给所有请求都加上jwt,隐藏生成jwt的secret(放到.env中),隐藏app-secret(放在pm2运行配置文件中,后续直接读取环境配置即可)

This commit is contained in:
2025-10-17 15:28:22 +08:00
parent 9ec6d30573
commit 59706b70d0
70 changed files with 2279 additions and 688 deletions
+26 -16
View File
@@ -129,9 +129,9 @@ interface ScoringProposal {
* @param request Remix请求对象,用于获取用户会话
* @returns 评查点结果列表和统计数据
*/
export async function getReviewPoints(fileId: string, request: Request) {
export async function getReviewPoints(fileId: string, request: Request) {
// 获取用户会话信息
const { userInfo } = await getUserSession(request);
const { userInfo, frontendJWT } = await getUserSession(request);
if (!userInfo?.user_id) {
console.error("用户身份验证失败");
@@ -141,7 +141,7 @@ export async function getReviewPoints(fileId: string, request: Request) {
// const userId = userInfo.user_id.toString();
// 首先先获取这个文档的数据
const documentData = await getDocumentWithNoUserId(fileId);
const documentData = await getDocumentWithNoUserId(fileId, frontendJWT);
if (documentData.error) {
console.error("获取文档数据错误:", documentData.error);
return Response.json({ error: documentData.error }, { status: documentData.status || 500 });
@@ -154,7 +154,8 @@ export async function getReviewPoints(fileId: string, request: Request) {
'document_id': `eq.${fileId}`
},
order: 'id.desc',
limit: 1
limit: 1,
token: frontendJWT
};
const contractStructureComparisonResponse = await postgrestGet('contract_structure_comparison', contractStructureComparisonParams);
@@ -195,7 +196,8 @@ export async function getReviewPoints(fileId: string, request: Request) {
select: '*',
filter: {
'document_id': `eq.${fileId}`
}
},
token: frontendJWT
};
const evaluationResultsResponse = await postgrestGet('evaluation_results', evaluationResultsParams);
@@ -223,7 +225,8 @@ export async function getReviewPoints(fileId: string, request: Request) {
select: '*',
filter: {
'id': `in.(${evaluationPointIds.join(',')})`
}
},
token: frontendJWT
};
const evaluationPointsResponse = await postgrestGet('evaluation_points', evaluationPointsParams);
@@ -249,7 +252,8 @@ export async function getReviewPoints(fileId: string, request: Request) {
select: '*',
filter: {
'id': `in.(${groupIds.join(',')})`
}
},
token: frontendJWT
};
const groupsResponse = await postgrestGet('evaluation_point_groups', groupsParams);
@@ -272,7 +276,8 @@ export async function getReviewPoints(fileId: string, request: Request) {
filter: {
'document_id': `eq.${fileId}`,
'evaluation_point_id': `in.(${manualReviewPointsIds.join(',')})`
}
},
token: frontendJWT
};
const manualReviewPointsResponse = await postgrestGet('audit_status', manualReviewPointsParams);
if (manualReviewPointsResponse.error) {
@@ -326,7 +331,8 @@ export async function getReviewPoints(fileId: string, request: Request) {
filter: {
'document_id': `eq.${fileId}`,
'deleted_at': `is.null`
}
},
token: frontendJWT
};
const scoringProposalsResponse = await postgrestGet('cross_scoring_proposals', scoringProposalsParams);
@@ -754,7 +760,7 @@ export async function updateReviewResult(
}> {
try {
// 获取用户会话信息
const { userInfo } = await getUserSession(request);
const { userInfo, frontendJWT } = await getUserSession(request);
if (!userInfo?.user_id) {
console.error("用户身份验证失败");
@@ -770,7 +776,8 @@ export async function updateReviewResult(
// 首先获取当前评查结果数据
const currentResultResponse = await postgrestGet('evaluation_results', {
select: '*',
filter: { id: `eq.${resultId}` }
filter: { id: `eq.${resultId}` },
token: frontendJWT
});
if (currentResultResponse.error) {
@@ -805,7 +812,8 @@ export async function updateReviewResult(
const resultResponse = await postgrestPut<unknown, typeof updatedData>(
'evaluation_results',
updatedData,
{ id: resultId }
{ id: resultId },
frontendJWT
);
if (resultResponse.error) {
@@ -830,7 +838,8 @@ export async function updateReviewResult(
{
id: editAuditStatusId,
user_id: userId // 添加用户ID条件,确保只能更新自己的记录
}
},
frontendJWT
);
if (auditStatusResponse.error) {
@@ -853,7 +862,7 @@ export async function updateReviewResult(
};
// 使用postgrestPost创建新记录
const postResponse = await postgrestPost('audit_status', newAuditStatus);
const postResponse = await postgrestPost('audit_status', newAuditStatus, frontendJWT);
if (postResponse.error) {
return { error: postResponse.error, status: postResponse.status || 500 };
@@ -889,7 +898,7 @@ export async function confirmReviewResults(documentId: string, request: Request)
}> {
try {
// 获取用户会话信息
const { userInfo } = await getUserSession(request);
const { userInfo, frontendJWT } = await getUserSession(request);
if (!userInfo?.user_id) {
console.error("用户身份验证失败");
@@ -932,7 +941,8 @@ export async function confirmReviewResults(documentId: string, request: Request)
{
id: documentId,
user_id: userId // 添加用户ID条件,确保只能更新自己的文档
}
},
frontendJWT
);
if (response.error) {