duxingchen/KCGL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth,audit): ensure display_name persists in token refresh and add fallback in audit log

Browse Source
This commit is contained in:
DXC
2026-03-25 11:16:13 +08:00
parent f9edb5f1f7
commit 46dd8f1c3a
5 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
deploy.tar.gz
View File

Binary file not shown.

6
inventory-backend/app/models/system.py
View File

@ -39,7 +39,7 @@ class SysUser(db.Model):
前端需要的是 '张三(zhangsan)' 前端需要的是 '张三(zhangsan)'
""" """
raw_name = self.username raw_name = self.username
display_name = raw_name real_name = ''
account_id = raw_name account_id = raw_name
# 解析存储格式: Name/ID # 解析存储格式: Name/ID
@ -51,11 +51,15 @@ class SysUser(db.Model):
display_name = f"{real_name}({acc_id})" display_name = f"{real_name}({acc_id})"
# 单独提取账号ID (如果前端需要单独用) # 单独提取账号ID (如果前端需要单独用)
account_id = acc_id account_id = acc_id
else:
display_name = raw_name
return { return {
'id': self.id, 'id': self.id,
'username': display_name, # 列表显示: 张三(zhangsan01) 'username': display_name, # 列表显示: 张三(zhangsan01)
'raw_username': self.username, # 原始数据 'raw_username': self.username, # 原始数据
'real_name': real_name, # 真实姓名: 张三
'display_name': display_name, # 显示名: 张三(zhangsan01)
'account_id': account_id, # 纯账号ID: zhangsan01 'account_id': account_id, # 纯账号ID: zhangsan01
'email': self.email, 'email': self.email,
'department': self.department, 'department': self.department,

13
inventory-backend/app/services/auth_service.py
View File

@ -124,7 +124,8 @@ class AuthService:
identity=user_id, identity=user_id,
additional_claims={ additional_claims={
'role': user_role, 'role': user_role,
'username': account_id 'username': account_id,
'display_name': user_info.get('display_name', account_id)
} }
) )
@ -153,11 +154,19 @@ class AuthService:
user_id = decoded.get('sub') user_id = decoded.get('sub')
role = decoded.get('role') role = decoded.get('role')
username = decoded.get('username') username = decoded.get('username')
display_name = decoded.get('display_name')
if not user_id: if not user_id:
raise ValueError("无效的 refresh_token") raise ValueError("无效的 refresh_token")
# 重新查询数据库获取用户的 display_name避免刷新后丢失
from app.models.system import SysUser
user = SysUser.query.get(user_id)
if user:
user_info = user.to_dict()
display_name = user_info.get('display_name', username)
else:
display_name = username
# 生成新的 access_token # 生成新的 access_token
new_access_token = create_access_token( new_access_token = create_access_token(
identity=user_id, identity=user_id,

11
inventory-backend/app/utils/decorators.py
View File

@ -205,6 +205,17 @@ def audit_log(module: str, action: str = None, get_target_id_fn=None, get_target
username = claims.get('username', '') username = claims.get('username', '')
display_name = claims.get('display_name', '') display_name = claims.get('display_name', '')
# 兜底:如果 display_name 为空,查询数据库获取
if not display_name and user_id:
try:
from app.models.system import SysUser
user = SysUser.query.get(user_id)
if user:
user_info = user.to_dict()
display_name = user_info.get('display_name', username)
except Exception:
pass
# 获取IP # 获取IP
ip_address = request.headers.get('X-Forwarded-For') or request.remote_addr or '' ip_address = request.headers.get('X-Forwarded-For') or request.remote_addr or ''
if ip_address and ',' in ip_address: if ip_address and ',' in ip_address:

2
inventory-web/src/App.vue
View File

@ -176,7 +176,7 @@ const handleLogout = () => {
<footer v-if="!isLoginPage" class="app-footer"> <footer v-if="!isLoginPage" class="app-footer">
<span class="version-tag"> <span class="version-tag">
<el-icon style="vertical-align: middle; margin-right: 4px"><InfoFilled /></el-icon> <el-icon style="vertical-align: middle; margin-right: 4px"><InfoFilled /></el-icon>
当前版本:V3.5(3.24BOM表修改版 当前版本:V3.6(3.25审计导致的入库修改错误
</span> </span>
</footer> </footer>