Skip to content

Commit 099880d

Browse files
authored
Update the refresh token verify mechanism (#710)
* Remove the logout interface auth dependency * Update the refresh token check
1 parent d906a10 commit 099880d

File tree

2 files changed

+5
-2
lines changed

2 files changed

+5
-2
lines changed

backend/app/admin/api/v1/auth/auth.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ async def refresh_token(request: Request) -> ResponseSchemaModel[GetNewToken]:
4747
return response_base.success(data=data)
4848

4949

50-
@router.post('/logout', summary='用户登出', dependencies=[DependsJwtAuth])
50+
@router.post('/logout', summary='用户登出')
5151
async def logout(request: Request, response: Response) -> ResponseModel:
5252
await auth_service.logout(request=request, response=response)
5353
return response_base.success()

backend/app/admin/service/auth_service.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -197,14 +197,17 @@ async def refresh_token(*, request: Request) -> GetNewToken:
197197
"""
198198
refresh_token = request.cookies.get(settings.COOKIE_REFRESH_TOKEN_KEY)
199199
if not refresh_token:
200-
raise errors.TokenError(msg='Refresh Token 已过期,请重新登录')
200+
raise errors.RequestError(msg='Refresh Token 已过期,请重新登录')
201201
token_payload = jwt_decode(refresh_token)
202202
async with async_db_session() as db:
203203
user = await user_dao.get(db, token_payload.id)
204204
if not user:
205205
raise errors.NotFoundError(msg='用户不存在')
206206
elif not user.status:
207207
raise errors.AuthorizationError(msg='用户已被锁定, 请联系统管理员')
208+
if not user.is_multi_login:
209+
if await redis_client.keys(match=f'{settings.TOKEN_REDIS_PREFIX}:{user.id}:*'):
210+
raise errors.ForbiddenError(msg='此用户已在异地登录,请重新登录并及时修改密码')
208211
new_token = await create_new_token(
209212
refresh_token,
210213
token_payload.session_uuid,

0 commit comments

Comments
 (0)