update model

oa/api/token/token.go

@@ -68,10 +68,21 @@ func tokenPost(x *rest.X) (any, error) {
 		}
 		if oldClaim.AID == *opts.AppID {
 			// refresh token
+			claim.AID = oldClaim.AID
+			claim.UID = oldClaim.UID
+			claim.Name = oldClaim.Name
+			claim.Icon = oldClaim.Icon
+			claim.ExpiresAt = jwt.NewNumericDate(time.Now().Add(time.Minute * 10))
+			acList := make(auth.Access, 0, 10)
+			logv.AssertError(cfg.DB().Table("accesses a").
+				Select("a.name, a.t_id, a.level").
+				Joins("INNER JOIN user_roles ur ON ur.role_id = a.role_id AND ur.user_id = ?", oldClaim.UID).
+				Scan(&acList).Error)
+			claim.Access = acList
 		} else {
 			// gen other app token
 		}
-	} else if opts.Salt != nil && opts.Code != nil && aid == cfg.Config.ID {
+	} else if opts.Code != nil && aid == cfg.Config.ID {
 		// for oa login
 		user := &M.User{}
 		err = cfg.DB().Where("id = ?", opts.UserID).Find(user).Error
@@ -82,8 +93,6 @@ func tokenPost(x *rest.X) (any, error) {
 		code := *opts.Code
 		salt := logv.AssertFuncErr(hex.DecodeString(*opts.Salt))
 		key := logv.AssertFuncErr(hex.DecodeString(user.Code))
-		logv.Warn().Msgf("%d: %d", len(key), len(salt))
-		logv.Warn().Msgf("%s: %s", user.Code, *opts.Salt)
 		de, err := utils.AesDecrypt([]byte(code), key, salt)
 		if err != nil || de != user.ID {
 			return nil, errs.AuthInvalid
@@ -98,29 +107,26 @@ func tokenPost(x *rest.X) (any, error) {
 		if opts.OverPerm != nil {
 			data.OverPerm = *opts.OverPerm
 		}
-		// logv.AssertError(cfg.DB().Create(data).Error)
+		if opts.Device != nil {
+			data.Device = *opts.Device
+		}
+		data.ExpiredAt = time.Now().Add(time.Hour)
+		logv.AssertError(cfg.DB().Create(data).Error)
+		claim.ID = data.ID
 		claim.AID = aid
 		claim.UID = user.ID
 		claim.Name = user.Username
 		claim.Icon = user.Icon
+		claim.ExpiresAt = jwt.NewNumericDate(data.ExpiredAt)
 		if user.Nickname != "" {
 			claim.Name = user.Nickname
 		}
-		acList := make(auth.Access, 0, 10)
-		logv.AssertError(cfg.DB().Debug().Table("accesses a").
-			Select("a.name, a.t_id, a.level").
-			Joins("INNER JOIN user_roles ur ON ur.role_id = a.role_id AND ur.user_id = ?", user.ID).
-			Scan(&acList).Error)
-		claim.Access = acList
-		token := logv.AssertFuncErr(auth.GenJwt(claim))
-		return map[string]string{"refresh": token, "token": token}, err
 	} else {
 		return nil, errs.ArgsInvalid
 	}
-	claim.ExpiresAt = jwt.NewNumericDate(data.ExpiredAt)
-	err = cfg.DB().Create(data).Error
 
-	return data, err
+	token := logv.AssertFuncErr(auth.GenJwt(claim))
+	return token, err
 }
 
 func tokenGet(x *rest.X) (any, error) {

oa/models/token.gen.go

@@ -12,12 +12,14 @@ type TokenPost struct {
 
 	// 两种获取token方式，一种用token换取(应用登录)，一种用密码加密code换(oa登录)
 	Token *string `json:"token"  parse:"json"`
-	Salt  *string `json:"salt"  parse:"json"`
-	Code  *string `json:"code"  parse:"json"`
+	// 登录方随机生成的salt，非用户salt
+	Salt *string `json:"salt"  parse:"json"`
+	Code *string `json:"code"  parse:"json"`
 
 	AppID     *string    `json:"app_id" gorm:"index;type:varchar(32)"  parse:"json"`
 	ExpiredAt *time.Time `json:"expired_at"  parse:"json"`
 	OverPerm  *string    `json:"over_perm"  parse:"json"`
+	Device    *string    `json:"device"  parse:"json"`
 }
 
 type TokenGet struct {

oa/models/token.go

@@ -13,4 +13,5 @@ type Token struct {
 	App       *App      `json:"-"`
 	ExpiredAt time.Time `json:"expired_at" methods:"*post,*patch" parse:"json"`
 	OverPerm  string    `json:"over_perm" methods:"*post,*patch" parse:"json"`
+	Device    string    `json:"device" methods:"*post" parse:"json"`
 }

oa/models/user.go

@@ -18,7 +18,7 @@ type User struct {
 
 	Status uint `json:"status" methods:"*patch,*list" parse:"json"`
 
-	Salt string `json:"-" gorm:"type:varchar(32)" methods:"post" parse:"json"`
+	Salt string `json:"-" gorm:"type:varchar(32)"`
 	Code string `json:"-" gorm:"type:varchar(64)" methods:"post" parse:"json"`
 }