787e64d9a9
严重 BUG 修复: - 修复 Token 过期后 hash 重定向导致无法跳转登录页 - 修复文章编辑器新建后提交审核使用错误 ID 安全加固: - HTML 清理函数替换为 ammonia 专业库(替代自定义解析器) - 文件上传添加 magic bytes 校验(防 Content-Type 伪造) - 登录添加账户级失败锁定(5次失败→15分钟锁定) - 审计日志 9 个关键更新操作补充变更前后值(with_changes) 功能缺陷修复: - 登录/登出时清理 API 缓存(防多账户数据污染) - 文章编辑器上传改用统一 HTTP 客户端(自动 token 刷新) - 添加全局 HTTP 错误处理和后端错误消息展示 - PrivateRoute 增加路由级权限检查(系统管理页面) - 健康数据三个 Tab 添加编辑/删除功能 - 预约创建增加排班可用性校验提示 - 医生详情 API 返回解密后的原始执照号 代码清理: - 删除未使用的 auth.ts refresh() 函数 - 删除重复的 AuthGuard.tsx 组件 - 删除未使用的 getHealthSummary API
83 lines
2.5 KiB
TypeScript
83 lines
2.5 KiB
TypeScript
import { create } from 'zustand';
|
|
import { login as apiLogin, logout as apiLogout, type UserInfo } from '../api/auth';
|
|
import { clearApiCache } from '../api/client';
|
|
|
|
function extractPermissions(): string[] {
|
|
const token = localStorage.getItem('access_token');
|
|
if (!token) return [];
|
|
try {
|
|
const parts = token.split('.');
|
|
if (parts.length !== 3) return [];
|
|
const payload = JSON.parse(atob(parts[1].replace(/-/g, '+').replace(/_/g, '/')));
|
|
return Array.isArray(payload.permissions) ? payload.permissions : [];
|
|
} catch {
|
|
return [];
|
|
}
|
|
}
|
|
|
|
function restoreInitialState(): { user: UserInfo | null; isAuthenticated: boolean; permissions: string[] } {
|
|
const token = localStorage.getItem('access_token');
|
|
const userStr = localStorage.getItem('user');
|
|
if (token && userStr) {
|
|
try {
|
|
const user = JSON.parse(userStr) as UserInfo;
|
|
return { user, isAuthenticated: true, permissions: extractPermissions() };
|
|
} catch {
|
|
localStorage.removeItem('user');
|
|
}
|
|
}
|
|
return { user: null, isAuthenticated: false, permissions: [] };
|
|
}
|
|
|
|
const initial = restoreInitialState();
|
|
|
|
interface AuthState {
|
|
user: UserInfo | null;
|
|
isAuthenticated: boolean;
|
|
loading: boolean;
|
|
permissions: string[];
|
|
login: (username: string, password: string) => Promise<void>;
|
|
logout: () => Promise<void>;
|
|
loadFromStorage: () => void;
|
|
}
|
|
|
|
export const useAuthStore = create<AuthState>((set) => ({
|
|
user: initial.user,
|
|
isAuthenticated: initial.isAuthenticated,
|
|
loading: false,
|
|
permissions: initial.permissions,
|
|
|
|
login: async (username, password) => {
|
|
set({ loading: true });
|
|
try {
|
|
const resp = await apiLogin({ username, password });
|
|
localStorage.setItem('access_token', resp.access_token);
|
|
localStorage.setItem('refresh_token', resp.refresh_token);
|
|
localStorage.setItem('user', JSON.stringify(resp.user));
|
|
set({ user: resp.user, isAuthenticated: true, loading: false, permissions: extractPermissions() });
|
|
clearApiCache();
|
|
} catch (error) {
|
|
set({ loading: false });
|
|
throw error;
|
|
}
|
|
},
|
|
|
|
logout: async () => {
|
|
try {
|
|
await apiLogout();
|
|
} catch {
|
|
// Ignore logout API errors
|
|
}
|
|
localStorage.removeItem('access_token');
|
|
localStorage.removeItem('refresh_token');
|
|
localStorage.removeItem('user');
|
|
clearApiCache();
|
|
set({ user: null, isAuthenticated: false, permissions: [] });
|
|
},
|
|
|
|
loadFromStorage: () => {
|
|
const state = restoreInitialState();
|
|
set({ user: state.user, isAuthenticated: state.isAuthenticated, permissions: state.permissions });
|
|
},
|
|
}));
|