From f59e40e6fef89e2ab82e2b858180ca3f6b1cadac Mon Sep 17 00:00:00 2001
From: iven <iven_h@qq.com>
Date: Thu, 21 May 2026 18:23:46 +0800
Subject: [PATCH] =?UTF-8?q?fix(mp):=20inject-auth=20=E6=B8=85=E9=99=A4=20?=
 =?UTF-8?q?=5Fes=5F=20=E6=97=A7=E5=8A=A0=E5=AF=86=E5=80=BC=EF=BC=8C?=
 =?UTF-8?q?=E9=81=BF=E5=85=8D=20secureGet=20=E8=AF=BB=E5=88=B0=E8=BF=87?=
 =?UTF-8?q?=E6=9C=9F=20token?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

inject_auth 写入明文 storage 键但不清除 _es_ 前缀的旧加密值，
导致 secureGet 优先读到旧的/过期的加密 token，所有 API 请求 401。
修复：写入前先 removeStorageSync 所有 _es_ 前缀键。
---
 apps/miniprogram/inject-auth.cjs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/apps/miniprogram/inject-auth.cjs b/apps/miniprogram/inject-auth.cjs
index d628997..1f1dbd0 100644
--- a/apps/miniprogram/inject-auth.cjs
+++ b/apps/miniprogram/inject-auth.cjs
@@ -35,8 +35,10 @@ async function main() {
   console.log('3. 写入 storage (明文模式)...');
   const result = await mp.evaluate((at, rt, ud, ur, tid, pid) => {
     try {
-      // 无加密密钥时 secureSet 走明文
-      // 但我们直接用 wx.setStorageSync 确保
+      // 清除 _es_ 前缀旧加密值，避免 secureGet 读到过期 token
+      ['access_token','refresh_token','user_data','user_roles','tenant_id','current_patient_id','current_patient','token_expires_at'].forEach(k => {
+        wx.removeStorageSync('_es_' + k);
+      });
       wx.setStorageSync('access_token', at);
       wx.setStorageSync('refresh_token', rt);
       wx.setStorageSync('user_data', ud);