fix: 修改 jwt 超时时间为 1 小时 (#437)

2025-01-31 14:08:06 +08:00 · 2023-03-29 15:34:13 +08:00 · 2023-03-29 15:34:13 +08:00 · 4a1aa84fa8
commit 4a1aa84fa8
parent cbe9c83515
4 changed files with 4 additions and 19 deletions
--- a/backend/app/service/auth.go
+++ b/backend/app/service/auth.go
@ -118,7 +118,7 @@ func (u *AuthService) generateSession(c *gin.Context, name, authMethod string) (
 		j := jwt.NewJWT()
 		claims := j.CreateClaims(jwt.BaseClaims{
 			Name: name,
-		}, lifeTime)
+		})
 		token, err := j.CreateToken(claims)
 		if err != nil {
 			return nil, err
--- a/backend/constant/session.go
+++ b/backend/constant/session.go
@ -6,7 +6,7 @@ const (
 	AuthMethodJWT = "jwt"
 	JWTHeaderName = "Authorization"
-	JWTBufferTime = 86400
+	JWTBufferTime = 3600
 	JWTIssuer     = "1Panel"
 	PasswordExpiredName = "expired"
--- a/backend/middleware/jwt.go
+++ b/backend/middleware/jwt.go
@ -1,15 +1,9 @@
 package middleware
 import (
 	"strconv"
 	"time"
 	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/backend/app/repo"
 	"github.com/1Panel-dev/1Panel/backend/constant"
 	"github.com/1Panel-dev/1Panel/backend/global"
 	jwtUtils "github.com/1Panel-dev/1Panel/backend/utils/jwt"
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/gin-gonic/gin"
 )
@ -27,15 +21,6 @@ func JwtAuth() gin.HandlerFunc {
 			helper.ErrorWithDetail(c, constant.CodeErrUnauthorized, constant.ErrTypeInternalServer, err)
 			return
 		}
 		if claims.ExpiresAt.Unix()-time.Now().Unix() < claims.BufferTime {
 			settingRepo := repo.NewISettingRepo()
 			setting, err := settingRepo.Get(settingRepo.WithByKey("SessionTimeout"))
 			if err != nil {
 				global.LOG.Errorf("create operation record failed, err: %v", err)
 			}
 			lifeTime, _ := strconv.Atoi(setting.Value)
 			claims.ExpiresAt = jwt.NewNumericDate(time.Now().Add(time.Second * time.Duration(lifeTime)))
 		}
 		c.Set("claims", claims)
 		c.Set("authMethod", constant.AuthMethodJWT)
 		c.Next()
--- a/backend/utils/jwt/jwt.go
+++ b/backend/utils/jwt/jwt.go
@ -38,12 +38,12 @@ func NewJWT() *JWT {
 	}
 }
-func (j *JWT) CreateClaims(baseClaims BaseClaims, ttl int) CustomClaims {
+func (j *JWT) CreateClaims(baseClaims BaseClaims) CustomClaims {
 	claims := CustomClaims{
 		BaseClaims: baseClaims,
 		BufferTime: constant.JWTBufferTime,
 		RegisteredClaims: jwt.RegisteredClaims{
-			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Second * time.Duration(ttl))),
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Second * time.Duration(constant.JWTBufferTime))),
 			Issuer:    constant.JWTIssuer,
 		},
 	}