给所有请求都加上jwt,隐藏生成jwt的secret(放到.env中),隐藏app-secret(放在pm2运行配置文件中,后续直接读取环境配置即可)

This commit is contained in:
2025-10-17 15:28:22 +08:00
parent 9ec6d30573
commit 59706b70d0
70 changed files with 2279 additions and 688 deletions
+4 -1
View File
@@ -1,5 +1,6 @@
import { LoaderFunctionArgs } from "@remix-run/node";
import { postgrestGet } from "~/api/postgrest-client";
import { getUserSession } from "~/api/login/auth.server";
/**
* 文档下载路由 - 处理文档下载请求
@@ -7,6 +8,7 @@ import { postgrestGet } from "~/api/postgrest-client";
*/
export async function loader({ request }: LoaderFunctionArgs) {
try {
const { frontendJWT } = await getUserSession(request);
// 获取文件路径参数
const url = new URL(request.url);
const filePath = url.searchParams.get("path");
@@ -23,7 +25,8 @@ export async function loader({ request }: LoaderFunctionArgs) {
filter: {
'object_path': `eq.${filePath}`,
'expires_in': 'eq.300' // 5分钟有效期
}
},
token: frontendJWT
}
);