给所有请求都加上jwt,隐藏生成jwt的secret(放到.env中),隐藏app-secret(放在pm2运行配置文件中,后续直接读取环境配置即可)
This commit is contained in:
@@ -1,5 +1,6 @@
|
||||
import { LoaderFunctionArgs } from "@remix-run/node";
|
||||
import { postgrestGet } from "~/api/postgrest-client";
|
||||
import { getUserSession } from "~/api/login/auth.server";
|
||||
|
||||
/**
|
||||
* 文档下载路由 - 处理文档下载请求
|
||||
@@ -7,6 +8,7 @@ import { postgrestGet } from "~/api/postgrest-client";
|
||||
*/
|
||||
export async function loader({ request }: LoaderFunctionArgs) {
|
||||
try {
|
||||
const { frontendJWT } = await getUserSession(request);
|
||||
// 获取文件路径参数
|
||||
const url = new URL(request.url);
|
||||
const filePath = url.searchParams.get("path");
|
||||
@@ -23,7 +25,8 @@ export async function loader({ request }: LoaderFunctionArgs) {
|
||||
filter: {
|
||||
'object_path': `eq.${filePath}`,
|
||||
'expires_in': 'eq.300' // 5分钟有效期
|
||||
}
|
||||
},
|
||||
token: frontendJWT
|
||||
}
|
||||
);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user