fix: 完善单点登录传递回调地址和serverUrl的功能。优化token刷新机制,判断单点登录和管理员登录等等不同路径的处理机制。提示词管理的模板数据查找的时候只需要返回固定的5个类型。隐藏评查点设置中关于抽取的自定义模板的选择。
This commit is contained in:
@@ -196,13 +196,16 @@ export async function getUserSession(request: Request) {
|
||||
let tokenExpiresIn = session.get("tokenExpiresIn");
|
||||
const userInfo = session.get("userInfo");
|
||||
let frontendJWT = session.get("frontendJWT");
|
||||
|
||||
|
||||
let isTokenExpired = false;
|
||||
let refreshedSession = null;
|
||||
let shouldRegenerateJWT = false;
|
||||
|
||||
// 如果有token信息,检查是否需要刷新
|
||||
if (accessToken && refreshToken && tokenIssuedAt && tokenExpiresIn) {
|
||||
|
||||
// 🔑 admin 用户不需要刷新 OAuth token,只需要维护 JWT
|
||||
const isAdmin = userRole === 'admin';
|
||||
|
||||
// 如果有token信息,检查是否需要刷新(admin用户跳过OAuth token刷新)
|
||||
if (!isAdmin && accessToken && refreshToken && tokenIssuedAt && tokenExpiresIn) {
|
||||
try {
|
||||
const tokenInfo = {
|
||||
accessToken,
|
||||
@@ -213,30 +216,30 @@ export async function getUserSession(request: Request) {
|
||||
|
||||
// 检查并自动刷新token
|
||||
const refreshResult = await tokenManager.checkAndRefreshToken(tokenInfo);
|
||||
|
||||
|
||||
if (refreshResult.success && refreshResult.newTokenInfo) {
|
||||
const newToken = refreshResult.newTokenInfo;
|
||||
|
||||
|
||||
// 如果token被刷新了,更新session
|
||||
if (newToken.accessToken !== accessToken) {
|
||||
console.log("Token已刷新,更新session");
|
||||
|
||||
|
||||
session.set("accessToken", newToken.accessToken);
|
||||
session.set("refreshToken", newToken.refreshToken);
|
||||
session.set("tokenIssuedAt", newToken.tokenIssuedAt);
|
||||
session.set("tokenExpiresIn", newToken.tokenExpiresIn);
|
||||
|
||||
|
||||
// 更新本地变量
|
||||
accessToken = newToken.accessToken;
|
||||
tokenIssuedAt = newToken.tokenIssuedAt;
|
||||
tokenExpiresIn = newToken.tokenExpiresIn;
|
||||
|
||||
|
||||
// 标记需要重新生成JWT
|
||||
shouldRegenerateJWT = true;
|
||||
|
||||
|
||||
refreshedSession = session;
|
||||
}
|
||||
|
||||
|
||||
isTokenExpired = false;
|
||||
} else {
|
||||
console.error("Token刷新失败:", refreshResult.error);
|
||||
@@ -246,6 +249,18 @@ export async function getUserSession(request: Request) {
|
||||
console.error("Token验证过程中出错:", error);
|
||||
isTokenExpired = true;
|
||||
}
|
||||
} else if (isAdmin) {
|
||||
// admin 用户:不检查 OAuth token 过期,始终保持登录状态
|
||||
// console.log("admin 用户登录,跳过 OAuth token 刷新");
|
||||
isTokenExpired = false;
|
||||
|
||||
// admin 用户需要有一个合理的 tokenExpiresIn 用于 JWT 生成
|
||||
// 如果没有设置,使用一个默认值(如2小时)
|
||||
if (!tokenExpiresIn) {
|
||||
tokenExpiresIn = 7200; // 2小时
|
||||
session.set("tokenExpiresIn", tokenExpiresIn);
|
||||
refreshedSession = session;
|
||||
}
|
||||
}
|
||||
|
||||
// 检查前端JWT状态
|
||||
@@ -458,11 +473,11 @@ export async function createSimpleUserSession(isAuthenticated: boolean, userRole
|
||||
*/
|
||||
export async function logout(request: Request) {
|
||||
const session = await getSession(request);
|
||||
|
||||
|
||||
// 获取访问令牌和应用ID,用于调用IDaaS单点登出
|
||||
const accessToken = session.get("accessToken");
|
||||
const appId = OAUTH_CONFIG.appId;
|
||||
|
||||
const appId = OAUTH_CONFIG.appId || 'idaasoauth2';
|
||||
|
||||
// 如果存在访问令牌,调用IDaaS单点登出
|
||||
if (accessToken && appId) {
|
||||
try {
|
||||
@@ -485,18 +500,20 @@ export async function logout(request: Request) {
|
||||
|
||||
/**
|
||||
* 调用IDaaS单点登出接口
|
||||
*
|
||||
*
|
||||
* @param accessToken - 用户的访问令牌
|
||||
* @param appId - 应用ID
|
||||
* @returns Promise<void>
|
||||
*/
|
||||
async function callIDaaSLogout(accessToken: string, appId: string): Promise<void> {
|
||||
const logoutUrl = `${OAUTH_CONFIG.serverUrl}/public/sp/slo/${appId}`;
|
||||
|
||||
const serverUrl = OAUTH_CONFIG.serverUrl || 'http://10.79.112.85';
|
||||
const redirectUri = OAUTH_CONFIG.redirectUri || 'http://10.79.97.17/';
|
||||
const logoutUrl = `${serverUrl}/public/sp/slo/${appId}`;
|
||||
|
||||
const formData = new URLSearchParams();
|
||||
formData.append('access_token', accessToken);
|
||||
formData.append('redirect_url', encodeURIComponent(OAUTH_CONFIG.redirectUri));
|
||||
|
||||
formData.append('redirect_url', encodeURIComponent(redirectUri));
|
||||
|
||||
try {
|
||||
const response = await fetch(logoutUrl, {
|
||||
method: 'POST',
|
||||
@@ -505,11 +522,11 @@ async function callIDaaSLogout(accessToken: string, appId: string): Promise<void
|
||||
},
|
||||
body: formData.toString(),
|
||||
});
|
||||
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(`IDaaS登出失败: ${response.status} ${response.statusText}`);
|
||||
}
|
||||
|
||||
|
||||
console.log("IDaaS单点登出请求成功");
|
||||
} catch (error) {
|
||||
console.error("调用IDaaS登出接口失败:", error);
|
||||
|
||||
Reference in New Issue
Block a user