fix(auth): Token 验证和撤销添加租户隔离

2026-05-06 10:21:07 +08:00
parent 51c41acfa7
commit a78ee2f154
2 changed files with 5 additions and 2 deletions
--- a/crates/erp-auth/src/service/auth_service.rs
+++ b/crates/erp-auth/src/service/auth_service.rs
@@ -195,7 +195,7 @@ impl AuthService {
            TokenService::validate_refresh_token(refresh_token_str, db, jwt.secret).await?;

        // Revoke the old token (rotation)
-        TokenService::revoke_token(old_token_id, db).await?;
+        TokenService::revoke_token(old_token_id, claims.sub, db).await?;

        // Fetch fresh roles and permissions
        let roles: Vec<String> = TokenService::get_user_roles(claims.sub, claims.tid, db).await?;