[codex] implement sign-in page from figma#2999
Draft
qingqing-ux wants to merge 39 commits into
Draft
Conversation
* ui: 还原设计稿 * ui: 还原设计稿 * chore: remove base-ui snapshot and update ai structure * chore: move ai-canvas and spx to ui root
* ui:更新community页面 * update: 撤回editor.pen的删除,images中删除不可用的svg,community.pen中更新对应的svg图标
风格改版主要基于精灵编辑器页面与泛化社区页面:新增主要方案pencil文件;新增基于shadcn与semi design进行风格改版的pencil备份文件;新增shadcn组件库pencil文件(目前还没做builder的组件库,因此暂时放在shadcn组件库文件中);新增pencil还原设计稿工作流说明文件;images文件中新增图片
* ui:新增builder风格改版尝试的文件 风格改版主要基于精灵编辑器页面与泛化社区页面:新增主要方案pencil文件;新增基于shadcn与semi design进行风格改版的pencil备份文件;新增shadcn组件库pencil文件(目前还没做builder的组件库,因此暂时放在shadcn组件库文件中);新增pencil还原设计稿工作流说明文件;images文件中新增图片 * ui:更新editor页面 新增sound editor、stage editor相关页面
New design engineering system documents Introduce design specifications and workflow
…#2872) * Adjust the warehouse directory structure New design engineering system documents Introduce design specifications and workflow * docs(ui): normalize markdown formatting and pass lint
* [ui] feature:new version notification * Update new-version-notification.pen
* [UI] Feature: optimize sprite quick config * update icon and demo * update icon
* update workflow * update docs * update template
* update * update component * add button.lib.pen * Remove unused images and update pen files * 修改图片引用路径 * update pages and components * update * update --------- Co-authored-by: qingqing-ux <xxin31516@gmail.com>
sync dev to ui
* add iconfont * editor iconfont * your commit message * Add font icon Delete some unnecessary variables Apply icon to page * chore(spx): update community and stage editor pen pages * Correcting incorrect icon commands in the system; Adding a font mapping table. * docs(ui): streamline team workflow documentation - Optimize team-workflow.md with industry-standard structure - Simplify pencil design draft reproduction workflow - Update pr-template.md with clearer format and examples - Remove redundant pr-checklist.md (covered by design-review-checklist) - Remove pr_review.md (basic git tutorial, not project-specific) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs(ui): rename and optimize ai-design-workflow - Rename 'pencil design draft reproduction workflow.md' to 'ai-design-workflow.md' - Simplify title and structure - Use tables for input/output clarity - Add component library link Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(ui): rename Chinese image files to English Renamed files in ui/images/: - 用户头像.png → avatar.png - 项目运行.png → project-run.png - 项目全屏.png → project-fullscreen.png - 地图背景.png → map-bg.png - builder使用.png → builder-usage.png Updated all references in: - ui/components/spx/builder-component.lib.pen - ui/pages/spx/*.pen - ui/pages/spx/demos/*.html Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(ui): standardize image filenames to kebab-case Renamed files in ui/images/ to follow repository convention: - Notification-2.gif → notification-2.gif - Sprite-review.png → sprite-review.png - Union.png → union.png - XBuilder_icon1.jpg → xbuilder-icon1.jpg - XBuilder_Icons_02.ttf → xbuilder-icons-02.ttf - XBuilder_icon1.ttf → xbuilder-icon1.ttf - ai canvas logo.png → ai-canvas-logo.png - navbar bg.png → navbar-bg.png - tutorial entry-filled.png → tutorial-entry-filled.png - user bg.png → user-bg.png - pubilsh-colorful.png → publish-colorful.png (also fixed typo) Updated all references in components and pages. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(ui): unify custom font naming to kebab-case Standardized font naming for consistency: - File: xbuilder-icon1.ttf → xbuilder-icons-01.ttf - File: xbuilder-icon1.jpg → xbuilder-icons-01.jpg - name: XBuilder_Icons_01 → xbuilder-icons-01 - name: XBuilder_Icons_02 → xbuilder-icons-02 - fontFamily references updated accordingly This ensures font logical names match physical filenames, reducing confusion and maintenance errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * 修改文档、调整目录结构 * [UI] Update: Rename and reorganize spx design files ### Background Improve file naming consistency and organization in spx design directory. ### Changes - Rename editor files with editor- prefix (map-editor → editor-map, etc.) - Keep community .pen files in ui/pages/spx/ with community- prefix - Simplify internal node names (remove redundant prefixes like stage-editor-, sprite-editor-) - Move demo HTML files to _sources/ subdirectory ### Scope - ui/pages/spx/editor-map.pen - ui/pages/spx/editor-sprite.pen - ui/pages/spx/editor-stage.pen - ui/pages/spx/community-*.pen - ui/pages/spx/tutorial.pen - ui/pages/spx/demos/ ### Design System Impact - [ ] Yes - [x] No Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * [UI] Update: Compress xbuilder-icons-01 image ### Background Reduce image file size for better loading performance. ### Changes - Compressed xbuilder-icons-01.jpg from 1886KB to 474KB (~75% reduction) ### Scope - ui/images/xbuilder-icons-01.jpg ### Design System Impact - [ ] Yes - [x] No Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add icon font * Add xbuilder-icons-02 image * Component Specification Naming * XBuilder logo component adjustment * Adjust component name --------- Co-authored-by: plwhd <pl298567@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* docs: add design to code mapping guide * style: sync square button radius to 4px * refactor: use token for square button radius * style: update community project pen assets * style: sync UIButton with button pen updates
) * chore(design): rename form tabs to segmented controls * style(design): unify form control radius to 4px * Update ui/docs/design-to-code-mapping.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Update ui/docs/design-to-code-mapping.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Update ui/docs/design-to-code-mapping.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
sync dev to ui
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request implements a new branded /sign-in page in spx-gui, replacing direct redirects to Casdoor. It introduces a sign-in entry utility layer for safe returnTo normalization and provider-aware redirects for WeChat, QQ, and username/password. The UI is modularized into hero and panel components, and existing entry points across the application have been updated to route through the new page. Review feedback highlights a discrepancy between the implementation plan and the code regarding the hero illustration's file format, and suggests sanitizing the returnTo parameter in the initiateSignIn function for improved security.
| **Files:** | ||
| - Create: `spx-gui/src/components/sign-in/SignInHero.vue` | ||
| - Create: `spx-gui/src/components/sign-in/SignInPanel.vue` | ||
| - Create: `spx-gui/src/pages/sign-in/assets/sign-in-hero.svg` |
There was a problem hiding this comment.
The implementation plan specifies creating a .svg file for the hero illustration, but the implementation in spx-gui/src/pages/sign-in/index.vue uses a .png file (sign-in-hero.png).
While this might be a deliberate choice due to the complexity of the illustration, it's good practice to keep documentation aligned with the implementation. SVGs are generally preferred for illustrations over raster formats like PNG due to their scalability without quality loss and potentially smaller file size for vector-based graphics.
If using a PNG is intentional, please consider updating this plan to reflect the change.
Comment on lines
+66
to
+73
| export function initiateSignIn(returnTo: string = getDefaultReturnTo(), additionalParams?: Record<string, string>) { | ||
| // Workaround for casdoor-js-sdk not supporting override of `redirectPath` in `signin_redirect`. | ||
| const casdoorSdk = new Sdk({ | ||
| ...casdoorConfig, | ||
| redirectPath: `${casdoorAuthRedirectPath}?returnTo=${encodeURIComponent(returnTo)}` | ||
| }) | ||
| casdoorSdk.signin_redirect() | ||
| casdoorSdk.signin_redirect(additionalParams) | ||
| } |
There was a problem hiding this comment.
For defense-in-depth, it would be beneficial to sanitize the returnTo parameter within the initiateSignIn function. Although the returnTo value is correctly validated in callback.vue upon return from the authentication provider, sanitizing it here prevents unsanitized, user-controllable data from being passed to an external service (Casdoor). This hardens the function against potential misuse if it's ever called from a new context that forgets to sanitize the returnTo value beforehand.
Note: You'll also need to import normalizeSafeReturnTo from ./sign-in-entry.
Suggested change
| export function initiateSignIn(returnTo: string = getDefaultReturnTo(), additionalParams?: Record<string, string>) { | |
| // Workaround for casdoor-js-sdk not supporting override of `redirectPath` in `signin_redirect`. | |
| const casdoorSdk = new Sdk({ | |
| ...casdoorConfig, | |
| redirectPath: `${casdoorAuthRedirectPath}?returnTo=${encodeURIComponent(returnTo)}` | |
| }) | |
| casdoorSdk.signin_redirect() | |
| casdoorSdk.signin_redirect(additionalParams) | |
| } | |
| export function initiateSignIn(returnTo: string = getDefaultReturnTo(), additionalParams?: Record<string, string>) { | |
| const safeReturnTo = normalizeSafeReturnTo(returnTo) | |
| // Workaround for casdoor-js-sdk not supporting override of `redirectPath` in `signin_redirect`. | |
| const casdoorSdk = new Sdk({ | |
| ...casdoorConfig, | |
| redirectPath: `${casdoorAuthRedirectPath}?returnTo=${encodeURIComponent(safeReturnTo)}` | |
| }) | |
| casdoorSdk.signin_redirect(additionalParams) | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/sign-inroute with a Figma-aligned login page and safereturnTohandling/sign-inand harden callback redirects against unsafe targetsTest Plan
cd spx-gui && npm run type-checkcd spx-gui && npm test -- --run/sign-in?returnTo=%2Fproject%2Falice%2Fdemoon desktop and mobile