feat: 重构鉴权系统为双Token无感刷新，并增加前端Token过期安全预判机制

2026-03-10 09:45:41 +08:00
parent 6fc6851e57
commit e4632086a1
6 changed files with 321 additions and 35 deletions
--- a/inventory-backend/config.py
+++ b/inventory-backend/config.py
@ -31,8 +31,11 @@ class Config:
    # 逻辑：优先读环境变量，读不到就用默认字符串
    JWT_SECRET_KEY = os.getenv('JWT_SECRET_KEY', 'default-jwt-secret-key-if-missing')

-    # 设置 Token 过期时间 (这里设为 1 天)
-    JWT_ACCESS_TOKEN_EXPIRES = timedelta(days=1)
+    # Access Token 有效期: 2 小时
+    JWT_ACCESS_TOKEN_EXPIRES = timedelta(hours=2)
+
+    # Refresh Token 有效期: 7 天
+    JWT_REFRESH_TOKEN_EXPIRES = timedelta(days=7)

    # =========================================================
    # 4. 文件上传配置