diff --git a/es/aspects/oauth.js b/es/aspects/oauth.js index dc5c457f3..528db2264 100644 --- a/es/aspects/oauth.js +++ b/es/aspects/oauth.js @@ -328,7 +328,7 @@ export async function authorize(params, context) { oauthAppId: oauthApp.id, applicationId: context.getApplicationId(), userId: context.getCurrentUserId(), - scope: [scope || ""], + scope: scope === undefined ? [] : [scope], expiresAt: Date.now() + 10 * 60 * 1000, // 10分钟后过期 } }, {}); diff --git a/es/components/login/oauth/authorize/index.js b/es/components/login/oauth/authorize/index.js index e0e80ce0d..72e84c2c8 100644 --- a/es/components/login/oauth/authorize/index.js +++ b/es/components/login/oauth/authorize/index.js @@ -136,7 +136,7 @@ export default OakComponent({ }).then((result) => { const { redirectUri } = result.result; assert(redirectUri, 'redirectUri should be present in authorize result'); - window.location.href = redirectUri; + window.location.replace(redirectUri); }).catch((err) => { console.error('Error during OAuth authorization:', err); this.setState({ diff --git a/es/endpoints/oauth.js b/es/endpoints/oauth.js index 99a2cd0b5..fce6a7c6e 100644 --- a/es/endpoints/oauth.js +++ b/es/endpoints/oauth.js @@ -458,17 +458,26 @@ const oauthRevocationEndpoint = { } // 4. 撤销操作(无论找到与否,都返回 200,但如果找到则执行失效操作) if (tokenRecord) { - const pastTime = Date.now() - 1000; - // 将 Access Token 和 Refresh Token 的过期时间都设为过去,使其立即失效 - await context.operate("oauthToken", { + // const pastTime = Date.now() - 1000; + // // 将 Access Token 和 Refresh Token 的过期时间都设为过去,使其立即失效 + // await context.operate("oauthToken", { + // id: await generateNewIdAsync(), + // action: "update", + // data: { + // accessExpiresAt: pastTime, + // refreshExpiresAt: pastTime, + // }, + // filter: { + // id: tokenRecord.id, + // } + // }, {}); + // 使用这个token的认证记录都撤销掉,在trigger里会自动设置 revokedAt + await context.operate("oauthUserAuthorization", { id: await generateNewIdAsync(), - action: "update", - data: { - accessExpiresAt: pastTime, - refreshExpiresAt: pastTime, - }, + action: "revoke", + data: {}, filter: { - id: tokenRecord.id, + tokenId: tokenRecord.id, } }, {}); } @@ -484,5 +493,6 @@ const endpoints = { 'oauth/access_token': oauthTokenEndpoint, 'oauth/userinfo': oauthUserInfoEndpoint, 'oauth/token': refreshTokenEndpoint, + 'oauth/revoke': oauthRevocationEndpoint, }; export default endpoints; diff --git a/lib/aspects/oauth.js b/lib/aspects/oauth.js index 4f8098860..0093af8ee 100644 --- a/lib/aspects/oauth.js +++ b/lib/aspects/oauth.js @@ -335,7 +335,7 @@ async function authorize(params, context) { oauthAppId: oauthApp.id, applicationId: context.getApplicationId(), userId: context.getCurrentUserId(), - scope: [scope || ""], + scope: scope === undefined ? [] : [scope], expiresAt: Date.now() + 10 * 60 * 1000, // 10分钟后过期 } }, {}); diff --git a/lib/endpoints/oauth.js b/lib/endpoints/oauth.js index 5294b7d8b..a7061f1f3 100644 --- a/lib/endpoints/oauth.js +++ b/lib/endpoints/oauth.js @@ -461,17 +461,26 @@ const oauthRevocationEndpoint = { } // 4. 撤销操作(无论找到与否,都返回 200,但如果找到则执行失效操作) if (tokenRecord) { - const pastTime = Date.now() - 1000; - // 将 Access Token 和 Refresh Token 的过期时间都设为过去,使其立即失效 - await context.operate("oauthToken", { + // const pastTime = Date.now() - 1000; + // // 将 Access Token 和 Refresh Token 的过期时间都设为过去,使其立即失效 + // await context.operate("oauthToken", { + // id: await generateNewIdAsync(), + // action: "update", + // data: { + // accessExpiresAt: pastTime, + // refreshExpiresAt: pastTime, + // }, + // filter: { + // id: tokenRecord.id, + // } + // }, {}); + // 使用这个token的认证记录都撤销掉,在trigger里会自动设置 revokedAt + await context.operate("oauthUserAuthorization", { id: await (0, uuid_1.generateNewIdAsync)(), - action: "update", - data: { - accessExpiresAt: pastTime, - refreshExpiresAt: pastTime, - }, + action: "revoke", + data: {}, filter: { - id: tokenRecord.id, + tokenId: tokenRecord.id, } }, {}); } @@ -487,5 +496,6 @@ const endpoints = { 'oauth/access_token': oauthTokenEndpoint, 'oauth/userinfo': oauthUserInfoEndpoint, 'oauth/token': refreshTokenEndpoint, + 'oauth/revoke': oauthRevocationEndpoint, }; exports.default = endpoints; diff --git a/src/aspects/oauth.ts b/src/aspects/oauth.ts index 8c92e4c0e..f9ab7e5da 100644 --- a/src/aspects/oauth.ts +++ b/src/aspects/oauth.ts @@ -405,7 +405,7 @@ export async function authorize(params: { oauthAppId: oauthApp.id, applicationId: context.getApplicationId()!, userId: context.getCurrentUserId()!, - scope: [scope || ""], + scope: scope === undefined ? [] : [scope], expiresAt: Date.now() + 10 * 60 * 1000, // 10分钟后过期 } }, {}) diff --git a/src/components/login/oauth/authorize/index.ts b/src/components/login/oauth/authorize/index.ts index 5e13b9d0b..d380d3097 100644 --- a/src/components/login/oauth/authorize/index.ts +++ b/src/components/login/oauth/authorize/index.ts @@ -155,7 +155,7 @@ export default OakComponent({ }).then((result) => { const { redirectUri } = result.result; assert(redirectUri, 'redirectUri should be present in authorize result'); - window.location.href = redirectUri; + window.location.replace(redirectUri); }).catch((err: Error) => { console.error('Error during OAuth authorization:', err); diff --git a/src/endpoints/oauth.ts b/src/endpoints/oauth.ts index 1a12e21ea..e4b50a993 100644 --- a/src/endpoints/oauth.ts +++ b/src/endpoints/oauth.ts @@ -499,7 +499,7 @@ const oauthRevocationEndpoint: Endpoint>> = { 'oauth/access_token': oauthTokenEndpoint, 'oauth/userinfo': oauthUserInfoEndpoint, 'oauth/token': refreshTokenEndpoint, + 'oauth/revoke': oauthRevocationEndpoint, } export default endpoints; \ No newline at end of file