Oak-Team
/
oak-general-business
9
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 38 Wiki Activity

feat: 修复revoke端口相关逻辑

This commit is contained in:
Pan Qiancheng 2025-10-24 10:49:33 +08:00
parent 841faface2
commit fb8fae0525
8 changed files with 64 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
es/aspects/oauth.js
View File

@ -328,7 +328,7 @@ export async function authorize(params, context) {
oauthAppId: oauthApp.id, oauthAppId: oauthApp.id,
applicationId: context.getApplicationId(), applicationId: context.getApplicationId(),
userId: context.getCurrentUserId(), userId: context.getCurrentUserId(),
scope: [scope || ""], scope: scope === undefined ? [] : [scope],
expiresAt: Date.now() + 10 * 60 * 1000, // 10分钟后过期 expiresAt: Date.now() + 10 * 60 * 1000, // 10分钟后过期
} }
}, {}); }, {});

2
es/components/login/oauth/authorize/index.js
View File

@ -136,7 +136,7 @@ export default OakComponent({
}).then((result) => { }).then((result) => {
const { redirectUri } = result.result; const { redirectUri } = result.result;
assert(redirectUri, 'redirectUri should be present in authorize result'); assert(redirectUri, 'redirectUri should be present in authorize result');
window.location.href = redirectUri; window.location.replace(redirectUri);
}).catch((err) => { }).catch((err) => {
console.error('Error during OAuth authorization:', err); console.error('Error during OAuth authorization:', err);
this.setState({ this.setState({

28
es/endpoints/oauth.js
View File

@ -458,17 +458,26 @@ const oauthRevocationEndpoint = {
} }
// 4. 撤销操作(无论找到与否,都返回 200但如果找到则执行失效操作 // 4. 撤销操作(无论找到与否,都返回 200但如果找到则执行失效操作
if (tokenRecord) { if (tokenRecord) {
const pastTime = Date.now() - 1000; // const pastTime = Date.now() - 1000;
// 将 Access Token 和 Refresh Token 的过期时间都设为过去,使其立即失效 // // 将 Access Token 和 Refresh Token 的过期时间都设为过去,使其立即失效
await context.operate("oauthToken", { // await context.operate("oauthToken", {
// id: await generateNewIdAsync(),
// action: "update",
// data: {
// accessExpiresAt: pastTime,
// refreshExpiresAt: pastTime,
// },
// filter: {
// id: tokenRecord.id,
// }
// }, {});
// 使用这个token的认证记录都撤销掉在trigger里会自动设置 revokedAt
await context.operate("oauthUserAuthorization", {
id: await generateNewIdAsync(), id: await generateNewIdAsync(),
action: "update", action: "revoke",
data: { data: {},
accessExpiresAt: pastTime,
refreshExpiresAt: pastTime,
},
filter: { filter: {
id: tokenRecord.id, tokenId: tokenRecord.id,
} }
}, {}); }, {});
} }
@ -484,5 +493,6 @@ const endpoints = {
'oauth/access_token': oauthTokenEndpoint, 'oauth/access_token': oauthTokenEndpoint,
'oauth/userinfo': oauthUserInfoEndpoint, 'oauth/userinfo': oauthUserInfoEndpoint,
'oauth/token': refreshTokenEndpoint, 'oauth/token': refreshTokenEndpoint,
'oauth/revoke': oauthRevocationEndpoint,
}; };
export default endpoints; export default endpoints;

2
lib/aspects/oauth.js
View File

@ -335,7 +335,7 @@ async function authorize(params, context) {
oauthAppId: oauthApp.id, oauthAppId: oauthApp.id,
applicationId: context.getApplicationId(), applicationId: context.getApplicationId(),
userId: context.getCurrentUserId(), userId: context.getCurrentUserId(),
scope: [scope || ""], scope: scope === undefined ? [] : [scope],
expiresAt: Date.now() + 10 * 60 * 1000, // 10分钟后过期 expiresAt: Date.now() + 10 * 60 * 1000, // 10分钟后过期
} }
}, {}); }, {});

28
lib/endpoints/oauth.js
View File

@ -461,17 +461,26 @@ const oauthRevocationEndpoint = {
} }
// 4. 撤销操作(无论找到与否,都返回 200但如果找到则执行失效操作 // 4. 撤销操作(无论找到与否,都返回 200但如果找到则执行失效操作
if (tokenRecord) { if (tokenRecord) {
const pastTime = Date.now() - 1000; // const pastTime = Date.now() - 1000;
// 将 Access Token 和 Refresh Token 的过期时间都设为过去,使其立即失效 // // 将 Access Token 和 Refresh Token 的过期时间都设为过去,使其立即失效
await context.operate("oauthToken", { // await context.operate("oauthToken", {
// id: await generateNewIdAsync(),
// action: "update",
// data: {
// accessExpiresAt: pastTime,
// refreshExpiresAt: pastTime,
// },
// filter: {
// id: tokenRecord.id,
// }
// }, {});
// 使用这个token的认证记录都撤销掉在trigger里会自动设置 revokedAt
await context.operate("oauthUserAuthorization", {
id: await (0, uuid_1.generateNewIdAsync)(), id: await (0, uuid_1.generateNewIdAsync)(),
action: "update", action: "revoke",
data: { data: {},
accessExpiresAt: pastTime,
refreshExpiresAt: pastTime,
},
filter: { filter: {
id: tokenRecord.id, tokenId: tokenRecord.id,
} }
}, {}); }, {});
} }
@ -487,5 +496,6 @@ const endpoints = {
'oauth/access_token': oauthTokenEndpoint, 'oauth/access_token': oauthTokenEndpoint,
'oauth/userinfo': oauthUserInfoEndpoint, 'oauth/userinfo': oauthUserInfoEndpoint,
'oauth/token': refreshTokenEndpoint, 'oauth/token': refreshTokenEndpoint,
'oauth/revoke': oauthRevocationEndpoint,
}; };
exports.default = endpoints; exports.default = endpoints;

2
src/aspects/oauth.ts
View File

@ -405,7 +405,7 @@ export async function authorize<ED extends EntityDict>(params: {
oauthAppId: oauthApp.id, oauthAppId: oauthApp.id,
applicationId: context.getApplicationId()!, applicationId: context.getApplicationId()!,
userId: context.getCurrentUserId()!, userId: context.getCurrentUserId()!,
scope: [scope || ""], scope: scope === undefined ? [] : [scope],
expiresAt: Date.now() + 10 * 60 * 1000, // 10分钟后过期 expiresAt: Date.now() + 10 * 60 * 1000, // 10分钟后过期
} }
}, {}) }, {})

2
src/components/login/oauth/authorize/index.ts
View File

@ -155,7 +155,7 @@ export default OakComponent({
}).then((result) => { }).then((result) => {
const { redirectUri } = result.result; const { redirectUri } = result.result;
assert(redirectUri, 'redirectUri should be present in authorize result'); assert(redirectUri, 'redirectUri should be present in authorize result');
window.location.href = redirectUri; window.location.replace(redirectUri);
}).catch((err: Error) => { }).catch((err: Error) => {
console.error('Error during OAuth authorization:', err); console.error('Error during OAuth authorization:', err);

31
src/endpoints/oauth.ts
View File

@ -499,7 +499,7 @@ const oauthRevocationEndpoint: Endpoint<EntityDict, BackendRuntimeContext<Entity
// 3. 查找令牌记录 // 3. 查找令牌记录
let tokenRecord = null; let tokenRecord = null;
const tokenProjection = { const tokenProjection: EntityDict['oauthToken']['Selection'] = {
data: { id: 1, code: { oauthAppId: 1 } }, data: { id: 1, code: { oauthAppId: 1 } },
filter: {} filter: {}
}; };
@ -518,18 +518,28 @@ const oauthRevocationEndpoint: Endpoint<EntityDict, BackendRuntimeContext<Entity
// 4. 撤销操作(无论找到与否,都返回 200但如果找到则执行失效操作 // 4. 撤销操作(无论找到与否,都返回 200但如果找到则执行失效操作
if (tokenRecord) { if (tokenRecord) {
const pastTime = Date.now() - 1000; // const pastTime = Date.now() - 1000;
// 将 Access Token 和 Refresh Token 的过期时间都设为过去,使其立即失效 // // 将 Access Token 和 Refresh Token 的过期时间都设为过去,使其立即失效
await context.operate("oauthToken", { // await context.operate("oauthToken", {
// id: await generateNewIdAsync(),
// action: "update",
// data: {
// accessExpiresAt: pastTime,
// refreshExpiresAt: pastTime,
// },
// filter: {
// id: tokenRecord.id,
// }
// }, {});
// 使用这个token的认证记录都撤销掉在trigger里会自动设置 revokedAt
await context.operate("oauthUserAuthorization", {
id: await generateNewIdAsync(), id: await generateNewIdAsync(),
action: "update", action: "revoke",
data: { data: {},
accessExpiresAt: pastTime,
refreshExpiresAt: pastTime,
},
filter: { filter: {
id: tokenRecord.id, tokenId: tokenRecord.id,
} }
}, {}); }, {});
} }
@ -548,6 +558,7 @@ const endpoints: Record<string, Endpoint<EntityDict, BRC<EntityDict>>> = {
'oauth/access_token': oauthTokenEndpoint, 'oauth/access_token': oauthTokenEndpoint,
'oauth/userinfo': oauthUserInfoEndpoint, 'oauth/userinfo': oauthUserInfoEndpoint,
'oauth/token': refreshTokenEndpoint, 'oauth/token': refreshTokenEndpoint,
'oauth/revoke': oauthRevocationEndpoint,
} }
export default endpoints; export default endpoints;