frontend/src/stores/user.ts

import { api } from '@/utils/request'

export interface UserInfo {
  id: number
  username: string
  email: string
  role: string
  status: number
  ext?: Record<string, unknown> | null
}

export const useUserStore = defineStore('user', () => {
  const token = ref<string | null>(localStorage.getItem('access_token'))
  const refreshToken = ref<string | null>(localStorage.getItem('refresh_token'))
  const user = ref<UserInfo | null>(null)
  // 默认不持久化；从 localStorage 推断：有 token 说明上次选了"记住我"
  const _remember = ref(!!localStorage.getItem('access_token'))

  // 基本 JWT 格式校验（三段式），防止垃圾值绕过路由守卫
  const isLoggedIn = computed(() => {
    const t = token.value
    return !!t && t.split('.').length === 3
  })
  const isAdmin = computed(() => user.value?.role === 'admin')
  const username = computed(() => user.value?.username || '')

  function setToken(accessToken: string, newRefreshToken: string, remember = true) {
    token.value = accessToken
    refreshToken.value = newRefreshToken
    _remember.value = remember
    if (remember) {
      localStorage.setItem('access_token', accessToken)
      localStorage.setItem('refresh_token', newRefreshToken)
    } else {
      // 不记住：清除全部持久化数据，token 仅存于内存，关闭标签页即失效
      localStorage.removeItem('access_token')
      localStorage.removeItem('refresh_token')
      localStorage.removeItem('user')
    }
  }

  function setUser(info: UserInfo) {
    user.value = info
    if (_remember.value) {
      localStorage.setItem('user', JSON.stringify(info))
    }
  }

  async function fetchCurrentUser() {
    const data = await api.get<UserInfo>('/api/v1/me')
    setUser(data)
    return data
  }

  function logout() {
    token.value = null
    refreshToken.value = null
    user.value = null
    _remember.value = false
    localStorage.removeItem('access_token')
    localStorage.removeItem('refresh_token')
    localStorage.removeItem('user')
  }

  // 初始化：从 localStorage 恢复用户信息
  const savedUser = localStorage.getItem('user')
  if (savedUser) {
    try {
      user.value = JSON.parse(savedUser)
    } catch {
      user.value = null
    }
  }

  async function updateProfile(data: { email?: string; ext?: Record<string, unknown> }) {
    const result = await api.put<UserInfo>('/api/v1/me/profile', data)
    setUser(result)
    return result
  }

  async function changePassword(data: {
    old_password: string
    new_password: string
    new_password_confirmation: string
  }) {
    await api.put('/api/v1/me/password', data)
    logout()
  }

  return {
    token,
    refreshToken,
    user,
    isLoggedIn,
    isAdmin,
    username,
    setToken,
    setUser,
    fetchCurrentUser,
    logout,
    updateProfile,
    changePassword,
  }
})
frontend layout and infrastructure 2026-03-18 13:53:36 +08:00			`import { api } from '@/utils/request'`

			`export interface UserInfo {`
			`id: number`
			`username: string`
			`email: string`
			`role: string`
			`status: number`
auth page enhancement 2026-03-18 18:04:41 +08:00			`ext?: Record<string, unknown> \| null`
frontend layout and infrastructure 2026-03-18 13:53:36 +08:00			`}`

			`export const useUserStore = defineStore('user', () => {`
			`const token = ref<string \| null>(localStorage.getItem('access_token'))`
			`const refreshToken = ref<string \| null>(localStorage.getItem('refresh_token'))`
			`const user = ref<UserInfo \| null>(null)`
fix frontend phase0 bugs 2026-03-18 16:34:27 +08:00			`// 默认不持久化；从 localStorage 推断：有 token 说明上次选了"记住我"`
			`const _remember = ref(!!localStorage.getItem('access_token'))`
frontend layout and infrastructure 2026-03-18 13:53:36 +08:00
Fix auth security: add request timeout, safe redirects, and memory-only token support. 2026-03-18 14:55:37 +08:00			`// 基本 JWT 格式校验（三段式），防止垃圾值绕过路由守卫`
			`const isLoggedIn = computed(() => {`
			`const t = token.value`
			`return !!t && t.split('.').length === 3`
			`})`
frontend layout and infrastructure 2026-03-18 13:53:36 +08:00			`const isAdmin = computed(() => user.value?.role === 'admin')`
			`const username = computed(() => user.value?.username \|\| '')`

Fix auth security: add request timeout, safe redirects, and memory-only token support. 2026-03-18 14:55:37 +08:00			`function setToken(accessToken: string, newRefreshToken: string, remember = true) {`
frontend layout and infrastructure 2026-03-18 13:53:36 +08:00			`token.value = accessToken`
			`refreshToken.value = newRefreshToken`
fix login and register 2026-03-18 16:23:58 +08:00			`_remember.value = remember`
Fix auth security: add request timeout, safe redirects, and memory-only token support. 2026-03-18 14:55:37 +08:00			`if (remember) {`
			`localStorage.setItem('access_token', accessToken)`
			`localStorage.setItem('refresh_token', newRefreshToken)`
			`} else {`
fix frontend phase0 bugs 2026-03-18 16:34:27 +08:00			`// 不记住：清除全部持久化数据，token 仅存于内存，关闭标签页即失效`
Fix auth security: add request timeout, safe redirects, and memory-only token support. 2026-03-18 14:55:37 +08:00			`localStorage.removeItem('access_token')`
			`localStorage.removeItem('refresh_token')`
fix login and register 2026-03-18 16:23:58 +08:00			`localStorage.removeItem('user')`
Fix auth security: add request timeout, safe redirects, and memory-only token support. 2026-03-18 14:55:37 +08:00			`}`
frontend layout and infrastructure 2026-03-18 13:53:36 +08:00			`}`

			`function setUser(info: UserInfo) {`
			`user.value = info`
fix login and register 2026-03-18 16:23:58 +08:00			`if (_remember.value) {`
			`localStorage.setItem('user', JSON.stringify(info))`
			`}`
frontend layout and infrastructure 2026-03-18 13:53:36 +08:00			`}`

			`async function fetchCurrentUser() {`
fix login and register 2026-03-18 16:23:58 +08:00			`const data = await api.get<UserInfo>('/api/v1/me')`
frontend layout and infrastructure 2026-03-18 13:53:36 +08:00			`setUser(data)`
			`return data`
			`}`

			`function logout() {`
			`token.value = null`
			`refreshToken.value = null`
			`user.value = null`
fix frontend phase0 bugs 2026-03-18 16:34:27 +08:00			`_remember.value = false`
frontend layout and infrastructure 2026-03-18 13:53:36 +08:00			`localStorage.removeItem('access_token')`
			`localStorage.removeItem('refresh_token')`
			`localStorage.removeItem('user')`
			`}`

			`// 初始化：从 localStorage 恢复用户信息`
			`const savedUser = localStorage.getItem('user')`
			`if (savedUser) {`
			`try {`
			`user.value = JSON.parse(savedUser)`
			`} catch {`
			`user.value = null`
			`}`
			`}`

auth page enhancement 2026-03-18 18:04:41 +08:00			`async function updateProfile(data: { email?: string; ext?: Record<string, unknown> }) {`
			`const result = await api.put<UserInfo>('/api/v1/me/profile', data)`
			`setUser(result)`
			`return result`
			`}`

			`async function changePassword(data: {`
			`old_password: string`
			`new_password: string`
			`new_password_confirmation: string`
			`}) {`
			`await api.put('/api/v1/me/password', data)`
			`logout()`
			`}`

frontend layout and infrastructure 2026-03-18 13:53:36 +08:00			`return {`
			`token,`
			`refreshToken,`
			`user,`
			`isLoggedIn,`
			`isAdmin,`
			`username,`
			`setToken,`
			`setUser,`
			`fetchCurrentUser,`
			`logout,`
auth page enhancement 2026-03-18 18:04:41 +08:00			`updateProfile,`
			`changePassword,`
frontend layout and infrastructure 2026-03-18 13:53:36 +08:00			`}`
			`})`