From a2254bbe80af71a0335df0b1e57a6623a6232838 Mon Sep 17 00:00:00 2001 From: lonelyhentxi Date: Sun, 15 Jun 2025 02:48:48 +0800 Subject: [PATCH] fix: fix auto accessToken renew --- apps/webui/package.json | 4 +-- apps/webui/src/app/auth/guard.ts | 8 +++-- apps/webui/src/infra/auth/auth.provider.ts | 5 ++- apps/webui/src/infra/auth/oidc/config.ts | 2 ++ .../src/infra/auth/oidc/oidc-auth.provider.ts | 19 +++------- pnpm-lock.yaml | 36 +++++++++---------- 6 files changed, 36 insertions(+), 38 deletions(-) diff --git a/apps/webui/package.json b/apps/webui/package.json index f74a66f..2e714d8 100644 --- a/apps/webui/package.json +++ b/apps/webui/package.json @@ -63,8 +63,8 @@ "input-otp": "^1.4.2", "jotai": "^2.12.5", "jotai-signal": "^0.9.0", - "lucide-react": "^0.514.0", - "oidc-client-rx": "0.1.0-alpha.9", + "lucide-react": "^0.515.0", + "oidc-client-rx": "0.1.0-alpha.12", "react": "^19.1.0", "react-day-picker": "9.7.0", "react-dom": "^19.1.0", diff --git a/apps/webui/src/app/auth/guard.ts b/apps/webui/src/app/auth/guard.ts index 3bf7b5a..5280ad8 100644 --- a/apps/webui/src/app/auth/guard.ts +++ b/apps/webui/src/app/auth/guard.ts @@ -1,16 +1,20 @@ import type { RouterContext } from '@/infra/routes/traits'; +import type { ParsedLocation } from '@tanstack/react-router'; import { firstValueFrom } from 'rxjs'; import { authContextFromInjector } from './context'; export const beforeLoadGuard = async ({ context, -}: { context: RouterContext }) => { + location, +}: { context: RouterContext; location: ParsedLocation }) => { const { isAuthenticated$, authProvider } = authContextFromInjector( context.injector ); if (!(await firstValueFrom(isAuthenticated$))) { const isAuthenticated = await firstValueFrom( - authProvider.autoLoginPartialRoutesGuard() + authProvider.autoLoginPartialRoutesGuard({ + location, + }) ); if (!isAuthenticated) { throw !isAuthenticated; diff --git a/apps/webui/src/infra/auth/auth.provider.ts b/apps/webui/src/infra/auth/auth.provider.ts index 888592d..86e54b9 100644 --- a/apps/webui/src/infra/auth/auth.provider.ts +++ b/apps/webui/src/infra/auth/auth.provider.ts @@ -1,4 +1,5 @@ import { InjectionToken } from '@outposts/injection-js'; +import type { ParsedLocation } from '@tanstack/react-router'; import type { CheckAuthResultEventType } from 'oidc-client-rx'; import { type Observable, map } from 'rxjs'; import type { AuthMethodType } from './defs'; @@ -10,7 +11,9 @@ export abstract class AuthProvider { abstract authData$: Observable; abstract getAccessToken(): Observable; abstract setup(): void; - abstract autoLoginPartialRoutesGuard(): Observable; + abstract autoLoginPartialRoutesGuard({ + location, + }: { location: ParsedLocation }): Observable; getAuthHeaders(): Observable> { return this.getAccessToken().pipe( map((accessToken) => diff --git a/apps/webui/src/infra/auth/oidc/config.ts b/apps/webui/src/infra/auth/oidc/config.ts index 9e1f4a5..2b034c1 100644 --- a/apps/webui/src/infra/auth/oidc/config.ts +++ b/apps/webui/src/infra/auth/oidc/config.ts @@ -21,6 +21,8 @@ export function buildOidcConfig(): OpenIdConfiguration { logLevel: LogLevel.Warn, autoUserInfo: !resource, renewUserInfoAfterTokenRenew: !resource, + ignoreNonceAfterRefresh: !!resource, + renewTimeBeforeTokenExpiresInSeconds: 30, customParamsAuthRequest: { prompt: 'consent', resource, diff --git a/apps/webui/src/infra/auth/oidc/oidc-auth.provider.ts b/apps/webui/src/infra/auth/oidc/oidc-auth.provider.ts index 7492028..f34d205 100644 --- a/apps/webui/src/infra/auth/oidc/oidc-auth.provider.ts +++ b/apps/webui/src/infra/auth/oidc/oidc-auth.provider.ts @@ -1,5 +1,6 @@ import { injectInjector } from '@/infra/di/inject'; import { inject, runInInjectionContext } from '@outposts/injection-js'; +import type { ParsedLocation } from '@tanstack/react-router'; import { CHECK_AUTH_RESULT_EVENT, OidcSecurityService, @@ -15,20 +16,8 @@ export class OidcAuthProvider extends AuthProvider { checkAuthResultEvent$ = inject(CHECK_AUTH_RESULT_EVENT); injector = injectInjector(); - private setupSilentRenew() { - const parent = document.defaultView?.parent; - if (parent) { - const event = new CustomEvent('oidc-silent-renew-message', { - detail: document.defaultView?.location!, - }); - parent.dispatchEvent(event); - } - } - setup() { - this.oidcSecurityService.checkAuth().subscribe(() => { - this.setupSilentRenew(); - }); + this.oidcSecurityService.checkAuth().subscribe(() => {}); } get isAuthenticated$() { @@ -45,9 +34,9 @@ export class OidcAuthProvider extends AuthProvider { return this.oidcSecurityService.getAccessToken(); } - autoLoginPartialRoutesGuard() { + autoLoginPartialRoutesGuard({ location }: { location: ParsedLocation }) { return runInInjectionContext(this.injector, () => - autoLoginPartialRoutesGuard() + autoLoginPartialRoutesGuard(undefined, { url: location.href }) ); } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 6a4531a..c37e7c2 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -228,11 +228,11 @@ importers: specifier: ^0.9.0 version: 0.9.0(jotai@2.12.5(@types/react@19.1.8)(react@19.1.0))(react@19.1.0) lucide-react: - specifier: ^0.514.0 - version: 0.514.0(react@19.1.0) + specifier: ^0.515.0 + version: 0.515.0(react@19.1.0) oidc-client-rx: - specifier: 0.1.0-alpha.9 - version: 0.1.0-alpha.9(@tanstack/react-router@1.121.2(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(@tanstack/solid-router@1.112.12(solid-js@1.9.7))(react@19.1.0)(rxjs@7.8.2)(solid-js@1.9.7) + specifier: 0.1.0-alpha.12 + version: 0.1.0-alpha.12(@tanstack/react-router@1.121.2(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(@tanstack/solid-router@1.112.12(solid-js@1.9.7))(react@19.1.0)(rxjs@7.8.2)(solid-js@1.9.7) react: specifier: ^19.1.0 version: 19.1.0 @@ -1560,11 +1560,11 @@ packages: cpu: [x64] os: [win32] - '@ngify/core@2.0.4': - resolution: {integrity: sha512-MyZ6TrD4NEEEpy5yBoAtCyAXySpLvi6kBrvJk1vl9s4dkU5H+/bKBeAy5gPvdbLQ6c6NHD3Y4cnnMBbhdtVOnA==} + '@ngify/core@2.0.6': + resolution: {integrity: sha512-SnJJlCHs+HvF/+hH4g2wf1oE7oHJ3JMFvsEY5R92JbF3DxZZld68vBQMuihhtI/TZURVgDE9Dx36bKtQBGgveA==} - '@ngify/http@2.0.4': - resolution: {integrity: sha512-3w3mMadsrkO0/xgLC5+79qqOJcRc+XvcBoOMZZBPFdiWg7wHWHULv48KHFVau+GbzvnXEza46W/xYyOMyR0F8g==} + '@ngify/http@2.0.6': + resolution: {integrity: sha512-MHuKIZljESbaVUEfkUM7Kk85lV4FkporAwgCj4AdP0JzSlO3MHOjLw3Pbrln2/hgRnap0ITPfQ+IBr1NJReSsA==} peerDependencies: rxjs: ^7.0.0 @@ -4927,8 +4927,8 @@ packages: lru-cache@5.1.1: resolution: {integrity: sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==} - lucide-react@0.514.0: - resolution: {integrity: sha512-HXD0OAMd+JM2xCjlwG1EGW9Nuab64dhjO3+MvdyD+pSUeOTBaVAPhQblKIYmmX4RyBYbdzW0VWnJpjJmxWGr6w==} + lucide-react@0.515.0: + resolution: {integrity: sha512-Sy7bY0MeicRm2pzrnoHm2h6C1iVoeHyBU2fjdQDsXGP51fhkhau1/ZV/dzrcxEmAKsxYb6bGaIsMnGHuQ5s0dw==} peerDependencies: react: ^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0 @@ -5194,8 +5194,8 @@ packages: resolution: {integrity: sha512-nK28WOo+QIjBkDduTINE4JkF/UJJKyf2EJxvJKfblDpyg0Q+pkOHNTL0Qwy6NP6FhE/EnzV73BxxqcJaXY9anw==} engines: {node: '>= 0.4'} - oidc-client-rx@0.1.0-alpha.9: - resolution: {integrity: sha512-LB8eRakdEM2BNYZ1sbqepvSZV3ZqdjTd6hc/tAhxf1wjzUxSNBLNJPDQ8p2D+FU36kXtdKhsul6HS7YKMNDH4g==} + oidc-client-rx@0.1.0-alpha.12: + resolution: {integrity: sha512-mHMqeFCRMRqn6C8ABDMHSiiaG8h+ukPqdDeZ7g05gXL1XT2VUqtPiD5+MRvInXVu9Snfi5ZFHmNMuGR1W9dRDw==} peerDependencies: '@tanstack/react-router': '*' '@tanstack/solid-router': '*' @@ -8036,13 +8036,13 @@ snapshots: '@next/swc-win32-x64-msvc@15.3.3': optional: true - '@ngify/core@2.0.4': + '@ngify/core@2.0.6': dependencies: tslib: 2.8.1 - '@ngify/http@2.0.4(rxjs@7.8.2)': + '@ngify/http@2.0.6(rxjs@7.8.2)': dependencies: - '@ngify/core': 2.0.4 + '@ngify/core': 2.0.6 rxjs: 7.8.2 tslib: 2.8.1 @@ -11691,7 +11691,7 @@ snapshots: dependencies: yallist: 3.1.1 - lucide-react@0.514.0(react@19.1.0): + lucide-react@0.515.0(react@19.1.0): dependencies: react: 19.1.0 @@ -11926,9 +11926,9 @@ snapshots: has-symbols: 1.1.0 object-keys: 1.1.1 - oidc-client-rx@0.1.0-alpha.9(@tanstack/react-router@1.121.2(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(@tanstack/solid-router@1.112.12(solid-js@1.9.7))(react@19.1.0)(rxjs@7.8.2)(solid-js@1.9.7): + oidc-client-rx@0.1.0-alpha.12(@tanstack/react-router@1.121.2(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(@tanstack/solid-router@1.112.12(solid-js@1.9.7))(react@19.1.0)(rxjs@7.8.2)(solid-js@1.9.7): dependencies: - '@ngify/http': 2.0.4(rxjs@7.8.2) + '@ngify/http': 2.0.6(rxjs@7.8.2) '@outposts/injection-js': 2.5.1 rfc4648: 1.5.4 rxjs: 7.8.2