feat(ldap): 完善 LDAP 认证功能和安全性

- 添加 LDAP 配置类型定义，移除 any 类型 - 首次配置 LDAP 时强制要求设置绑定密码 - 根据认证类型区分登录标识验证（本地需邮箱，LDAP 允许用户名） - 添加 LDAP 过滤器转义函数防止注入攻击 - 增加 LDAP 连接超时设置 - 添加账户来源冲突检查，防止 LDAP 覆盖本地账户 - 添加用户名冲突自动重命名机制
2026-01-11 03:58:28 +08:00 · 2026-01-04 11:18:28 +08:00
parent 612992fa1f
commit 64bfa955f4
8 changed files with 2147 additions and 2020 deletions
--- a/frontend/src/api/admin.ts
+++ b/frontend/src/api/admin.ts
@@ -155,6 +155,41 @@ export interface EmailTemplateResetResponse {
  }
 }

+// LDAP 配置响应
+export interface LdapConfigResponse {
+  server_url: string | null
+  bind_dn: string | null
+  base_dn: string | null
+  user_search_filter: string
+  username_attr: string
+  email_attr: string
+  display_name_attr: string
+  is_enabled: boolean
+  is_exclusive: boolean
+  use_starttls: boolean
+}
+
+// LDAP 配置更新请求
+export interface LdapConfigUpdateRequest {
+  server_url: string
+  bind_dn: string
+  bind_password?: string
+  base_dn: string
+  user_search_filter?: string
+  username_attr?: string
+  email_attr?: string
+  display_name_attr?: string
+  is_enabled?: boolean
+  is_exclusive?: boolean
+  use_starttls?: boolean
+}
+
+// LDAP 连接测试响应
+export interface LdapTestResponse {
+  success: boolean
+  message: string
+}
+
 // Provider 模型查询响应
 export interface ProviderModelsQueryResponse {
  success: boolean
@@ -477,13 +512,13 @@ export const adminApi = {

  // LDAP 配置相关
  // 获取 LDAP 配置
-  async getLdapConfig(): Promise<any> {
-    const response = await apiClient.get<any>('/api/admin/ldap/config')
+  async getLdapConfig(): Promise<LdapConfigResponse> {
+    const response = await apiClient.get<LdapConfigResponse>('/api/admin/ldap/config')
    return response.data
  },

  // 更新 LDAP 配置
-  async updateLdapConfig(config: any): Promise<{ message: string }> {
+  async updateLdapConfig(config: LdapConfigUpdateRequest): Promise<{ message: string }> {
    const response = await apiClient.put<{ message: string }>(
      '/api/admin/ldap/config',
      config
@@ -492,10 +527,10 @@ export const adminApi = {
  },

  // 测试 LDAP 连接
-  async testLdapConnection(config?: any): Promise<{ success: boolean; message: string }> {
-    const response = await apiClient.post<{ success: boolean; message: string }>(
+  async testLdapConnection(): Promise<LdapTestResponse> {
+    const response = await apiClient.post<LdapTestResponse>(
      '/api/admin/ldap/test',
-      config || {}
+      {}
    )
    return response.data
  }