修复登录缺陷和用户信息展示部分

2026-01-09 17:34:57 +08:00
parent 054b8954c4
commit c85293fd1d
11 changed files with 158 additions and 55 deletions
--- a/src/actions/auth.ts
+++ b/src/actions/auth.ts
@@ -1,7 +1,8 @@
 "use server"
 import { cookies } from "next/headers"
 import type { ApiResponse } from "@/lib/api"
-import { callByDevice } from "./base"
+import type { User } from "@/models/user"
+import { callByDevice, callByUser } from "./base"

 export type TokenResp = {
  access_token: string
@@ -29,12 +30,12 @@ export async function login(params: {
  // 保存到 cookies
  const data = resp.data
  const cookieStore = await cookies()
-  cookieStore.set("auth_token", data.access_token, {
+  cookieStore.set("admin/auth_token", data.access_token, {
    httpOnly: true,
    sameSite: "strict",
    maxAge: Math.max(data.expires_in, 0),
  })
-  cookieStore.set("auth_refresh", data.refresh_token, {
+  cookieStore.set("admin/auth_refresh", data.refresh_token, {
    httpOnly: true,
    sameSite: "strict",
    maxAge: Number.MAX_SAFE_INTEGER,
@@ -46,10 +47,47 @@ export async function login(params: {
  }
 }

+export async function logout() {
+  const cookieStore = await cookies()
+
+  // 尝试删除后台会话
+  const access_token = cookieStore.get("admin/auth_token")?.value
+  const refresh_token = cookieStore.get("admin/auth_refresh")?.value
+  if (access_token && refresh_token) {
+    await callByUser("/api/auth/revoke", {
+      access_token,
+      refresh_token,
+    })
+  }
+
+  // 删除 cookies
+  cookieStore.set("admin/auth_token", "", {
+    httpOnly: true,
+    sameSite: "strict",
+    maxAge: -1,
+  })
+  cookieStore.set("admin/auth_refresh", "", {
+    httpOnly: true,
+    sameSite: "strict",
+    maxAge: -1,
+  })
+
+  return {
+    success: true,
+    data: undefined,
+  }
+}
+
+export async function getProfile() {
+  return await callByUser<User>("/api/auth/introspect")
+}
+
 export async function refreshAuth() {
  const cookie = await cookies()

-  const userRefresh = cookie.get("auth_refresh")?.value
+  const userRefresh = cookie.get("admin/auth_refresh")?.value
+  console.log(userRefresh, "userRefresh")
+
  if (!userRefresh) {
    throw new Error("未授权访问")
  }
@@ -63,7 +101,7 @@ export async function refreshAuth() {
  // 处理请求
  if (!resp.success) {
    if (resp.status === 401) {
-      cookie.delete("auth_refresh")
+      cookie.delete("admin/auth_refresh")
    }
    throw new Error("未授权访问")
  }
@@ -75,12 +113,12 @@ export async function refreshAuth() {
  const expiresIn = data.expires_in

  // 保存令牌到 cookies
-  cookie.set("auth_token", nextAccessToken, {
+  cookie.set("admin/auth_token", nextAccessToken, {
    httpOnly: true,
    sameSite: "strict",
    maxAge: Math.max(expiresIn, 0),
  })
-  cookie.set("auth_refresh", nextRefreshToken, {
+  cookie.set("admin/auth_refresh", nextRefreshToken, {
    httpOnly: true,
    sameSite: "strict",
    maxAge: Number.MAX_SAFE_INTEGER,