Web/cn-rdms-web
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): 修复令牌过期处理和会话失效通知机制

Browse Source 
- 移除 VITE_SERVICE_LOGOUT_CODES 中的 1002023000 状态码
- 将 VITE_SERVICE_EXPIRED_TOKEN_CODES 从 1002023001 改为 1002023000
- 修改 fetchRefreshToken 函数使用 params 传递 refreshToken 并设置 skipAuth
- 添加 skipAuth 配置选项避免给公开接口带上过期 access 头
- 实现 notifySessionExpired 函数确保并发请求只弹一次会话失效提示
- 在登录成功后复位会话失效标志以支持下次正常提示
- 更新 handleExpiredRequest 使用 refreshTokenPromise 替代 refreshTokenFn
This commit is contained in:
hongawen
2026-05-15 13:38:41 +08:00
parent 7a4d831c10
commit 543d1a59a9
7 changed files with 69 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/service/request/index.ts
View File

@@ -5,7 +5,7 @@ import { localStg } from '@/utils/storage';
import { getServiceBaseURL } from '@/utils/service';
import { $t } from '@/locales';
import { applyApiEncrypt } from './api-encrypt';
import { getAuthorization, handleExpiredRequest, showErrorMsg } from './shared';
import { getAuthorization, handleExpiredRequest, notifySessionExpired, showErrorMsg } from './shared';
import { withDedupe } from './dedupe';
import type { RequestInstanceState } from './type';
@@ -29,8 +29,12 @@ export const request = withDedupe(
return response.data.data;
},
async onRequest(config) {
const Authorization = getAuthorization();
Object.assign(config.headers, { Authorization });
// skipAuth 为 true 的请求不注入 Authorization——避免给公开接口如 refresh-token
// 带上过期 access 头被网关拦截(网关只看 Authorization不区分路由是否 PermitAll
if (!config.skipAuth) {
const Authorization = getAuthorization();
Object.assign(config.headers, { Authorization });
}
applyApiEncrypt(config);
return config;
@@ -55,10 +59,11 @@ export const request = withDedupe(
request.state.errMsgStack = request.state.errMsgStack.filter(msg => msg !== response.data.msg);
}
// 当后端返回码命中 `logoutCodes` 时,表示用户需要退出登录并跳转到登录页
// 当后端返回码命中 `logoutCodes` 时,表示登录态已失效,需要提示后退出登录
// 走 notifySessionExpired 而不是裸 resetStore保证并发请求只弹一次 toast、只清一次状态
const logoutCodes = import.meta.env.VITE_SERVICE_LOGOUT_CODES?.split(',') || [];
if (logoutCodes.includes(responseCode)) {
handleLogout();
notifySessionExpired();
return null;
}