重构认证逻辑,优化登录和用户信息获取流程,新增全局缓存支持
This commit is contained in:
@@ -1,62 +1,57 @@
|
||||
'use server'
|
||||
import {cookies} from 'next/headers'
|
||||
import {ApiResponse} from '@/lib/api'
|
||||
import {ApiResponse, UnauthorizedError} from '@/lib/api'
|
||||
import {AuthContext} from '@/lib/auth'
|
||||
import {User} from '@/lib/models'
|
||||
import {callByDevice, callByUser, getUserToken} from '@/actions/base'
|
||||
import {callByDevice, callByUser, callPublic, getUserToken} from '@/actions/base'
|
||||
import {redirect} from 'next/navigation'
|
||||
import {cache} from 'react'
|
||||
|
||||
export interface LoginParams {
|
||||
username: string
|
||||
password: string
|
||||
remember?: boolean
|
||||
remember: boolean
|
||||
}
|
||||
|
||||
type LoginResp = {
|
||||
access_token: string
|
||||
refresh_token: string
|
||||
expires: number
|
||||
auth: AuthContext
|
||||
profile: User
|
||||
expires_in: number
|
||||
token_type: string
|
||||
scope?: string
|
||||
}
|
||||
|
||||
export async function login(props: LoginParams): Promise<ApiResponse> {
|
||||
// 尝试登录
|
||||
const result = await callByDevice<LoginResp>('/api/auth/login/sms', {
|
||||
username: props.username,
|
||||
password: props.password,
|
||||
remember: props.remember ?? false,
|
||||
const result = await callByDevice<LoginResp>('/api/auth/token', {
|
||||
...props,
|
||||
grant_type: 'password',
|
||||
login_type: 'phone_code',
|
||||
})
|
||||
if (!result.success) {
|
||||
return result
|
||||
}
|
||||
const data = result.data
|
||||
|
||||
// 保存到 cookies
|
||||
const current = Math.floor(Date.now() / 1000)
|
||||
const future = data.expires - current
|
||||
|
||||
const data = result.data
|
||||
const cookieStore = await cookies()
|
||||
cookieStore.set('auth_token', data.access_token, {
|
||||
httpOnly: true,
|
||||
sameSite: 'strict',
|
||||
maxAge: Math.max(future, 0),
|
||||
maxAge: Math.max(data.expires_in, 0),
|
||||
})
|
||||
cookieStore.set('auth_refresh', data.refresh_token, {
|
||||
httpOnly: true,
|
||||
sameSite: 'strict',
|
||||
maxAge: 7 * 24 * 3600,
|
||||
})
|
||||
cookieStore.set('auth_info', JSON.stringify(data.auth), {
|
||||
httpOnly: true,
|
||||
sameSite: 'strict',
|
||||
maxAge: 7 * 24 * 3600,
|
||||
})
|
||||
cookieStore.set('auth_profile', JSON.stringify(data.profile), {
|
||||
httpOnly: true,
|
||||
sameSite: 'strict',
|
||||
maxAge: 7 * 24 * 3600,
|
||||
})
|
||||
// cookieStore.set('auth_info', JSON.stringify(data.auth), {
|
||||
// httpOnly: true,
|
||||
// sameSite: 'strict',
|
||||
// })
|
||||
// cookieStore.set('auth_profile', JSON.stringify(data.profile), {
|
||||
// httpOnly: true,
|
||||
// sameSite: 'strict',
|
||||
// })
|
||||
|
||||
return {
|
||||
success: true,
|
||||
@@ -88,52 +83,27 @@ export async function logout() {
|
||||
sameSite: 'strict',
|
||||
maxAge: -1,
|
||||
})
|
||||
cookieStore.set('auth_info', '', {
|
||||
httpOnly: true,
|
||||
sameSite: 'strict',
|
||||
maxAge: -1,
|
||||
})
|
||||
cookieStore.set('auth_profile', '', {
|
||||
httpOnly: true,
|
||||
sameSite: 'strict',
|
||||
maxAge: -1,
|
||||
})
|
||||
|
||||
return redirect('/')
|
||||
return {
|
||||
success: true,
|
||||
data: undefined,
|
||||
}
|
||||
}
|
||||
|
||||
export async function getProfile(refresh: boolean = false) {
|
||||
const cookie = await cookies()
|
||||
|
||||
// 获取缓存的用户信息
|
||||
if (!refresh) {
|
||||
const profile = cookie.get('auth_profile')?.value
|
||||
if (profile) {
|
||||
return JSON.parse(profile) as User
|
||||
}
|
||||
}
|
||||
|
||||
// 获取缓存的 token
|
||||
let token: string
|
||||
export async function getProfile() {
|
||||
try {
|
||||
token = await getUserToken()
|
||||
const token = await getUserToken()
|
||||
const result = await callPublic<User>('/api/user/get/token', {token})
|
||||
|
||||
if (!result.success) {
|
||||
throw new Error('获取用户信息失败')
|
||||
}
|
||||
return result.data
|
||||
}
|
||||
catch (e) {
|
||||
return null
|
||||
if (e === UnauthorizedError) {
|
||||
return null
|
||||
}
|
||||
throw e
|
||||
}
|
||||
|
||||
// 如果没有缓存,则请求用户信息
|
||||
const result = await callByUser<User>('/api/user/get/token', {token})
|
||||
if (!result.success) {
|
||||
return null
|
||||
}
|
||||
|
||||
// 保存用户信息到cookie
|
||||
cookie.set('auth_profile', JSON.stringify(result.data), {
|
||||
httpOnly: true,
|
||||
sameSite: 'strict',
|
||||
maxAge: 7 * 24 * 3600,
|
||||
})
|
||||
|
||||
return result.data
|
||||
}
|
||||
|
||||
@@ -2,106 +2,52 @@
|
||||
import {API_BASE_URL, CLIENT_ID, CLIENT_SECRET, ApiResponse, UnauthorizedError} from '@/lib/api'
|
||||
import {cookies, headers} from 'next/headers'
|
||||
import {redirect} from 'next/navigation'
|
||||
|
||||
// OAuth令牌缓存
|
||||
interface TokenCache {
|
||||
token: string
|
||||
expires: number // 过期时间戳
|
||||
}
|
||||
import {cache} from 'react'
|
||||
|
||||
// ======================
|
||||
// region device token
|
||||
// ======================
|
||||
|
||||
let tokenCache: TokenCache | null = null
|
||||
|
||||
// 获取OAuth2访问令牌
|
||||
async function getDeviceToken(forceRefresh = false): Promise<string> {
|
||||
try {
|
||||
// 检查缓存的令牌是否可用
|
||||
if (!forceRefresh && tokenCache && tokenCache.expires > Date.now()) {
|
||||
return tokenCache.token
|
||||
}
|
||||
|
||||
const addr = `${API_BASE_URL}/api/auth/token`
|
||||
const body = {
|
||||
client_id: CLIENT_ID,
|
||||
client_secret: CLIENT_SECRET,
|
||||
grant_type: 'client_credentials',
|
||||
}
|
||||
|
||||
const response = await fetch(addr, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
},
|
||||
body: JSON.stringify(body),
|
||||
})
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(`OAuth token request failed: ${response.status} ${await response.text()}`)
|
||||
}
|
||||
|
||||
const data = await response.json()
|
||||
|
||||
// 缓存令牌和过期时间
|
||||
// 通常后端会返回expires_in(秒为单位)
|
||||
tokenCache = {
|
||||
token: data.access_token,
|
||||
expires: Date.now() + data.expires_in * 1000,
|
||||
}
|
||||
|
||||
return tokenCache.token
|
||||
}
|
||||
catch (error) {
|
||||
console.error('Failed to get access token:', error)
|
||||
throw new Error('认证服务暂时不可用')
|
||||
}
|
||||
async function callByDevice<R = undefined>(
|
||||
endpoint: string,
|
||||
data: unknown,
|
||||
): Promise<ApiResponse<R>> {
|
||||
return _callByDevice(endpoint, data ? JSON.stringify(data) : undefined)
|
||||
}
|
||||
|
||||
// 通用的API调用函数
|
||||
async function callByDevice<R = undefined>(endpoint: string, data: unknown): Promise<ApiResponse<R>> {
|
||||
const _callByDevice = cache(async <R = undefined>(
|
||||
endpoint: string,
|
||||
data?: string,
|
||||
): Promise<ApiResponse<R>> => {
|
||||
try {
|
||||
// 发送请求
|
||||
let accessToken = getDeviceToken()
|
||||
const requestOptions = {
|
||||
// 获取设备令牌
|
||||
if (!CLIENT_ID || !CLIENT_SECRET) {
|
||||
throw new Error('缺少CLIENT_ID或CLIENT_SECRET环境变量')
|
||||
}
|
||||
const token = Buffer.from(`${CLIENT_ID}:${CLIENT_SECRET}`).toString('base64url')
|
||||
|
||||
// 构造请求
|
||||
const url = `${API_BASE_URL}${endpoint}`
|
||||
const request = {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'Authorization': `Bearer ${await accessToken}`,
|
||||
'Authorization': `Basic ${token}`,
|
||||
},
|
||||
body: JSON.stringify(data),
|
||||
}
|
||||
let response = await fetch(`${API_BASE_URL}${endpoint}`, requestOptions)
|
||||
|
||||
// 如果返回401未授权,尝试刷新令牌并重试一次
|
||||
if (response.status === 401) {
|
||||
accessToken = getDeviceToken(true) // 强制刷新令牌
|
||||
|
||||
// 使用新令牌重试请求
|
||||
requestOptions.headers['Authorization'] = `Bearer ${await accessToken}`
|
||||
response = await fetch(`${API_BASE_URL}${endpoint}`, requestOptions)
|
||||
body: data,
|
||||
}
|
||||
|
||||
// 检查响应状态
|
||||
if (!response.ok) {
|
||||
console.log('响应不成功', `status=${response.status}`, await response.text())
|
||||
return {
|
||||
success: false,
|
||||
status: response.status,
|
||||
message: '请求失败',
|
||||
}
|
||||
}
|
||||
// 发送请求
|
||||
const response = await fetch(`${API_BASE_URL}${endpoint}`, request)
|
||||
|
||||
// 检查响应状态
|
||||
return handleResponse(response)
|
||||
}
|
||||
catch (e) {
|
||||
console.error('API call failed:', e)
|
||||
throw new Error('服务调用失败', {cause: e})
|
||||
}
|
||||
}
|
||||
|
||||
})
|
||||
|
||||
// endregion
|
||||
|
||||
@@ -172,26 +118,33 @@ async function callByUser<R = undefined>(
|
||||
endpoint: string,
|
||||
data?: unknown,
|
||||
): Promise<ApiResponse<R>> {
|
||||
return _callByUser(endpoint, data ? JSON.stringify(data) : undefined)
|
||||
}
|
||||
|
||||
const _callByUser = cache(async <R = undefined>(
|
||||
endpoint: string,
|
||||
data?: string,
|
||||
): Promise<ApiResponse<R>> => {
|
||||
const header = await headers()
|
||||
try {
|
||||
let token = await getUserToken()
|
||||
const header = await headers()
|
||||
|
||||
// 获取客户端 IP
|
||||
const clientIp = header.get('x-forwarded-for')
|
||||
|
||||
// 发送请求
|
||||
|
||||
// 构造请求
|
||||
const request = {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'Authorization': `Bearer ${token}`,
|
||||
} as Record<string, string>,
|
||||
body: data ? JSON.stringify(data) : undefined,
|
||||
}
|
||||
if (clientIp) {
|
||||
request.headers['X-Forwarded-For'] = clientIp
|
||||
body: data,
|
||||
}
|
||||
|
||||
const userIp = header.get('x-forwarded-for')
|
||||
if (userIp) {
|
||||
request.headers['X-Forwarded-For'] = userIp
|
||||
}
|
||||
|
||||
// 发送请求
|
||||
let response = await fetch(`${API_BASE_URL}${endpoint}`, request)
|
||||
if (response.status === 401) {
|
||||
token = await getUserToken(true)
|
||||
@@ -199,45 +152,25 @@ async function callByUser<R = undefined>(
|
||||
response = await fetch(`${API_BASE_URL}${endpoint}`, request)
|
||||
}
|
||||
|
||||
// 检查响应状态
|
||||
if (!response.ok) {
|
||||
const body = await response.text()
|
||||
console.log('响应不成功', `status=${response.status}`, body)
|
||||
|
||||
if (response.status === 401) {
|
||||
return redirect('/login')
|
||||
}
|
||||
|
||||
if (response.status >= 400 && response.status < 500) {
|
||||
return {
|
||||
status: response.status,
|
||||
success: false,
|
||||
message: body,
|
||||
}
|
||||
}
|
||||
|
||||
if (response.status >= 500) {
|
||||
return {
|
||||
status: response.status,
|
||||
success: false,
|
||||
message: '服务器错误',
|
||||
}
|
||||
}
|
||||
|
||||
return {
|
||||
status: response.status,
|
||||
success: false,
|
||||
message: `请求失败,status = ${response.status}`,
|
||||
}
|
||||
if (response.status === 401) {
|
||||
throw UnauthorizedError
|
||||
}
|
||||
|
||||
return handleResponse(response)
|
||||
}
|
||||
catch (e) {
|
||||
console.error('API call with user token failed:', e)
|
||||
if (e === UnauthorizedError) {
|
||||
const referer = header.get('referer')
|
||||
let redirectUrl = '/login'
|
||||
if (referer) {
|
||||
const url = new URL(referer)
|
||||
redirectUrl = `/login?redirect=${encodeURIComponent(url.pathname)}`
|
||||
}
|
||||
return redirect(redirectUrl)
|
||||
}
|
||||
throw new Error('服务调用失败', {cause: e})
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
// endregion
|
||||
|
||||
@@ -250,43 +183,35 @@ async function callPublic<R = undefined>(
|
||||
endpoint: string,
|
||||
data?: unknown,
|
||||
): Promise<ApiResponse<R>> {
|
||||
return _callPublic(endpoint, data ? JSON.stringify(data) : undefined)
|
||||
}
|
||||
|
||||
const _callPublic = cache(async <R = undefined>(
|
||||
endpoint: string,
|
||||
data?: string,
|
||||
): Promise<ApiResponse<R>> => {
|
||||
try {
|
||||
// 发送请求
|
||||
const requestOptions: RequestInit = {
|
||||
const url = `${API_BASE_URL}${endpoint}`
|
||||
const request: RequestInit = {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
},
|
||||
body: data ? JSON.stringify(data) : undefined,
|
||||
}
|
||||
|
||||
const response = await fetch(`${API_BASE_URL}${endpoint}`, requestOptions)
|
||||
|
||||
// 检查响应状态
|
||||
if (!response.ok) {
|
||||
console.log('公共接口响应不成功', `status=${response.status}`, await response.text())
|
||||
|
||||
return {
|
||||
status: response.status,
|
||||
success: false,
|
||||
message: response.status >= 500 ? '服务器错误' : '请求失败',
|
||||
}
|
||||
body: data,
|
||||
}
|
||||
|
||||
const response = await fetch(url, request)
|
||||
return handleResponse(response)
|
||||
}
|
||||
catch (e) {
|
||||
console.error('Public API call failed:', e)
|
||||
throw new Error('服务调用失败', { cause: e })
|
||||
throw new Error('服务调用失败', {cause: e})
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
// endregion
|
||||
|
||||
// 统一响应解析
|
||||
async function handleResponse<R = undefined>(response: Response): Promise<ApiResponse<R>> {
|
||||
|
||||
// 解析响应数据
|
||||
const type = response.headers.get('Content-Type') ?? 'text/plain'
|
||||
if (type.indexOf('application/json') !== -1) {
|
||||
const json = await response.json()
|
||||
@@ -313,9 +238,11 @@ async function handleResponse<R = undefined>(response: Response): Promise<ApiRes
|
||||
message: text || '请求失败',
|
||||
}
|
||||
}
|
||||
|
||||
console.log('响应成功', `type=text`, `text=${text}`)
|
||||
return {
|
||||
success: true,
|
||||
data: undefined as unknown as R, // 强转类型,考虑优化
|
||||
data: undefined as R, // 强转类型,考虑优化
|
||||
}
|
||||
}
|
||||
else {
|
||||
@@ -327,7 +254,6 @@ async function handleResponse<R = undefined>(response: Response): Promise<ApiRes
|
||||
|
||||
// 导出
|
||||
export {
|
||||
getDeviceToken,
|
||||
getUserToken,
|
||||
callByDevice,
|
||||
callByUser,
|
||||
|
||||
Reference in New Issue
Block a user