feat(auth): 服务端托管 Google OAuth；修复未解锁 vault 时 bootstrap

- API：桌面登录 session、Google 托管回调与轮询 - Desktop：轮询登录；bootstrap 在 vault 未解锁时不返回 shell，避免跳过主密码 - 文档与 deploy/.env.example 对齐 GOOGLE_OAUTH_* 与 SECRETS_PUBLIC_BASE_URL
2026-04-14 20:28:52 +08:00
parent e6bd2225cd
commit 57c3efb70e
10 changed files with 738 additions and 266 deletions
--- a/apps/desktop/dist/index.html
+++ b/apps/desktop/dist/index.html
@@ -31,7 +31,7 @@
                <path d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z" />
                <path d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z" />
              </svg>
-              <span>使用 Google 登录</span>
+              <span>前往浏览器登录</span>
            </button>
          </div>
          <p id="login-error" class="error-text hidden"></p>
--- a/apps/desktop/dist/main.js
+++ b/apps/desktop/dist/main.js
@@ -510,6 +510,7 @@ async function doDemoLogin() {
  if (!invoke) return;
  setLoginError("");
  loginButton.disabled = true;
+  loginButton.textContent = "正在打开浏览器...";
  try {
    let data = await invoke("continue_demo_login");
    data = await ensureUnlockedShell(data);
@@ -518,6 +519,7 @@ async function doDemoLogin() {
  } catch (error) {
    setLoginError(String(error));
  } finally {
+    loginButton.textContent = "前往浏览器登录";
    loginButton.disabled = false;
  }
 }