wpic-dev/datahub
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix auth security: add request timeout, safe redirects, and memory-only token support.

Browse Source
This commit is contained in:
Nick Zeng
2026-03-18 14:55:37 +08:00
parent 2b1a2f0c28
commit 257668f3f3
6 changed files with 126 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/src/stores/user.ts
+14 -4
View File
@@ -13,15 +13,25 @@ export const useUserStore = defineStore('user', () => {
const refreshToken = ref<string | null>(localStorage.getItem('refresh_token'))
const user = ref<UserInfo | null>(null)
const isLoggedIn = computed(() => !!token.value)
// 基本 JWT 格式校验(三段式),防止垃圾值绕过路由守卫
const isLoggedIn = computed(() => {
const t = token.value
return !!t && t.split('.').length === 3
})
const isAdmin = computed(() => user.value?.role === 'admin')
const username = computed(() => user.value?.username || '')
function setToken(accessToken: string, newRefreshToken: string) {
function setToken(accessToken: string, newRefreshToken: string, remember = true) {
token.value = accessToken
refreshToken.value = newRefreshToken
localStorage.setItem('access_token', accessToken)
localStorage.setItem('refresh_token', newRefreshToken)
if (remember) {
localStorage.setItem('access_token', accessToken)
localStorage.setItem('refresh_token', newRefreshToken)
} else {
// 不记住:清除持久化,token 仅存于内存,关闭标签页即失效
localStorage.removeItem('access_token')
localStorage.removeItem('refresh_token')
}
}
function setUser(info: UserInfo) {