feat(auth): 添加可配置的管理员Token过期时间

2512132839 · 2512132839 · commit dd491d4cc62f · 2025-10-17T18:24:44.000+08:00
diff --git a/.gitignore b/.gitignore
@@ -106,4 +106,5 @@ out
 .tern-port
 
 # Stores VSCode versions used for testing VSCode extensions
-.vscode-test
+.vscode-test
+.spec-workflow
diff --git a/backend/docker-server.js b/backend/docker-server.js
@@ -523,6 +523,7 @@ server.use(async (req, res, next) => {
     req.env = {
       DB: sqliteAdapter,
       ENCRYPTION_SECRET: process.env.ENCRYPTION_SECRET || "default-encryption-key",
+      ADMIN_TOKEN_EXPIRY_DAYS: process.env.ADMIN_TOKEN_EXPIRY_DAYS || "7",
     };
 
     next();
diff --git a/backend/src/routes/adminRoutes.js b/backend/src/routes/adminRoutes.js
@@ -13,7 +13,7 @@ adminRoutes.post("/api/admin/login", async (c) => {
   const { username, password } = await c.req.json();
 
   try {
-    const loginResult = await login(db, username, password);
+    const loginResult = await login(db, username, password, c.env);
 
     return c.json({
       code: ApiStatus.SUCCESS,
diff --git a/backend/src/services/adminService.js b/backend/src/services/adminService.js
@@ -38,9 +38,10 @@ export async function validateAdminToken(db, token) {
  * @param {D1Database} db - D1数据库实例
  * @param {string} username - 用户名
  * @param {string} password - 密码
+ * @param {Object} env - 环境变量对象
  * @returns {Promise<Object>} 登录结果，包含token和过期时间
  */
-export async function login(db, username, password) {
+export async function login(db, username, password, env = {}) {
   // 参数验证
   if (!username || !password) {
     throw new HTTPException(ApiStatus.BAD_REQUEST, { message: "用户名和密码不能为空" });
@@ -88,7 +89,10 @@ export async function login(db, username, password) {
   // 生成并存储令牌
   const token = generateRandomString(32);
   const expiresAt = new Date();
-  expiresAt.setDate(expiresAt.getDate() + 1); // 1天过期
+
+  // 从环境变量读取token过期天数，默认7天
+  const expiryDays = parseInt(env.ADMIN_TOKEN_EXPIRY_DAYS || "7", 10);
+  expiresAt.setDate(expiresAt.getDate() + expiryDays);
 
   // 使用 AdminRepository 创建令牌
   await adminRepository.createToken(admin.id, token, expiresAt);
diff --git a/backend/wrangler.toml b/backend/wrangler.toml
@@ -7,6 +7,8 @@ compatibility_flags = ["nodejs_compat"]
 [vars]
 # 用于加密敏感配置的密钥
 # ENCRYPTION_SECRET = "lzl123456789987654321"
+# 管理员Token过期天数，默认7天
+# ADMIN_TOKEN_EXPIRY_DAYS = "7"
 
 # 绑定D1数据库
 # 需要替换为实际的数据库ID
@@ -20,6 +22,7 @@ database_id = "xxxxxxxxxxxxxxxxx"
 # 开发环境变量
 [env.dev.vars]
 ENCRYPTION_SECRET = "dev-encryption-secret-key"
+ADMIN_TOKEN_EXPIRY_DAYS = "7"
 
 [[env.dev.d1_databases]]
 binding = "DB"
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -29,6 +29,8 @@ services:
       - LOG_LEVEL=2 # 日志级别
       # 重要: 请修改为您自己的安全密钥，用于加密数据
       - ENCRYPTION_SECRET=xxxxxxx
+      # 管理员Token过期天数，默认7天
+      - ADMIN_TOKEN_EXPIRY_DAYS=7
     volumes:
       - ./sql_data:/data # 将当前目录下的sql_data映射到容器的/data目录
     ports:
