From 2d8b67bebb2a872049521b411f2048e8cfa39ecf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E8=BF=90=E5=AE=B6?= Date: Mon, 14 Oct 2024 19:43:52 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E5=96=84=E7=99=BB=E5=BD=95=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E7=9A=84token=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- library/src/middleware/req_ctx.rs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/src/middleware/req_ctx.rs b/library/src/middleware/req_ctx.rs index a713fc2..1031b5c 100644 --- a/library/src/middleware/req_ctx.rs +++ b/library/src/middleware/req_ctx.rs @@ -58,17 +58,17 @@ pub async fn authenticate_ctx(mut req: Request, next: Next) -> Response { // 从缓存中获取当前用户信息 let account = LOGIN_ACCOUNT_CACHE.get(&decoded.claims.sub).await; if account.is_none() { - tracing::error!("无效的 token"); + tracing::error!("无效的 token, 无缓存的登陆用户信息"); // 解析语言 let language = request_util::get_lang_tag(req.headers()); return ResErr::auth(message!(&language, MessageId::BadRequest)).into_response(); } let account = account.unwrap(); - // 判断token是否有效(注释掉,如果服务因为升级等原因手动重启了,缓存的数据也不再存在) - // let account = account.unwrap(); - // if account.token != token { - // return (StatusCode::UNAUTHORIZED, "Invalid token".to_string()).into_response(); - // } + // 判断token是否有效 + if account.token != Arc::new(String::from(token)) { + tracing::error!("无效的 token, 缓存的登陆用户信息和token不一致"); + return (hyper::StatusCode::UNAUTHORIZED, "Invalid token".to_string()).into_response(); + } let mut language = account.account.clone().lang_tag.clone(); if language.is_empty() { language = request_util::get_lang_tag(req.headers()); @@ -83,7 +83,7 @@ pub async fn authenticate_ctx(mut req: Request, next: Next) -> Response { next.run(req).await }, Err(_) => { - tracing::error!("无效的 token"); + tracing::error!("无效的 token, 解析失败"); // 解析语言 let language = request_util::get_lang_tag(req.headers()); return ResErr::auth(message!(&language, MessageId::BadRequest)).into_response();