From 76e5e7c1c024f842b510358711283360d01e555f Mon Sep 17 00:00:00 2001
From: chenos <chenlinxh@gmail.com>
Date: Tue, 25 Feb 2025 19:59:46 +0800
Subject: [PATCH] fix: skip auth check in the public form (#6284)

* fix: skipAuthCheck

* fix: before auth

* fix: skip auth

* feat: add skipAuth option to ResourceActionOptions

* feat: add skipNotify option to ResourceActionOptions

---------

Co-authored-by: sheldon guo <sheldon_66@163.com>
---
 packages/core/auth/src/auth.ts                |  3 +++
 packages/core/auth/src/base/auth.ts           |  4 ++--
 .../client/src/api-client/hooks/useRequest.ts |  2 ++
 .../src/client/components/PublicFormPage.tsx  | 19 ++++++++++---------
 .../plugin-public-forms/src/server/plugin.ts  |  3 ++-
 5 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/packages/core/auth/src/auth.ts b/packages/core/auth/src/auth.ts
index 901c599e86..0d26582360 100644
--- a/packages/core/auth/src/auth.ts
+++ b/packages/core/auth/src/auth.ts
@@ -68,6 +68,9 @@ export abstract class Auth implements IAuth {
   }
 
   async skipCheck() {
+    if (this.ctx.skipAuthCheck === true) {
+      return true;
+    }
     const token = this.ctx.getBearerToken();
     if (!token && this.ctx.app.options.acl === false) {
       return true;
diff --git a/packages/core/auth/src/base/auth.ts b/packages/core/auth/src/base/auth.ts
index 6f5d3ee408..8141d4c37d 100644
--- a/packages/core/auth/src/base/auth.ts
+++ b/packages/core/auth/src/base/auth.ts
@@ -7,10 +7,10 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
-import { Collection, Model } from '@nocobase/database';
 import { Cache } from '@nocobase/cache';
+import { Collection, Model } from '@nocobase/database';
 import jwt from 'jsonwebtoken';
-import { Auth, AuthConfig, AuthErrorCode, AuthError } from '../auth';
+import { Auth, AuthConfig, AuthError, AuthErrorCode } from '../auth';
 import { JwtService } from './jwt-service';
 import { ITokenControlService } from './token-control-service';
 
diff --git a/packages/core/client/src/api-client/hooks/useRequest.ts b/packages/core/client/src/api-client/hooks/useRequest.ts
index b1b06b2639..667163920f 100644
--- a/packages/core/client/src/api-client/hooks/useRequest.ts
+++ b/packages/core/client/src/api-client/hooks/useRequest.ts
@@ -27,6 +27,8 @@ export type ResourceActionOptions<P = any> = {
   action?: string;
   params?: P;
   url?: string;
+  skipNotify?: boolean | ((error: any) => boolean);
+  skipAuth?: boolean;
 };
 
 export type UseRequestService<P> = AxiosRequestConfig<P> | ResourceActionOptions<P> | FunctionService;
diff --git a/packages/plugins/@nocobase/plugin-public-forms/src/client/components/PublicFormPage.tsx b/packages/plugins/@nocobase/plugin-public-forms/src/client/components/PublicFormPage.tsx
index bac0c865b0..b3ad843f22 100644
--- a/packages/plugins/@nocobase/plugin-public-forms/src/client/components/PublicFormPage.tsx
+++ b/packages/plugins/@nocobase/plugin-public-forms/src/client/components/PublicFormPage.tsx
@@ -7,38 +7,38 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
+import { css } from '@emotion/css';
+import { useField } from '@formily/react';
 import {
+  ACLCustomContext,
+  Action,
   APIClient,
   APIClientProvider,
+  AssociationField,
   CollectionManager,
   DataSource,
   DataSourceApplicationProvider,
   DataSourceManager,
+  DatePicker,
+  GlobalThemeProvider,
   PoweredBy,
   SchemaComponent,
   SchemaComponentContext,
   useAPIClient,
   useApp,
   useRequest,
-  ACLCustomContext,
   VariablesProvider,
-  GlobalThemeProvider,
-  AssociationField,
-  Action,
-  DatePicker,
 } from '@nocobase/client';
-import { css } from '@emotion/css';
-import { isDesktop } from 'react-device-detect';
-import { useField } from '@formily/react';
 import { Input, Modal, Spin } from 'antd';
 import React, { createContext, useContext, useEffect, useMemo, useState } from 'react';
+import { isDesktop } from 'react-device-detect';
 import { useParams } from 'react-router';
 import { usePublicSubmitActionProps } from '../hooks';
 import { UnEnabledFormPlaceholder, UnFoundFormPlaceholder } from './UnEnabledFormPlaceholder';
 
 import { Button as MobileButton, Dialog as MobileDialog } from 'antd-mobile';
-import { MobilePicker } from './components/MobilePicker';
 import { MobileDateTimePicker } from './components/MobileDatePicker';
+import { MobilePicker } from './components/MobilePicker';
 class PublicDataSource extends DataSource {
   async getDataSource() {
     return {};
@@ -158,6 +158,7 @@ function InternalPublicForm() {
   const { error, data, loading, run } = useRequest<any>(
     {
       url: `publicForms:getMeta/${params.name}`,
+      skipAuth: true,
     },
     {
       onSuccess(data) {
diff --git a/packages/plugins/@nocobase/plugin-public-forms/src/server/plugin.ts b/packages/plugins/@nocobase/plugin-public-forms/src/server/plugin.ts
index 36314cf584..6b04a5bac1 100644
--- a/packages/plugins/@nocobase/plugin-public-forms/src/server/plugin.ts
+++ b/packages/plugins/@nocobase/plugin-public-forms/src/server/plugin.ts
@@ -150,6 +150,7 @@ export class PluginPublicFormsServer extends Plugin {
         if (actionName === 'publicSubmit') {
           ctx.action.actionName = 'create';
         }
+        ctx.skipAuthCheck = true;
       } catch (error) {
         ctx.throw(401, error.message);
       }
@@ -192,7 +193,7 @@ export class PluginPublicFormsServer extends Plugin {
     });
     this.app.dataSourceManager.afterAddDataSource((dataSource) => {
       dataSource.resourceManager.use(this.parseToken, {
-        before: 'acl',
+        before: 'auth',
       });
       dataSource.acl.use(this.parseACL, {
         before: 'core',