8117958bd6
- Add user management with roles and permissions (RBAC) - Implement OAuth2 service provider supporting 4 grant types: authorization_code, password, client_credentials, refresh_token - Add JWT authentication with 7-day expiry - Add admin API for users, roles and OAuth clients management - Add CLI tool for user management (scripts/user-cli.js) - Add collapsible sidebar layout with login dialog - Add user management page and OAuth client management page - Add server middleware for auth token verification - Add seed script for initial data (admin/admin123)
60 lines
1.4 KiB
TypeScript
60 lines
1.4 KiB
TypeScript
import { z } from 'zod'
|
|
import { verifyToken, generateAccessToken, generateRefreshToken } from '../../utils/jwt'
|
|
import { getUserById } from '../../modules/auth/user'
|
|
import { refreshAccessToken } from 'server/modules/oauth'
|
|
|
|
const refreshSchema = z.object({
|
|
refreshToken: z.string().min(1, '刷新令牌不能为空')
|
|
})
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const body = await readBody(event)
|
|
|
|
const result = refreshSchema.safeParse(body)
|
|
if (!result.success) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: result.error.errors[0].message
|
|
})
|
|
}
|
|
|
|
const { refreshToken } = result.data
|
|
|
|
const payload = verifyToken(refreshToken)
|
|
if (!payload || payload.type !== 'refresh') {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: '无效的刷新令牌'
|
|
})
|
|
}
|
|
|
|
const user = getUserById(payload.userId)
|
|
if (!user || user.status !== 'active') {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: '用户不存在或已被禁用'
|
|
})
|
|
}
|
|
|
|
const newPayload = {
|
|
sub: user.username,
|
|
userId: user.id,
|
|
username: user.username,
|
|
role: user.role_name!,
|
|
permissions: user.permissions || []
|
|
}
|
|
|
|
const accessToken = generateAccessToken(newPayload)
|
|
const newRefreshToken = generateRefreshToken(newPayload)
|
|
|
|
return {
|
|
success: true,
|
|
data: {
|
|
accessToken,
|
|
refreshToken: newRefreshToken,
|
|
expiresIn: 7 * 24 * 60 * 60,
|
|
tokenType: 'Bearer'
|
|
}
|
|
}
|
|
})
|