mojiahui/dafuweng-saiadmin6.x
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

相同的设备标识dice只保证一个auth-token生效,清除掉多余的同一个dice多余的auth-token

Browse Source
This commit is contained in:
zhenhui
2026-03-05 12:21:31 +08:00
parent 13d8adbfe0
commit 74612f136e
4 changed files with 68 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/app/api/middleware/CheckAuthTokenMiddleware.php
View File

@@ -11,6 +11,7 @@ use Tinywan\Jwt\JwtToken;
use Tinywan\Jwt\Exception\JwtTokenException;
use Tinywan\Jwt\Exception\JwtTokenExpiredException;
use app\api\util\ReturnCode;
use app\api\cache\AuthTokenCache;
use plugin\saiadmin\exception\ApiException;
/**
@@ -49,6 +50,12 @@ class CheckAuthTokenMiddleware implements MiddlewareInterface
throw new ApiException('auth-token 无效(非 API 凭证)', ReturnCode::TOKEN_TIMEOUT);
}
// 同一设备只允许一个 auth-token 生效,非当前 token 视为已失效
$device = (string) ($extend['device'] ?? '');
if ($device !== '' && !AuthTokenCache::isCurrentToken($device, $token)) {
throw new ApiException('auth-token 已失效(该设备已签发新凭证,请使用新 auth-token', ReturnCode::TOKEN_TIMEOUT);
}
return $handler($request);
}