给所有请求都加上jwt,隐藏生成jwt的secret(放到.env中),隐藏app-secret(放在pm2运行配置文件中,后续直接读取环境配置即可)

This commit is contained in:
2025-10-17 15:28:22 +08:00
parent 9ec6d30573
commit 59706b70d0
70 changed files with 2279 additions and 688 deletions
+9 -5
View File
@@ -100,6 +100,7 @@ export interface DocumentSearchParams {
sortOrder?: string; // 排序方式
page?: number; // 当前页码
pageSize?: number; // 每页条数
token?: string; // JWT token
}
@@ -168,7 +169,8 @@ export async function getReviewFiles(searchParams: DocumentSearchParams = {}, do
reviewStatus,
dateFrom,
dateTo,
sortOrder = 'upload_time_desc'
sortOrder = 'upload_time_desc',
token
} = searchParams;
let p_typeid: number[] | null = null;
@@ -204,8 +206,8 @@ export async function getReviewFiles(searchParams: DocumentSearchParams = {}, do
// 并行执行获取数据和获取总数的请求
const [filesResponse, countResponse] = await Promise.all([
postgrestPost<ReviewFileFromSQL[]>('rpc/get_review_files_with_details', listParams),
postgrestPost<number>('rpc/count_review_files', rpcParams)
postgrestPost<ReviewFileFromSQL[]>('rpc/get_review_files_with_details', listParams, token),
postgrestPost<number>('rpc/count_review_files', rpcParams, token)
]);
// 处理获取文档列表的错误
@@ -316,9 +318,10 @@ export async function getReviewFiles(searchParams: DocumentSearchParams = {}, do
* @param id 文件ID
* @param auditStatus 审核状态
* @param userId 用户ID
* @param token JWT token (可选)
* @returns 更新结果
*/
export async function updateDocumentAuditStatus(id: string, auditStatus: number, userId: string): Promise<{
export async function updateDocumentAuditStatus(id: string, auditStatus: number, userId: string, token?: string): Promise<{
success?: boolean;
error?: string;
status?: number;
@@ -338,7 +341,8 @@ export async function updateDocumentAuditStatus(id: string, auditStatus: number,
{
id: parseInt(id),
user_id: parseInt(userId) // 确保只能更新自己的文档
}
},
token
);
if (response.error) {