diff --git a/backend_v1/app/middlewares/mid_auth_frontend.go b/backend_v1/app/middlewares/mid_auth_frontend.go index 7a73256..c5e16d9 100644 --- a/backend_v1/app/middlewares/mid_auth_frontend.go +++ b/backend_v1/app/middlewares/mid_auth_frontend.go @@ -46,10 +46,9 @@ func (f *Middlewares) AuthFrontend(ctx fiber.Ctx) error { u.Path = "/v1/auth/phone" fullUrl = u.String() - // check cookie exists - cookie := ctx.Cookies("token") - log.Infof("cookie: %s", cookie) - if cookie == "" { + // 仅使用 Header 的 Bearer Token(前端 localStorage 存储,随请求透传)。 + token := ctx.Get("Authorization") + if token == "" { log.Infof("auth redirect_uri: %s", fullUrl) if ctx.XHR() { return ctx.SendStatus(fiber.StatusUnauthorized) @@ -57,10 +56,8 @@ func (f *Middlewares) AuthFrontend(ctx fiber.Ctx) error { return ctx.Redirect().To(fullUrl) } - jwt, err := f.jwt.Parse(cookie) + jwt, err := f.jwt.Parse(token) if err != nil { - // remove cookie - ctx.ClearCookie("token") if ctx.XHR() { return ctx.SendStatus(fiber.StatusUnauthorized) } @@ -69,8 +66,6 @@ func (f *Middlewares) AuthFrontend(ctx fiber.Ctx) error { user, err := services.Users.FindByID(ctx.Context(), jwt.UserID) if err != nil { - // remove cookie - ctx.ClearCookie("token") if ctx.XHR() { return ctx.SendStatus(fiber.StatusUnauthorized) } diff --git a/frontend/wechat/src/api/client.js b/frontend/wechat/src/api/client.js index 641a59a..73bf806 100644 --- a/frontend/wechat/src/api/client.js +++ b/frontend/wechat/src/api/client.js @@ -9,7 +9,7 @@ function getCurrentPathWithQueryHash() { const client = axios.create({ baseURL: '/v1', timeout: 10000, - withCredentials: true, + withCredentials: false, headers: { 'Content-Type': 'application/json', 'X-Requested-With': 'XMLHttpRequest', @@ -21,6 +21,11 @@ const client = axios.create({ // Request interceptor client.interceptors.request.use( config => { + const token = localStorage.getItem('token'); + if (token) { + config.headers = config.headers || {}; + config.headers['Authorization'] = token.startsWith('Bearer ') ? token : `Bearer ${token}`; + } return config; }, error => { @@ -45,6 +50,7 @@ client.interceptors.response.use( const redirectPath = encodeURIComponent(getCurrentPathWithQueryHash()); sessionStorage.setItem('post_auth_redirect', getCurrentPathWithQueryHash()); sessionStorage.removeItem('phone_verified'); + localStorage.removeItem('token'); window.location.href = `/verify-phone?redirect=${redirectPath}`; return Promise.reject(error); } diff --git a/frontend/wechat/src/layouts/MainLayout.vue b/frontend/wechat/src/layouts/MainLayout.vue index 593ba54..5f183ce 100644 --- a/frontend/wechat/src/layouts/MainLayout.vue +++ b/frontend/wechat/src/layouts/MainLayout.vue @@ -5,7 +5,7 @@ import { useRouter } from 'vue-router' const router = useRouter() const activeTab = ref(0) -const isPhoneVerified = () => sessionStorage.getItem('phone_verified') === '1' +const isAuthed = () => Boolean(localStorage.getItem('token')) const tabs = [ { label: '列表', route: '/', icon: AiOutlineHome }, @@ -14,7 +14,7 @@ const tabs = [ ] const switchTab = (index, route) => { - if ((route === '/purchased' || route === '/profile') && !isPhoneVerified()) { + if ((route === '/purchased' || route === '/profile') && !isAuthed()) { const redirect = encodeURIComponent(route) router.replace(`/verify-phone?redirect=${redirect}`) return diff --git a/frontend/wechat/src/views/ArticleDetail.vue b/frontend/wechat/src/views/ArticleDetail.vue index b69c14a..8576384 100644 --- a/frontend/wechat/src/views/ArticleDetail.vue +++ b/frontend/wechat/src/views/ArticleDetail.vue @@ -87,7 +87,7 @@ const updateMediaSource = async () => { }; const handleBuy = async () => { - if (sessionStorage.getItem('phone_verified') !== '1') { + if (!localStorage.getItem('token')) { const redirect = encodeURIComponent(router.currentRoute.value.fullPath); router.replace(`/verify-phone?redirect=${redirect}`); return; @@ -142,7 +142,7 @@ const handleBuy = async () => { } catch (error) { console.error("Failed to initiate payment:", error); // alert("发起支付失败,请稍后重试"); - alert(error.response?.data || "发起支付失败,请稍后重试"); + alert(error.response?.data?.message || "发起支付失败,请稍后重试"); } finally { buying.value = false; } @@ -214,7 +214,8 @@ onUnmounted(() => {
- 注意:未购买视频仅可预览 1 分钟,购买后可观看全集。账户充值购买联系微信:{{ article.recharge_wechat }} + 注意:未购买视频仅可预览 1 分钟,购买后可观看全集。账户充值购买联系微信:{{ article.recharge_wechat + }}
diff --git a/frontend/wechat/src/views/VerifyPhone.vue b/frontend/wechat/src/views/VerifyPhone.vue index d6cb8cd..0815cf8 100644 --- a/frontend/wechat/src/views/VerifyPhone.vue +++ b/frontend/wechat/src/views/VerifyPhone.vue @@ -58,7 +58,13 @@ const handleVerify = async () => { if (!canVerify.value) return; verifying.value = true; try { - await authApi.validateSmsCode(phone.value, code.value); + const resp = await authApi.validateSmsCode(phone.value, code.value); + const token = resp?.data?.token || resp?.data?.Token; + if (!token) { + alert("验证失败:未返回 token"); + return; + } + localStorage.setItem("token", String(token)); sessionStorage.setItem("phone_verified", "1"); const redirect = normalizeRedirect(route.query.redirect) || @@ -67,7 +73,7 @@ const handleVerify = async () => { sessionStorage.removeItem("post_auth_redirect"); router.replace(redirect); } catch (error) { - alert(error?.response?.data || "验证失败"); + alert(error?.response?.data?.message || "验证失败"); } finally { verifying.value = false; } diff --git a/frontend/wechat/stats.html b/frontend/wechat/stats.html index 4394a94..080759e 100644 --- a/frontend/wechat/stats.html +++ b/frontend/wechat/stats.html @@ -4929,7 +4929,7 @@ var drawChart = (function (exports) {