ruby-china · wwweiii · Apr 30, 2025
diff --git a/.env b/.env
@@ -44,6 +44,7 @@ mailer_options.enable_starttls_auto=true
 sso_enable=false
 sso_enable_provider=false
 sso_url=
+sso_logout_url=
 sso_secret=
 
 # [Upload Config]
@@ -56,3 +57,6 @@ upload_bucket=
 upload_aliyun_internal=
 upload_aliyun_area=
 upload_url=
+
+# [Access Control]
+logged_in_required=true
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -17,6 +17,20 @@ class ApplicationController < ActionController::Base
   etag { Setting.footer_html }
   etag { Rails.env.development? ? Time.now : Date.current }
 
+  # Add login check
+  before_action :check_login_required
+
+  def check_login_required
+    return unless ENV['logged_in_required'] == 'true'
+    return if current_user
+    return if devise_controller?
+    return if controller_name == 'sso' && action_name == 'show'
+    return if controller_name == 'sso' && action_name == 'login'
+
+    store_location
+    redirect_to new_user_session_path
+  end
+
   rescue_from ActiveRecord::RecordNotFound do |exception|
     respond_to do |format|
       format.json { head :not_found }

diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
@@ -23,4 +23,28 @@ def create
       format.json { render status: "201", json: resource.as_json(only: %i[login email]) }
     end
   end
+
+  def destroy
+    Rails.logger.info "Destroying session for user: #{current_user&.id}"
+
+    # Clean cookies
+    cookies.delete(:user_id)
+    cookies.delete(:remember_user_token)
+
+    # Perform logout operation
+    sign_out(current_user)
+
+    # If SSO logout URL is set, redirect to that URL
+    if ENV['sso_logout_url'].present?
+      Rails.logger.info "Redirecting to SSO logout URL: #{ENV['sso_logout_url']}"
+      redirect_to ENV['sso_logout_url'], allow_other_host: true
+    else
+      Rails.logger.info "Redirecting to root path"
+      redirect_to root_path
+    end
+  rescue => e
+    Rails.logger.error "Error during logout: #{e.message}"
+    Rails.logger.error e.backtrace.join("\n")
+    raise e
+  end
 end
diff --git a/app/views/devise/menu/_login_items.html.erb b/app/views/devise/menu/_login_items.html.erb
@@ -1,5 +1,5 @@
 <% if user_signed_in? %>
-  <%= link_to(t("common.logout"), destroy_user_session_path) %>
+  <%= link_to(t("common.logout"), destroy_user_session_path, method: :delete) %>
 <% else %>
   <%= link_to(t("common.login"), new_user_session_path)  %>
 <% end %>