From 3c828bfc4aa4b4049bc3204b6ad116649d6e3cf9 Mon Sep 17 00:00:00 2001
From: iven <iven_h@qq.com>
Date: Sun, 10 May 2026 10:36:17 +0800
Subject: [PATCH] =?UTF-8?q?fix(miniprogram):=20=E9=80=80=E5=87=BA=E7=99=BB?=
 =?UTF-8?q?=E5=BD=95=E5=90=8E=E5=88=B7=E6=96=B0=E4=BB=8D=E4=BF=9D=E6=8C=81?=
 =?UTF-8?q?=E7=99=BB=E5=BD=95=E6=80=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

根因：logout 清除 storage 期间并发请求触发 tryRefreshToken 写回新 token
修复：添加 isLoggingOut 标记，logout 时先标记阻止 token 刷新竞态
---
 apps/miniprogram/src/services/request.ts | 10 ++++++++++
 apps/miniprogram/src/stores/auth.ts      |  5 ++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/apps/miniprogram/src/services/request.ts b/apps/miniprogram/src/services/request.ts
index 76d21a9..48b0a3d 100644
--- a/apps/miniprogram/src/services/request.ts
+++ b/apps/miniprogram/src/services/request.ts
@@ -30,8 +30,18 @@ async function getHeaders(): Promise<Record<string, string>> {
 
 // --- Token refresh deduplication ---
 let refreshPromise: Promise<boolean> | null = null;
+let isLoggingOut = false;
+
+export function markLoggingOut(): void {
+  isLoggingOut = true;
+}
+
+export function clearLoggingOut(): void {
+  isLoggingOut = false;
+}
 
 async function tryRefreshToken(): Promise<boolean> {
+  if (isLoggingOut) return false;
   if (refreshPromise) return refreshPromise;
   refreshPromise = doRefresh();
   refreshPromise.finally(() => { refreshPromise = null; });
diff --git a/apps/miniprogram/src/stores/auth.ts b/apps/miniprogram/src/stores/auth.ts
index 7c7ce43..45ae88e 100644
--- a/apps/miniprogram/src/stores/auth.ts
+++ b/apps/miniprogram/src/stores/auth.ts
@@ -2,7 +2,7 @@ import { create } from 'zustand';
 import Taro from '@tarojs/taro';
 import * as authApi from '@/services/auth';
 import { secureGet, secureSet, secureRemove } from '@/utils/secure-storage';
-import { clearRequestCache } from '@/services/request';
+import { clearRequestCache, markLoggingOut, clearLoggingOut } from '@/services/request';
 
 interface BindPhoneResp {
   access_token: string;
@@ -96,6 +96,7 @@ export const useAuthStore = create<AuthState>((set, get) => ({
         secureSet('user_roles', JSON.stringify(roles));
         secureSet('tenant_id', user.tenant_id || '');
         set({ user, roles, loading: false });
+        clearLoggingOut();
         return true;
       }
       secureSet('wechat_openid', resp.openid);
@@ -128,6 +129,7 @@ export const useAuthStore = create<AuthState>((set, get) => ({
       secureSet('tenant_id', tokenData.user?.tenant_id || '');
       secureRemove('wechat_openid');
       set({ user: tokenData.user, roles, loading: false });
+      clearLoggingOut();
       return true;
     } catch (err: any) {
       secureRemove('wechat_openid');
@@ -155,6 +157,7 @@ export const useAuthStore = create<AuthState>((set, get) => ({
   },
 
   logout: () => {
+    markLoggingOut();
     clearRequestCache();
     secureRemove('access_token');
     secureRemove('refresh_token');