给所有请求都加上jwt,隐藏生成jwt的secret(放到.env中),隐藏app-secret(放在pm2运行配置文件中,后续直接读取环境配置即可)

This commit is contained in:
2025-10-17 15:28:22 +08:00
parent 9ec6d30573
commit 59706b70d0
70 changed files with 2279 additions and 688 deletions
+7 -4
View File
@@ -462,7 +462,7 @@ const FALLBACK_MENU_DATA: Record<string, MenuItem[]> = {
* @param roleKey 角色标识 (如: 'admin', 'common', 'deptLeader', 'groupLeader')
* @returns 用户可访问的路由列表
*/
export async function getUserRoutesByRole(roleKey: string): Promise<{ success: boolean; data?: MenuItem[]; error?: string; shouldRedirectToHome?: boolean }> {
export async function getUserRoutesByRole(roleKey: string, jwt?: string): Promise<{ success: boolean; data?: MenuItem[]; error?: string; shouldRedirectToHome?: boolean }> {
try {
console.log(`获取角色 ${roleKey} 的路由权限`);
@@ -470,7 +470,8 @@ export async function getUserRoutesByRole(roleKey: string): Promise<{ success: b
const roleResult = await postgrestGet<Array<{id: number}>>("roles", {
filter: {
"role_key": `eq.${roleKey}`
}
},
token: jwt
});
if (roleResult.error || !roleResult.data || roleResult.data.length === 0) {
@@ -485,7 +486,8 @@ export async function getUserRoutesByRole(roleKey: string): Promise<{ success: b
const roleRoutesResult = await postgrestGet<Array<{route_id: number}>>("role_route", {
filter: {
"role_id": `eq.${roleId}`
}
},
token: jwt
});
if (roleRoutesResult.error) {
@@ -509,7 +511,8 @@ export async function getUserRoutesByRole(roleKey: string): Promise<{ success: b
"id": `in.(${routeIds.join(',')})`,
"is_menu": "eq.1"
},
order: "parent_id,meta->>order"
order: "parent_id,meta->>order",
token: jwt
});
if (routesResult.error) {