npm - nayota-show-sdk - Versions diffs - 1.3.95 → 1.3.96 - Mend

nayota-show-sdk 1.3.95 → 1.3.96

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/config/urlcfg.js CHANGED Viewed

@@ -2,9 +2,10 @@ import { parse, serialize } from 'cookie-es'
 const config = {
   authTokenName: 'Admin-Token',
+  refreshTokenName: 'Refresh-Token',
   version: 'v1',
   getAuthToken: function() {
-    return parse(document.cookie)[this.authTokenName]
+    return parse(document.cookie || '')[this.authTokenName] || localStorage.getItem(this.authTokenName)
   },
   setAuthToken: function(token) {
     document.cookie = serialize(this.authTokenName, token, {
@@ -15,6 +16,37 @@ const config = {
     })
     localStorage.setItem(this.authTokenName, token)
   },
+  clearAuthToken: function() {
+    document.cookie = serialize(this.authTokenName, '', {
+      path: '/',
+      maxAge: 0,
+      sameSite: 'strict'
+    })
+    localStorage.removeItem(this.authTokenName)
+  },
+  getRefreshToken: function() {
+    return parse(document.cookie || '')[this.refreshTokenName] || localStorage.getItem(this.refreshTokenName)
+  },
+  setRefreshToken: function(token) {
+    document.cookie = serialize(this.refreshTokenName, token, {
+      path: '/',
+      maxAge: 86400,
+      sameSite: 'strict'
+    })
+    localStorage.setItem(this.refreshTokenName, token)
+  },
+  clearRefreshToken: function() {
+    document.cookie = serialize(this.refreshTokenName, '', {
+      path: '/',
+      maxAge: 0,
+      sameSite: 'strict'
+    })
+    localStorage.removeItem(this.refreshTokenName)
+  },
+  clearTokens: function() {
+    this.clearAuthToken()
+    this.clearRefreshToken()
+  },
   getVersion() {
     return this.version || 'v1'
   },

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nayota-show-sdk",
-  "version": "1.3.95",
+  "version": "1.3.96",
   "description": "nayota-show-server rest-api",
   "type": "module",
   "main": "index.js",

package/utils/http-auth.js ADDED Viewed

@@ -0,0 +1,192 @@
+import axios from 'axios'
+import urlcfg from '../config/urlcfg'
+const API_PREFIX = '/api/v1'
+const AUTH_PATH_REGEXP = /\/auth\/(login|login-options|refresh|logout)(\?.*)?$/
+const GLOBAL_REFRESH_KEY = '__NAYOTA_V2_AUTH_REFRESH_PROMISE__'
+let refreshPromise = null
+function getSharedRefreshPromise() {
+  if (typeof globalThis === 'undefined') {
+    return refreshPromise
+  }
+  return globalThis[GLOBAL_REFRESH_KEY] || null
+}
+function setSharedRefreshPromise(promise) {
+  refreshPromise = promise
+  if (typeof globalThis !== 'undefined') {
+    globalThis[GLOBAL_REFRESH_KEY] = promise
+  }
+}
+function getApiBaseUrl() {
+  const rawBaseUrl = urlcfg.getIotUrl() || urlcfg.getShowUrl() || ''
+  return rawBaseUrl.replace(/\/api(?:-v1|\/v1)?\/?$/, '')
+}
+export function buildV2ApiUrl(path) {
+  const normalizedPath = path.startsWith('/') ? path : `/${path}`
+  return `${getApiBaseUrl()}${API_PREFIX}${normalizedPath}`
+}
+export function shouldUseV2Refresh() {
+  return urlcfg.isV2()
+}
+export function shouldSkipV2Refresh(requestConfig = {}) {
+  const requestUrl = requestConfig.url || ''
+  return requestConfig._retry || AUTH_PATH_REGEXP.test(requestUrl)
+}
+function getRefreshPayload(responseData = {}) {
+  return responseData?.data && typeof responseData.data === 'object'
+    ? responseData.data
+    : responseData
+}
+function parseJwtPayload(token) {
+  if (!token || typeof token !== 'string') {
+    return null
+  }
+  const [, payload] = token.split('.')
+  if (!payload) {
+    return null
+  }
+  try {
+    const normalized = payload.replace(/-/g, '+').replace(/_/g, '/')
+    const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, '=')
+    const decoded = typeof atob === 'function'
+      ? atob(padded)
+      : Buffer.from(padded, 'base64').toString('binary')
+    const json = decodeURIComponent(
+      decoded
+        .split('')
+        .map(char => `%${(`00${char.charCodeAt(0).toString(16)}`).slice(-2)}`)
+        .join('')
+    )
+    return JSON.parse(json)
+  } catch {
+    return null
+  }
+}
+function parseStoredJson(value) {
+  if (!value || typeof value !== 'string') {
+    return null
+  }
+  try {
+    return JSON.parse(decodeURIComponent(value))
+  } catch {
+    try {
+      return JSON.parse(value)
+    } catch {
+      return null
+    }
+  }
+}
+function getCookieValue(name) {
+  if (typeof document === 'undefined' || !name) {
+    return null
+  }
+  const prefix = `${name}=`
+  const cookie = (document.cookie || '')
+    .split(';')
+    .map(item => item.trim())
+    .find(item => item.startsWith(prefix))
+  return cookie ? cookie.slice(prefix.length) : null
+}
+function getStoredSessionUserId() {
+  if (typeof localStorage !== 'undefined') {
+    const sessionUserId = localStorage.getItem('sessionUserId')
+    if (sessionUserId) {
+      return sessionUserId
+    }
+  }
+  const userData = parseStoredJson(getCookieValue('userData'))
+  return userData?._id || userData?.id || null
+}
+function getUserId(user = {}) {
+  return user?.id || user?._id || null
+}
+function assertAccessTokenOwner(accessToken, user) {
+  const tokenUserId = parseJwtPayload(accessToken)?.sub
+  const expectedUserId = getUserId(user) || getStoredSessionUserId()
+  if (tokenUserId && expectedUserId && tokenUserId !== expectedUserId) {
+    urlcfg.clearTokens()
+    throw {
+      code: 401,
+      message: 'accessToken 用户不匹配，已清除本地认证状态'
+    }
+  }
+}
+export async function refreshV2AccessToken() {
+  const refreshToken = urlcfg.getRefreshToken()
+  if (!refreshToken) {
+    urlcfg.clearTokens()
+    throw {
+      code: 401,
+      message: 'refreshToken 不存在'
+    }
+  }
+  if (!getSharedRefreshPromise()) {
+    setSharedRefreshPromise(axios({
+      url: buildV2ApiUrl('/auth/refresh'),
+      method: 'post',
+      data: { refreshToken },
+      headers: {
+        'Content-Type': 'application/json;charset=UTF-8'
+      },
+      withCredentials: true,
+      timeout: 30000
+    })
+      .then(response => {
+        const payload = getRefreshPayload(response?.data)
+        const accessToken = payload?.accessToken
+        if (!accessToken) {
+          throw {
+            code: 401,
+            message: '刷新 accessToken 失败'
+          }
+        }
+        assertAccessTokenOwner(accessToken, payload?.user)
+        urlcfg.setAuthToken(accessToken)
+        if (payload?.refreshToken) {
+          urlcfg.setRefreshToken(payload.refreshToken)
+        }
+        return accessToken
+      })
+      .catch(error => {
+        urlcfg.clearTokens()
+        throw error
+      })
+      .finally(() => {
+        setSharedRefreshPromise(null)
+      }))
+  }
+  return getSharedRefreshPromise()
+}

package/utils/http-factory.js CHANGED Viewed

@@ -3,6 +3,7 @@ import axios from 'axios'
 import urlcfg from '../config/urlcfg'
 import emitter from './EventEmitter'
+import { refreshV2AccessToken, shouldSkipV2Refresh, shouldUseV2Refresh } from './http-auth'
 function isSuccessStatus(status) {
   return typeof status === 'number' && status >= 200 && status < 300
@@ -41,7 +42,7 @@ function createHttpInstance({
   http.interceptors.response.use(
     res => {
       const newToken = res.headers['x-new-token']
-      if (newToken) {
+      if (newToken && !shouldUseV2Refresh()) {
         urlcfg.setAuthToken(newToken)
         axios.defaults.headers.common.Authorization = `Bearer ${newToken}`
       }
@@ -72,7 +73,26 @@ function createHttpInstance({
       console.error('请求失败！')
       return Promise.reject(res)
     },
-    error => {
+    async error => {
+      const originalRequest = error.config || {}
+      if (error.response?.status === 401 && shouldUseV2Refresh() && !shouldSkipV2Refresh(originalRequest)) {
+        try {
+          originalRequest._retry = true
+          const newToken = await refreshV2AccessToken()
+          originalRequest.headers = {
+            ...originalRequest.headers,
+            Authorization: `Bearer ${newToken}`
+          }
+          return http(originalRequest)
+        } catch (refreshError) {
+          emitter.emit('error', refreshError)
+          return Promise.reject(refreshError)
+        }
+      }
       if (error.response && error.response.status) {
         switch (error.response.status) {
           case 401: