fear: admin添加app应用版本管理

system-features添加

web/service/client.ts

@@ -15,10 +15,23 @@ import {
 } from '@/contract/router'
 import { request } from './base'
 
+// extend: CVE-2025-63387 跨域时 Cookie 可能为 None，用 Header 携带 JWT
+let loginConfigToken: string | null = null
+export function setLoginConfigToken(token: string | null) {
+  loginConfigToken = token
+}
+
 const getMarketplaceHeaders = () => new Headers({
   'X-Dify-Version': !IS_MARKETPLACE ? APP_VERSION : '999.0.0',
 })
 
+const getConsoleHeaders = () => {
+  const h = new Headers()
+  if (loginConfigToken)
+    h.set('X-Login-Config-Token', loginConfigToken)
+  return h
+}
+
 const marketplaceLink = new OpenAPILink(marketplaceRouterContract, {
   url: MARKETPLACE_API_PREFIX,
   headers: () => (getMarketplaceHeaders()),
@@ -40,6 +53,7 @@ export const marketplaceQuery = createTanstackQueryUtils(marketplaceClient, { pa
 
 const consoleLink = new OpenAPILink(consoleRouterContract, {
   url: API_PREFIX,
+  headers: () => getConsoleHeaders(),
   fetch: (input, init) => {
     return request(
       input.url,

web/service/common.ts

@@ -308,9 +308,9 @@ export const fetchSupportRetrievalMethods = (url: string): Promise<RetrievalMeth
   return get<RetrievalMethodsRes>(url)
 }
 
+// extend: CVE-2025-63387未授权访问 虽然这个api实际上就是个登录用的 — 路径改为 login_config，需先请求 login_config_bootstrap 写入 cookie
 export const getSystemFeatures = (): Promise<SystemFeatures> => {
-  // extend: 解决登录状况不刷新
-  return get<SystemFeatures>(`/system-features?time=${(Math.round(new Date() / 1000)).toString()}`)
+  return get<SystemFeatures>(`/login_config?time=${(Math.round(new Date() / 1000)).toString()}`)
 }
 
 export const enableModel = (url: string, body: { model: string, model_type: ModelTypeEnum }): Promise<CommonResponse> =>