fix: token reload

2024-12-15 01:19:03 +08:00
parent ed3d8b0e6c
commit 4a606bd824
9 changed files with 62 additions and 23 deletions
--- a/backend/modules/middlewares/m_jwt_parse.go
+++ b/backend/modules/middlewares/m_jwt_parse.go
@@ -16,7 +16,7 @@ func (f *Middlewares) ParseJWT(c fiber.Ctx) error {
 	token := tokens[0]
 	claim, err := f.jwt.Parse(token)
 	if err != nil {
-		return errors.Wrap(err, "failed to parse token")
+		return errors.Wrapf(err, "failed to parse token: %s", token)
 	}

 	// query user
--- a/backend/modules/middlewares/m_wechat_auth.go
+++ b/backend/modules/middlewares/m_wechat_auth.go
@@ -1,7 +1,9 @@
 package middlewares

 import (
+	"fmt"
 	"strings"
+	"time"

 	"backend/providers/wechat"

@@ -10,11 +12,26 @@ import (
 	log "github.com/sirupsen/logrus"
 )

+const StatePrefix = "sns_basic_auth"
+
 func (f *Middlewares) WeChatAuth(c fiber.Ctx) error {
-	log.WithField("module", "middleware.AuthUserInfo").Debugf("%s, query: %v", c.OriginalURL(), c.Queries())
+	log := log.WithField("module", "middleware.AuthUserInfo")
+	log.Debugf("%s, query: %v", c.OriginalURL(), c.Queries())
 	state := c.Query("state")
 	code := c.Query("code")
-	log.WithField("module", "middleware.AuthUserInfo").Debugf("code: %s, state: %s", code, state)
+	log.Debugf("code: %s, state: %s", code, state)
+
+	jwtToken := c.Cookies("token")
+	if jwtToken != "" {
+		log.Debugf("jwtToken: %s", jwtToken)
+
+		if _, err := f.jwt.Parse(jwtToken); err != nil {
+			log.WithError(err).Error("failed to parse jwt token")
+
+			c.ClearCookie("token")
+			return c.Redirect().To(c.Path())
+		}
+	}

 	if state == "" && code == "" {
 		url := string(c.Request().URI().FullURI())
@@ -27,7 +44,7 @@ func (f *Middlewares) WeChatAuth(c fiber.Ctx) error {

 		to, err := f.client.ScopeAuthorizeURL(
 			wechat.ScopeAuthorizeURLWithRedirectURI(url),
-			wechat.ScopeAuthorizeURLWithState("sns_basic_auth"),
+			wechat.ScopeAuthorizeURLWithState(fmt.Sprintf("%s_%d", StatePrefix, time.Now().UnixNano())),
 		)
 		if err != nil {
 			return errors.Wrap(err, "failed to get wechat auth url")
@@ -38,7 +55,7 @@ func (f *Middlewares) WeChatAuth(c fiber.Ctx) error {

 	}

-	if state != "sns_basic_auth" || code == "" {
+	if !strings.HasPrefix(state, StatePrefix) || code == "" {
 		return errors.New("invalid request")
 	}