fix: 完善单点登录传递回调地址和serverUrl的功能。优化token刷新机制,判断单点登录和管理员登录等等不同路径的处理机制。提示词管理的模板数据查找的时候只需要返回固定的5个类型。隐藏评查点设置中关于抽取的自定义模板的选择。

This commit is contained in:
2025-11-11 14:25:44 +08:00
parent 95381ddcc2
commit 12ec2ad7bd
11 changed files with 238 additions and 85 deletions
+38 -21
View File
@@ -196,13 +196,16 @@ export async function getUserSession(request: Request) {
let tokenExpiresIn = session.get("tokenExpiresIn");
const userInfo = session.get("userInfo");
let frontendJWT = session.get("frontendJWT");
let isTokenExpired = false;
let refreshedSession = null;
let shouldRegenerateJWT = false;
// 如果有token信息,检查是否需要刷新
if (accessToken && refreshToken && tokenIssuedAt && tokenExpiresIn) {
// 🔑 admin 用户不需要刷新 OAuth token,只需要维护 JWT
const isAdmin = userRole === 'admin';
// 如果有token信息,检查是否需要刷新(admin用户跳过OAuth token刷新)
if (!isAdmin && accessToken && refreshToken && tokenIssuedAt && tokenExpiresIn) {
try {
const tokenInfo = {
accessToken,
@@ -213,30 +216,30 @@ export async function getUserSession(request: Request) {
// 检查并自动刷新token
const refreshResult = await tokenManager.checkAndRefreshToken(tokenInfo);
if (refreshResult.success && refreshResult.newTokenInfo) {
const newToken = refreshResult.newTokenInfo;
// 如果token被刷新了,更新session
if (newToken.accessToken !== accessToken) {
console.log("Token已刷新,更新session");
session.set("accessToken", newToken.accessToken);
session.set("refreshToken", newToken.refreshToken);
session.set("tokenIssuedAt", newToken.tokenIssuedAt);
session.set("tokenExpiresIn", newToken.tokenExpiresIn);
// 更新本地变量
accessToken = newToken.accessToken;
tokenIssuedAt = newToken.tokenIssuedAt;
tokenExpiresIn = newToken.tokenExpiresIn;
// 标记需要重新生成JWT
shouldRegenerateJWT = true;
refreshedSession = session;
}
isTokenExpired = false;
} else {
console.error("Token刷新失败:", refreshResult.error);
@@ -246,6 +249,18 @@ export async function getUserSession(request: Request) {
console.error("Token验证过程中出错:", error);
isTokenExpired = true;
}
} else if (isAdmin) {
// admin 用户:不检查 OAuth token 过期,始终保持登录状态
// console.log("admin 用户登录,跳过 OAuth token 刷新");
isTokenExpired = false;
// admin 用户需要有一个合理的 tokenExpiresIn 用于 JWT 生成
// 如果没有设置,使用一个默认值(如2小时)
if (!tokenExpiresIn) {
tokenExpiresIn = 7200; // 2小时
session.set("tokenExpiresIn", tokenExpiresIn);
refreshedSession = session;
}
}
// 检查前端JWT状态
@@ -458,11 +473,11 @@ export async function createSimpleUserSession(isAuthenticated: boolean, userRole
*/
export async function logout(request: Request) {
const session = await getSession(request);
// 获取访问令牌和应用ID,用于调用IDaaS单点登出
const accessToken = session.get("accessToken");
const appId = OAUTH_CONFIG.appId;
const appId = OAUTH_CONFIG.appId || 'idaasoauth2';
// 如果存在访问令牌,调用IDaaS单点登出
if (accessToken && appId) {
try {
@@ -485,18 +500,20 @@ export async function logout(request: Request) {
/**
* 调用IDaaS单点登出接口
*
*
* @param accessToken - 用户的访问令牌
* @param appId - 应用ID
* @returns Promise<void>
*/
async function callIDaaSLogout(accessToken: string, appId: string): Promise<void> {
const logoutUrl = `${OAUTH_CONFIG.serverUrl}/public/sp/slo/${appId}`;
const serverUrl = OAUTH_CONFIG.serverUrl || 'http://10.79.112.85';
const redirectUri = OAUTH_CONFIG.redirectUri || 'http://10.79.97.17/';
const logoutUrl = `${serverUrl}/public/sp/slo/${appId}`;
const formData = new URLSearchParams();
formData.append('access_token', accessToken);
formData.append('redirect_url', encodeURIComponent(OAUTH_CONFIG.redirectUri));
formData.append('redirect_url', encodeURIComponent(redirectUri));
try {
const response = await fetch(logoutUrl, {
method: 'POST',
@@ -505,11 +522,11 @@ async function callIDaaSLogout(accessToken: string, appId: string): Promise<void
},
body: formData.toString(),
});
if (!response.ok) {
throw new Error(`IDaaS登出失败: ${response.status} ${response.statusText}`);
}
console.log("IDaaS单点登出请求成功");
} catch (error) {
console.error("调用IDaaS登出接口失败:", error);