Fix auth security: add request timeout, safe redirects, and memory-only token support.

2026-03-18 14:55:37 +08:00
parent 2b1a2f0c28
commit 257668f3f3
6 changed files with 126 additions and 83 deletions
@@ -1,5 +1,6 @@
 <script setup lang="ts">
 import Brand from '@/components/Brand.vue'
+import { useUserStore } from '@/stores/user'
 import {
  MenuFoldOutlined,
  MenuUnfoldOutlined,
@@ -25,6 +26,7 @@ interface MenuItem {

 const router = useRouter()
 const route = useRoute()
+const userStore = useUserStore()

 // 侧边栏折叠状态，持久化到 localStorage
 const collapsed = ref(localStorage.getItem('sidebarCollapsed') === 'true')
@@ -75,18 +77,7 @@ const menuItems: MenuItem[] = [
  { key: '/mq-status', icon: MonitorOutlined, label: '队列监控' },
 ]

-// 用户信息（P0.3 完成后将由 user store 提供）
-const username = computed(() => {
-  try {
-    const saved = localStorage.getItem('user')
-    if (saved) {
-      return JSON.parse(saved).username || 'admin'
-    }
-  } catch {
-    // ignore parse error
-  }
-  return 'admin'
-})
+const username = computed(() => userStore.username || 'admin')

 const handleMenuClick = ({ key }: { key: string }) => {
  if (key.startsWith('/')) {
@@ -95,9 +86,7 @@ const handleMenuClick = ({ key }: { key: string }) => {
 }

 const handleLogout = () => {
-  localStorage.removeItem('access_token')
-  localStorage.removeItem('refresh_token')
-  localStorage.removeItem('user')
+  userStore.logout()
  router.push('/login')
 }