feat: 优化token刷新逻辑，支持使用访问token刷新token，增强错误处理

2026-02-21 19:35:06 +08:00
parent d50f5ed2af
commit 6b5164e845
3 changed files with 127 additions and 88 deletions
--- a/src/auth/oauth/oauth.ts
+++ b/src/auth/oauth/oauth.ts
@@ -298,6 +298,28 @@ export class OAuth<T extends OauthUser> {
    }
    return false;
  }
+  /**
+   * 获取token类型：jwks, secretKey, accessToken, refreshToken
+   * @param token 要检查的token
+   * @returns token类型或null
+   */
+  getTokenType(token: string) {
+    if (!token) {
+      return null;
+    }
+    if (token.includes('.')) {
+      return 'jwks';
+    }
+    if (token.startsWith('sk_')) {
+      return 'secretKey';
+    }
+    if (token.startsWith('st_')) {
+      return 'accessToken';
+    }
+    if (token.startsWith('rk_')) {
+      return 'refreshToken';
+    }
+  }
  /**
   * 刷新token
   * @param refreshToken
@@ -406,18 +428,23 @@ export class OAuth<T extends OauthUser> {
   */
  async setJwksToken(token: string, opts: { id: string; expire: number }) {
    const expire = opts.expire ?? 2 * 3600; // 2 hours
-    const id = opts.id || '';
+    const id = opts.id || '-';
    // jwks token的过期时间比accessToken多3天，确保3天内可以用来refresh token
    const addExpire = 3 * 24 * 3600;
    await this.store.redis.set('user:jwks:' + token, id, 'EX', expire + addExpire);
  }
-  async deleteJwsToken(token: string) {
+  async deleteJwksToken(token: string) {
    await this.store.redis.expire('user:jwks:' + token, 0);
  }
+  /**
+   * 获取后就删除jwks token，确保token只能使用一次。
+   * @param token 
+   * @returns 
+   */
  async getJwksToken(token: string) {
    const id = await this.store.redis.get('user:jwks:' + token);
    if (id) {
-      this.deleteJwsToken(token);
+      this.deleteJwksToken(token);
    }
    return id;
  }