fix(security): adjust resource token duration and refresh strategy

2026-03-20 03:57:30 +08:00 · 2024-10-10 15:43:29 +08:00
parent 55403cd8a8
commit 51391db262
3 changed files with 5 additions and 4 deletions
--- a/app/api/endpoints/system.py
+++ b/app/api/endpoints/system.py
@@ -138,7 +138,7 @@ def set_env_setting(env: dict,


@router.get("/progress/{process_type}", summary="实时进度")
-def get_progress(process_type: str, _: schemas.TokenPayload = Depends(verify_token)):
+def get_progress(process_type: str, _: schemas.TokenPayload = Depends(verify_resource_token)):
    """
    实时获取处理进度，返回格式为SSE
    """
--- a/app/core/config.py
+++ b/app/core/config.py
@@ -39,7 +39,7 @@ class ConfigModel(BaseModel):
    # TOKEN过期时间
    ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 * 24 * 8
    # RESOURCE_TOKEN过期时间
-    RESOURCE_ACCESS_TOKEN_EXPIRE_SECONDS: int = 60 * 10
+    RESOURCE_ACCESS_TOKEN_EXPIRE_SECONDS: int = 60 * 30
    # 时区
    TZ: str = "Asia/Shanghai"
    # API监听地址
--- a/app/core/security.py
+++ b/app/core/security.py
@@ -75,6 +75,7 @@ def create_access_token(

    to_encode = {
        "exp": expire,
+        "iat": datetime.utcnow(),
        "sub": str(userid),
        "username": username,
        "super_user": super_user,
@@ -102,8 +103,8 @@ def __set_or_refresh_resource_token_cookie(request: Request, response: Response,
            exp = decoded_token.get("exp")
            if exp:
                remaining_time = datetime.utcfromtimestamp(exp) - datetime.utcnow()
-                # 如果剩余时间少于 2 分钟，刷新令牌
-                if remaining_time < timedelta(minutes=2):
+                # 根据剩余时长提前刷新令牌
+                if remaining_time < timedelta(seconds=(settings.RESOURCE_ACCESS_TOKEN_EXPIRE_SECONDS / 3)):
                    raise jwt.ExpiredSignatureError
        except jwt.PyJWTError:
            logger.debug(f"Token error occurred. refreshing token")