fix: 修改单点登录保存用户的jwt的生成,通过user_id为login,绕过验证进行表的增改。
This commit is contained in:
+7
-18
@@ -126,25 +126,14 @@ export async function loader({ request }: LoaderFunctionArgs) {
|
||||
// 获取重定向URL
|
||||
const redirectTo = url.searchParams.get("redirect") || "/";
|
||||
|
||||
// 先生成一个临时 JWT
|
||||
const tempUserInfo = {
|
||||
sub: userInfo.data.sub,
|
||||
// user_id: userInfo.data.user_id || "",
|
||||
user_id: "",
|
||||
username: userInfo.data.username,
|
||||
nick_name: userInfo.data.nickname,
|
||||
email: userInfo.data.email,
|
||||
phone_number: userInfo.data.phone_number,
|
||||
ou_id: userInfo.data.ou_id,
|
||||
ou_name: userInfo.data.ou_name,
|
||||
// is_leader: userInfo.data.is_leader,
|
||||
is_leader: false,
|
||||
user_role: userRole as 'common' | 'developer'
|
||||
};
|
||||
const tempToken = JWTUtils.generateJWT(tempUserInfo, tokenResponse.expires_in);
|
||||
|
||||
// 🔒 安全:临时 JWT 现在在 saveUserInfo() 内部生成,避免在客户端代码中暴露 user_id 逻辑
|
||||
// 成功获取用户信息之后通过auth.server.ts中的saveUserInfo方法去写入自己的数据库中,通过sub作为唯一值去添加数据
|
||||
const saveResult = await saveUserInfo(userInfo.data, tempToken, area);
|
||||
const saveResult = await saveUserInfo(
|
||||
userInfo.data,
|
||||
userRole,
|
||||
tokenResponse.expires_in,
|
||||
area
|
||||
);
|
||||
if (!saveResult.success) {
|
||||
console.error("保存用户信息到数据库失败:", saveResult.error);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user