feat: 重构鉴权系统为双Token无感刷新，并增加前端Token过期安全预判机制

2026-03-10 09:45:41 +08:00
parent 6fc6851e57
commit e4632086a1
6 changed files with 321 additions and 35 deletions
--- a/inventory-backend/app/api/v1/auth.py
+++ b/inventory-backend/app/api/v1/auth.py
@ -67,6 +67,7 @@ def login():
        response_data = {
            'msg': '登录成功',
            'access_token': result.get('access_token'),
+            'refresh_token': result.get('refresh_token'),
            'user': result.get('user')
        }
        return jsonify(response_data), 200
@ -78,6 +79,31 @@ def login():
        return jsonify({'msg': f'服务器内部错误: {str(e)}'}), 500


+@auth_bp.route('/refresh', methods=['POST'])
+def refresh():
+    """
+    使用 refresh_token 换发新的 access_token
+    """
+    try:
+        data = request.get_json()
+        if not data or not data.get('refresh_token'):
+            return jsonify({'msg': '缺少 refresh_token'}), 400
+
+        refresh_token = data.get('refresh_token')
+        result = AuthService.refresh_access_token(refresh_token)
+
+        return jsonify({
+            'msg': 'Token 刷新成功',
+            'access_token': result.get('access_token')
+        }), 200
+
+    except ValueError as ve:
+        return jsonify({'msg': str(ve)}), 401
+    except Exception as e:
+        current_app.logger.error(f"Token Refresh Error: {str(e)}")
+        return jsonify({'msg': f'Token 刷新失败: {str(e)}'}), 500
+
+
@auth_bp.route('/user/create', methods=['POST'])
@jwt_required()
@permission_required('system_user:operation')