fix(auth,audit): ensure display_name persists in token refresh and add fallback in audit log

2026-03-25 11:16:13 +08:00
parent f9edb5f1f7
commit 46dd8f1c3a
5 changed files with 28 additions and 4 deletions
--- a/inventory-backend/app/models/system.py
+++ b/inventory-backend/app/models/system.py
@ -39,7 +39,7 @@ class SysUser(db.Model):
        前端需要的是 '张三(zhangsan)'
        """
        raw_name = self.username
-        display_name = raw_name
+        real_name = ''
        account_id = raw_name

        # 解析存储格式: Name/ID
@ -51,11 +51,15 @@ class SysUser(db.Model):
            display_name = f"{real_name}({acc_id})"
            # 单独提取账号ID (如果前端需要单独用)
            account_id = acc_id
+        else:
+            display_name = raw_name

        return {
            'id': self.id,
            'username': display_name,  # 列表显示: 张三(zhangsan01)
            'raw_username': self.username,  # 原始数据
+            'real_name': real_name,  # 真实姓名: 张三
+            'display_name': display_name,  # 显示名: 张三(zhangsan01)
            'account_id': account_id,  # 纯账号ID: zhangsan01
            'email': self.email,
            'department': self.department,
--- a/inventory-backend/app/services/auth_service.py
+++ b/inventory-backend/app/services/auth_service.py
@ -124,7 +124,8 @@ class AuthService:
            identity=user_id,
            additional_claims={
                'role': user_role,
-                'username': account_id
+                'username': account_id,
+                'display_name': user_info.get('display_name', account_id)
            }
        )

@ -153,11 +154,19 @@ class AuthService:
            user_id = decoded.get('sub')
            role = decoded.get('role')
            username = decoded.get('username')
-            display_name = decoded.get('display_name')

            if not user_id:
                raise ValueError("无效的 refresh_token")

+            # 重新查询数据库获取用户的 display_name，避免刷新后丢失
+            from app.models.system import SysUser
+            user = SysUser.query.get(user_id)
+            if user:
+                user_info = user.to_dict()
+                display_name = user_info.get('display_name', username)
+            else:
+                display_name = username
+
            # 生成新的 access_token
            new_access_token = create_access_token(
                identity=user_id,
--- a/inventory-backend/app/utils/decorators.py
+++ b/inventory-backend/app/utils/decorators.py
@ -205,6 +205,17 @@ def audit_log(module: str, action: str = None, get_target_id_fn=None, get_target
            username = claims.get('username', '')
            display_name = claims.get('display_name', '')

+            # 兜底：如果 display_name 为空，查询数据库获取
+            if not display_name and user_id:
+                try:
+                    from app.models.system import SysUser
+                    user = SysUser.query.get(user_id)
+                    if user:
+                        user_info = user.to_dict()
+                        display_name = user_info.get('display_name', username)
+                except Exception:
+                    pass
+
            # 获取IP
            ip_address = request.headers.get('X-Forwarded-For') or request.remote_addr or ''
            if ip_address and ',' in ip_address: