Fix auth security: add request timeout, safe redirects, and memory-only token support.

2026-03-18 14:55:37 +08:00
parent 2b1a2f0c28
commit 257668f3f3
6 changed files with 126 additions and 83 deletions
@@ -7,6 +7,7 @@ import { createRouter, createWebHistory } from 'vue-router'
 import { routes } from 'vue-router/auto-routes'

 import App from './App.vue'
+import { setTokenGetter } from './utils/request'

 const router = createRouter({
  history: createWebHistory(import.meta.env.BASE_URL),
@@ -19,6 +20,10 @@ const app = createApp(App)
 app.use(pinia)
 app.use(router)

+// 注入 token 获取函数，使 request.ts 能读取内存中的 token（remember=false 场景）
+import { useUserStore } from './stores/user'
+setTokenGetter(() => useUserStore().token)
+
 // 路由守卫
 const authWhitelist = ['/login', '/register']