback to persisted browser token for non-embed requests - prevent Authorization header from being dropped by runtime token races - keep embed mode token isolation intact Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Context: - Unauthorized persisted in normal browser editor while script worked. - Root cause was treating URL param mode=embedded as true embed context. - That disabled browser token fallback in non-iframe pages. Change: - Determine embed context via window.self !== window.top (safe try/catch). - Keep token fallback enabled for normal browser pages even if URL contains mode=embedded. - Preserve isolation for true iframe embed context. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- frontend: collect auth debug events in window.__THINGSVIS_AUTH_DEBUG_LOGS__ - frontend: log token source/request/401 when thingsvis_debug_auth=1 - frontend: log share create failure context under same debug switch - backend: log header/session diagnostics on share POST when DEBUG_SHARE_AUTH=1 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- detect Unauthorized on createShareLink in share dialog - show clear re-login guidance instead of generic failure - redirect user to login page for immediate recovery - add zh/en i18n messages for unauthorized hint Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- avoid json() parse errors on 204/empty responses - parse response text conditionally before JSON decoding - fixes revoke share link showing false 'Network error' Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- return 200 JSON for DELETE /share instead of 204 with body\n- add DELETE auth diagnostics on server\n- harden client response parsing for non-JSON payloads\n- include response status/raw text in debug logs\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🚀 新功能:分享链接 - 无状态仪表板嵌入
概述
实现了无状态的分享链接功能,允许通过 UUID v4 令牌嵌入 ThingsVis 仪表板,无需复杂的 SSO Token 交换流程。
主要变更
后端 API
✅ 数据库 Schema
shareToken(UUID v4),shareExpiry,shareEnabled字段到 Dashboard 模型✅ API 端点
POST /api/v1/dashboards/:id/share- 创建分享链接(需认证)GET /api/v1/dashboards/:id/share- 查询分享信息,Token 脱敏(需认证)DELETE /api/v1/dashboards/:id/share- 吊销分享链接(需认证)GET /api/v1/dashboards/:id/validate-share- 验证分享链接(无需认证)前端实现
✅ API 客户端
apiClient支持skipAuth选项createShareLink,validateShareLink,revokeShareLink,getShareInfo函数✅ EmbedPage 支持
shareTokenURL 参数shareToken>token✅ UI 组件
ShareDashboardDialog- 完整的分享管理对话框文档
✅ 集成指南
功能特性
🔒 安全性
�� 向后兼容
⚡ 无状态设计
📊 使用简单
测试
✅ 构建测试通过
⏸️ 待完成(可选)
文件变更
核心文件
apps/server/prisma/schema.prisma- 数据模型apps/server/src/app/api/v1/dashboards/[id]/share/route.ts- 分享 CRUDapps/server/src/app/api/v1/dashboards/[id]/validate-share/route.ts- 验证 APIapps/studio/src/lib/api/client.ts- API 客户端增强apps/studio/src/lib/api/dashboards.ts- 分享 API 封装apps/studio/src/pages/EmbedPage.tsx- shareToken 支持apps/studio/src/components/dashboard/ShareDashboardDialog.tsx- UI 组件文档
docs/integration/share-link-integration.md- 集成指南FEATURE_SUMMARY.md- 功能总结部署注意事项
相关文档
Checklist
预览
创建分享链接并嵌入:
类型: 新功能
影响范围: 后端 API + 前端 + 数据库
破坏性变更: 无