From 82e3392b3619901ffd7a795e026f62605f4efe56 Mon Sep 17 00:00:00 2001 From: abearxiong Date: Mon, 2 Feb 2026 17:02:20 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=20token=20=E5=A4=84=E7=90=86?= =?UTF-8?q?=E9=80=BB=E8=BE=91=EF=BC=8C=E7=BB=9F=E4=B8=80=20createCookie=20?= =?UTF-8?q?=E8=B0=83=E7=94=A8=E6=A0=BC=E5=BC=8F=EF=BC=8C=E8=BF=94=E5=9B=9E?= =?UTF-8?q?=20token=20=E8=BF=87=E6=9C=9F=E6=97=B6=E9=97=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/auth/models/user.ts | 8 +++++++- src/auth/oauth/oauth.ts | 36 +++++++++++++++++++++++------------- src/routes/config/list.ts | 9 +++------ src/routes/user/me.ts | 25 +++++++++++++++++++------ src/routes/user/web-login.ts | 4 +++- 5 files changed, 55 insertions(+), 27 deletions(-) diff --git a/src/auth/models/user.ts b/src/auth/models/user.ts index 388f4bd..2aee531 100644 --- a/src/auth/models/user.ts +++ b/src/auth/models/user.ts @@ -62,7 +62,13 @@ export class User extends Model { oauthUser.orgId = id; } const token = await oauth.generateToken(oauthUser, { type: loginType, hasRefreshToken: true, ...expand }); - return { accessToken: token.accessToken, refreshToken: token.refreshToken, token: token.accessToken }; + return { + accessToken: token.accessToken, + refreshToken: token.refreshToken, + token: token.accessToken, + accessTokenExpiresAt: token.accessTokenExpiresAt, + refreshTokenExpiresAt: token.refreshTokenExpiresAt, + }; } /** * 验证token diff --git a/src/auth/oauth/oauth.ts b/src/auth/oauth/oauth.ts index 8ea9e27..bb260ae 100644 --- a/src/auth/oauth/oauth.ts +++ b/src/auth/oauth/oauth.ts @@ -70,9 +70,16 @@ interface Store { expire: (key: string, ttl?: number) => Promise; delObject: (value?: T) => Promise; keys: (key?: string) => Promise; - setToken: (value: { accessToken: string; refreshToken: string; value?: T }, opts?: StoreSetOpts) => Promise; + setToken: (value: { accessToken: string; refreshToken: string; value?: T }, opts?: StoreSetOpts) => Promise; delKeys: (keys: string[]) => Promise; } + +type TokenData = { + accessToken: string; + accessTokenExpiresAt: number; + refreshToken?: string; + refreshTokenExpiresAt?: number; +} export class RedisTokenStore implements Store { redis: Redis; private prefix: string = 'oauth:'; @@ -131,7 +138,7 @@ export class RedisTokenStore implements Store { await this.del(userPrefix + ':token:' + accessToken); } } - async setToken(data: { accessToken: string; refreshToken: string; value?: OauthUser }, opts?: StoreSetOpts) { + async setToken(data: { accessToken: string; refreshToken: string; value?: OauthUser }, opts?: StoreSetOpts): Promise { const { accessToken, refreshToken, value } = data; let userPrefix = 'user:' + value?.id; if (value?.orgId) { @@ -163,14 +170,20 @@ export class RedisTokenStore implements Store { await this.set(accessToken, JSON.stringify(value), expire); await this.set(userPrefix + ':token:' + accessToken, accessToken, expire); + let refreshTokenExpiresAt = Math.min(expire * 7, 60 * 60 * 24 * 30, 60 * 60 * 24 * 365); // 最大为一年 if (refreshToken) { - let refreshTokenExpire = Math.min(expire * 7, 60 * 60 * 24 * 30, 60 * 60 * 24 * 365); // 最大为一年 // 小于7天, 则设置为7天 - if (refreshTokenExpire < 60 * 60 * 24 * 7) { - refreshTokenExpire = 60 * 60 * 24 * 7; + if (refreshTokenExpiresAt < 60 * 60 * 24 * 7) { + refreshTokenExpiresAt = 60 * 60 * 24 * 7; } - await this.set(refreshToken, JSON.stringify(value), refreshTokenExpire); - await this.set(userPrefix + ':refreshToken:' + refreshToken, refreshToken, refreshTokenExpire); + await this.set(refreshToken, JSON.stringify(value), refreshTokenExpiresAt); + await this.set(userPrefix + ':refreshToken:' + refreshToken, refreshToken, refreshTokenExpiresAt); + } + return { + accessToken, + accessTokenExpiresAt: expire, + refreshToken, + refreshTokenExpiresAt, } } async delKeys(keys: string[]) { @@ -206,10 +219,7 @@ export class OAuth { async generateToken( user: T, expandOpts?: StoreSetOpts, - ): Promise<{ - accessToken: string; - refreshToken?: string; - }> { + ): Promise { // 拥有refreshToken 为 true 时,accessToken 为 st_ 开头,refreshToken 为 rk_开头 // 意思是secretToken 和 secretKey的缩写 const accessToken = expandOpts?.hasRefreshToken ? 'st_' + randomId32() : 'sk_' + randomId64(); @@ -227,9 +237,9 @@ export class OAuth { user.oauthExpand.refreshToken = refreshToken; } } - await this.store.setToken({ accessToken, refreshToken, value: user }, expandOpts); + const tokenData = await this.store.setToken({ accessToken, refreshToken, value: user }, expandOpts); - return { accessToken, refreshToken }; + return tokenData; } async saveSecretKey(oauthUser: T, secretKey: string, opts?: StoreSetOpts) { // 生成一个secretKey diff --git a/src/routes/config/list.ts b/src/routes/config/list.ts index 8d0b236..dbed552 100644 --- a/src/routes/config/list.ts +++ b/src/routes/config/list.ts @@ -59,10 +59,7 @@ app } } await config.update({ - data: { - ...config.data, - ...data, - }, + data: data, ...rest, }); if (config.data?.permission?.share === 'public') { @@ -80,7 +77,7 @@ app }); if (config) { await config.update({ - data: { ...config.data, ...data }, + data: data, ...rest, }); ctx.body = config; @@ -177,7 +174,7 @@ app const search: any = id ? { id } : { key }; const config = await ConfigModel.findOne({ where: { - ...search + ...search }, }); if (config && config.uid === tuid) { diff --git a/src/routes/user/me.ts b/src/routes/user/me.ts index 35e18fc..ffee54e 100644 --- a/src/routes/user/me.ts +++ b/src/routes/user/me.ts @@ -153,7 +153,9 @@ app browser: someInfo['user-agent'], host: someInfo.host, }); - createCookie(token, ctx); + createCookie({ + token: token.accessToken + }, ctx); ctx.body = token; }) .addTo(app); @@ -259,7 +261,10 @@ app const refreshToken = accessUser.oauthExpand?.refreshToken; if (refreshToken) { const result = await User.oauth.refreshToken(refreshToken); - createCookie(result, ctx); + createCookie({ + token: result.accessToken + }, ctx); + ctx.body = result; return; } else if (accessUser) { @@ -268,7 +273,9 @@ app ...accessUser.oauthExpand, hasRefreshToken: true, }); - createCookie(result, ctx); + createCookie({ + token: result.accessToken + }, ctx); ctx.body = result; return; } @@ -323,13 +330,17 @@ app if (orgsList.includes(username)) { if (tokenUsername === username) { const result = await User.oauth.resetToken(token); - createCookie(result, ctx); + createCookie({ + token: result.accessToken, + }, ctx); await User.oauth.delToken(token); ctx.body = result; } else { const user = await User.findOne({ where: { username } }); const result = await user.createToken(userId, 'default'); - createCookie(result, ctx); + createCookie({ + token: result.accessToken, + }, ctx); ctx.body = result; } } else { @@ -352,7 +363,9 @@ app const result = await User.oauth.refreshToken(refreshToken); if (result) { console.log('refreshToken result', result); - createCookie(result, ctx); + createCookie({ + token: result.accessToken, + }, ctx); ctx.body = result; } else { ctx.throw(500, 'Refresh Token Failed, please login again'); diff --git a/src/routes/user/web-login.ts b/src/routes/user/web-login.ts index f983076..e4b9001 100644 --- a/src/routes/user/web-login.ts +++ b/src/routes/user/web-login.ts @@ -109,7 +109,9 @@ app const token = JSON.parse(data); if (token.accessToken) { ctx.body = token; - createCookie(token, ctx); + createCookie({ + token: token.accessToken, + }, ctx); } else { ctx.throw(500, 'Checked error Failed, login failed, please login again'); }