feat: add ALLOW_ANONYMOUS, CUSTOM_ERROR, IGNORE_BASE_URL, RAW_BODY (#1486)

Author: cipchk

packages/auth/docs/getting-started.en-US.md

@@ -77,7 +77,7 @@ The default `DelonAuthModule` does not register any HTTP interceptor, because of
 | `[token_send_place]` | `header,body,url` | `header` | Send token parameter position | ✅ |
 | `[login_url]` | `string` | `/login` | Login page routing address | ✅ |
 | `[ignores]` | `RegExp[]` | `[ /\/login/, /assets\// ]` | Ignore the list of URL addresses | ✅ |
-| `[allow_anonymous_key]` | `string` | `_allow_anonymous` | Anonymous login KEY identification, if the request parameter with the KEY is to ignore token check and add action, the key value will be removed when the request is truth | ✅ |
+| (deprecated) `[allow_anonymous_key]` | `string` | `_allow_anonymous` | Will be removed in 15.0.0, Pls used [ALLOW_ANONYMOUS](https://github.com/ng-alain/delon/blob/master/packages/auth/src/token.ts) `HttpContext` instead. Anonymous login KEY identification, if the request parameter with the KEY is to ignore token check and add action, the key value will be removed when the request is truth | ✅ |
 | `[executeOtherInterceptors]` | `boolean` | `true` | Whether continue to call other interceptor `intercept` method after token missing | ✅ |
 | `[refreshTime]` | `number` | `3000` | Refresh time (unit: ms) | ✅ |
 | `[refreshOffset]` | `number` | `6000` | Offset value (unit: ms), it is recommended to set according to the multiple of `refreshTime` | ✅ |

packages/auth/docs/getting-started.zh-CN.md

@@ -77,7 +77,7 @@ export class AppModule { }
 | `[token_send_place]` | `header,body,url` | `header` | 发送token参数位置 | ✅ |
 | `[login_url]` | `string` | `/login` | 登录页路由地址 | ✅ |
 | `[ignores]` | `RegExp[]` | `[ /\/login/, /assets\// ]` | 忽略 URL 地址清单 | ✅ |
-| `[allow_anonymous_key]` | `string` | `_allow_anonymous` | 允许匿名登录标识号，若请求参数中带有该KEY表示忽略TOKEN校验与添加动作，同时真实请求时会移除该数据 | ✅ |
+| (deprecated) `[allow_anonymous_key]` | `string` | `_allow_anonymous` | Will be removed in 15.0.0, Pls used [ALLOW_ANONYMOUS](https://github.com/ng-alain/delon/blob/master/packages/auth/src/token.ts) `HttpContext` instead. 允许匿名登录标识号，若请求参数中带有该KEY表示忽略TOKEN校验与添加动作，同时真实请求时会移除该数据 | ✅ |
 | `[executeOtherInterceptors]` | `boolean` | `true` | 是否校验失效时命中后继续调用后续拦截器的 `intercept` 方法 | ✅ |
 | `[refreshTime]` | `number` | `3000` | 刷新时长（单位：ms） | ✅ |
 | `[refreshOffset]` | `number` | `6000` | 偏移值（单位：ms），建议根据 `refreshTime` 倍数来设置 | ✅ |

packages/auth/index.ts

@@ -14,5 +14,6 @@ export * from './src/token/jwt/jwt.guard';
 export * from './src/token/simple/simple.model';
 export * from './src/token/simple/simple.interceptor';
 export * from './src/token/simple/simple.guard';
+export * from './src/token';
 export * from './src/auth.config';
 export * from './src/auth.module';

packages/auth/src/token.ts

@@ -0,0 +1,15 @@
+import { HttpContextToken } from '@angular/common/http';
+
+/**
+ * Whether to allow anonymous login
+ *
+ * 是否允许匿名登录
+ *
+ * @example
+ * this.http.post(`login`, {
+ *  name: 'cipchk', pwd: '123456'
+ * }, {
+ *  context: new HttpContext().set(ALLOW_ANONYMOUS, true)
+ * })
+ */
+export const ALLOW_ANONYMOUS = new HttpContextToken(() => false);

packages/auth/src/token/base.interceptor.spec.ts

@@ -2,6 +2,7 @@
 import { DOCUMENT } from '@angular/common';
 import {
   HttpClient,
+  HttpContext,
   HttpEvent,
   HttpHandler,
   HttpInterceptor,
@@ -19,6 +20,7 @@ import { Observable, throwError, catchError } from 'rxjs';
 import { AlainAuthConfig, ALAIN_CONFIG } from '@delon/util/config';
 
 import { DelonAuthModule } from '../auth.module';
+import { ALLOW_ANONYMOUS } from '../token';
 import { AuthReferrer, DA_SERVICE_TOKEN, ITokenModel, ITokenService } from './interface';
 import { SimpleInterceptor } from './simple/simple.interceptor';
 import { SimpleTokenModel } from './simple/simple.model';
@@ -126,6 +128,14 @@ describe('auth: base.interceptor', () => {
       });
     });
 
+    it('#ALLOW_ANONYMOUS', () => {
+      genModule({}, genModel(SimpleTokenModel, null));
+      http.get('/user', { context: new HttpContext().set(ALLOW_ANONYMOUS, true) }).subscribe();
+      const ret = httpBed.expectOne(() => true);
+      expect(ret.request.headers.get('Authorization')).toBeNull();
+      ret.flush('ok!');
+    });
+
     describe('#with allow_anonymous_key', () => {
       describe('in params', () => {
         it(`should working`, done => {

packages/auth/src/token/base.interceptor.ts

@@ -14,6 +14,7 @@ import { Observable, Observer } from 'rxjs';
 import { AlainAuthConfig, AlainConfigService } from '@delon/util/config';
 
 import { mergeConfig } from '../auth.config';
+import { ALLOW_ANONYMOUS } from '../token';
 import { ToLogin } from './helper';
 import { ITokenModel } from './interface';
 
@@ -36,6 +37,8 @@ export abstract class BaseInterceptor implements HttpInterceptor {
   abstract setReq(req: HttpRequest<any>, options: AlainAuthConfig): HttpRequest<any>;
 
   intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
+    if (req.context.get(ALLOW_ANONYMOUS)) return next.handle(req);
+
     const options = mergeConfig(this.injector.get(AlainConfigService));
     if (Array.isArray(options.ignores)) {
       for (const item of options.ignores) {
@@ -70,11 +73,15 @@ export abstract class BaseInterceptor implements HttpInterceptor {
       ToLogin(options, this.injector);
       // Interrupt Http request, so need to generate a new Observable
       const err$ = new Observable((observer: Observer<HttpEvent<any>>) => {
+        let statusText = '';
+        if (typeof ngDevMode === 'undefined' || ngDevMode) {
+          statusText = `来自 @delon/auth 的拦截，所请求URL未授权，若是登录API可加入 [url?_allow_anonymous=true] 来表示忽略校验，更多方法请参考： https://ng-alain.com/auth/getting-started#AlainAuthConfig\nThe interception from @delon/auth, the requested URL is not authorized. If the login API can add [url?_allow_anonymous=true] to ignore the check, please refer to: https://ng-alain.com/auth/getting-started#AlainAuthConfig`;
+        }
         const res = new HttpErrorResponse({
           url: req.url,
           headers: req.headers,
           status: 401,
-          statusText: `来自 @delon/auth 的拦截，所请求URL未授权，若是登录API可加入 [url?_allow_anonymous=true] 来表示忽略校验，更多方法请参考： https://ng-alain.com/auth/getting-started#AlainAuthConfig\nThe interception from @delon/auth, the requested URL is not authorized. If the login API can add [url?_allow_anonymous=true] to ignore the check, please refer to: https://ng-alain.com/auth/getting-started#AlainAuthConfig`
+          statusText
         });
         observer.error(res);
       });

packages/theme/public_api.ts

@@ -10,8 +10,7 @@ export * from './src/services/i18n/index';
 export * from './src/locale/index';
 export * from './src/services/modal/modal.helper';
 export * from './src/services/drawer/drawer.helper';
-export * from './src/services/http/http.client';
-export * from './src/services/http/http.decorator';
+export * from './src/services/http/index';
 export * from './src/pipes/date/date.pipe';
 export * from './src/pipes/keys/keys.pipe';
 export * from './src/pipes/yn/yn.pipe';

packages/theme/src/services/http/http.token.ts

@@ -0,0 +1,33 @@
+import { HttpContextToken } from '@angular/common/http';
+
+/**
+ * Whether to customize the handling of exception messages
+ *
+ * 是否自定义处理异常消息
+ *
+ * @example
+ * this.http.post(`login`, {
+ *  name: 'cipchk', pwd: '123456'
+ * }, {
+ *  context: new HttpContext()
+ *              .set(ALLOW_ANONYMOUS, true)
+ *              .set(CUSTOM_ERROR, true)
+ * }).subscribe({
+ *  next: console.log,
+ *  error: console.log
+ * });
+ */
+export const CUSTOM_ERROR = new HttpContextToken(() => false);
+
+/**
+ * Whether to ignore API prefixes
+ *
+ * 是否忽略API前缀
+ *
+ * @example
+ * // When environment.api.baseUrl set '/api'
+ *
+ * this.http.get(`/path`) // Request Url: /api/path
+ * this.http.get(`/path`, { context: new HttpContext().set(IGNORE_BASE_URL, true) }) // Request Url: /path
+ */
+export const IGNORE_BASE_URL = new HttpContextToken(() => false);

packages/theme/src/services/http/index.en-US.md

@@ -153,3 +153,31 @@ class RestService extends BaseApi {
 - `@Payload` Request Payload
   - Supported body (like`POST`, `PUT`) as a body data, equivalent to `@Body`
   - Not supported body (like `GET`, `DELETE` etc) as a `QueryString`
+
+### CUSTOM_ERROR
+
+Whether to customize the handling of exception messages.
+
+```ts
+this.http.post(`login`, {
+ name: 'cipchk', pwd: '123456'
+}, {
+ context: new HttpContext()
+             .set(ALLOW_ANONYMOUS, true)
+             .set(CUSTOM_ERROR, true)
+}).subscribe({
+ next: console.log,
+ error: console.log
+});
+```
+
+### IGNORE_BASE_URL
+
+Whether to ignore API prefixes.
+
+```ts
+// When environment.api.baseUrl set '/api'
+
+this.http.get(`/path`) // Request Url: /api/path
+this.http.get(`/path`, { context: new HttpContext().set(IGNORE_BASE_URL, true) }) // Request Url: /path
+```

packages/theme/src/services/http/index.ts

@@ -0,0 +1,3 @@
+export * from './http.client';
+export * from './http.decorator';
+export * from './http.token';

packages/theme/src/services/http/index.zh-CN.md

@@ -153,3 +153,33 @@ class RestService extends BaseApi {
 - `@Payload` 请求负载
   - 当支持 Body 时（例如：`POST`、`PUT`）为内容体等同 `@Body`
   - 当不支持 Body 时（例如：`GET`、`DELETE` 等）为 `QueryString`
+
+## HttpContext
+
+### CUSTOM_ERROR
+
+是否自定义处理异常消息。
+
+```ts
+this.http.post(`login`, {
+ name: 'cipchk', pwd: '123456'
+}, {
+ context: new HttpContext()
+             .set(ALLOW_ANONYMOUS, true)
+             .set(CUSTOM_ERROR, true)
+}).subscribe({
+ next: console.log,
+ error: console.log
+});
+```
+
+### IGNORE_BASE_URL
+
+是否忽略API前缀。
+
+```ts
+// When environment.api.baseUrl set '/api'
+
+this.http.get(`/path`) // Request Url: /api/path
+this.http.get(`/path`, { context: new HttpContext().set(IGNORE_BASE_URL, true) }) // Request Url: /path
+```

packages/util/config/auth/auth.type.ts

@@ -37,6 +37,8 @@ export interface AlainAuthConfig {
   ignores?: RegExp[];
   /**
    * 允许匿名登录KEY，若请求参数中带有该KEY表示忽略TOKEN，默认：`_allow_anonymous`
+   *
+   * @deprecated Will be removed in 15.x, Pls used [ALLOW_ANONYMOUS](https://github.com/ng-alain/delon/blob/master/packages/auth/src/token.ts) `HttpContext` instead
    */
   allow_anonymous_key?: string;
   /**