fix: 修复演练场输入密码后提示未授权访问的问题

根本原因：框架 RouterHandlerFactory 未注册 SessionHandler，导致 ctx.session() 始终返回 null。登录时密码校验通过但认证状态被静默丢弃，后续所有请求均返回"未授权访问"。修复方案：将 Session 鉴权改为 Token（Bearer）鉴权： - PlaygroundConfig: 新增 generateToken()/validateToken()，使用 SecureRandom 生成密码学安全 Token，并在生成时清理过期 Token 防止内存泄漏 - PlaygroundApi: login() 返回 Token；checkAuth() 从 Authorization 请求头中读取并校验 Token - playgroundApi.js: 添加请求拦截器自动携带 Token； login() 从响应中提取并保存 Token 到 localStorage - Playground.vue: 后端报告未认证时同步清除 playground_token Agent-Logs-Url: https://github.com/qaiu/netdisk-fast-download/sessions/52144d13-cd49-4a3d-b279-9b8d6cbad757 Co-authored-by: qaiu <29825328+qaiu@users.noreply.github.com>
2026-04-23 09:06:55 +00:00 · 2026-04-23 01:22:09 +00:00
parent 2161190d9a
commit 2f55294b58
4 changed files with 75 additions and 21 deletions
--- a/web-front/src/utils/playgroundApi.js
+++ b/web-front/src/utils/playgroundApi.js
@@ -5,6 +5,15 @@ const axiosInstance = axios.create({
  withCredentials: true  // 重要：允许跨域请求携带cookie
 });

+// 请求拦截器：将存储的Token添加到Authorization请求头
+axiosInstance.interceptors.request.use(config => {
+  const token = localStorage.getItem('playground_token');
+  if (token) {
+    config.headers['Authorization'] = `Bearer ${token}`;
+  }
+  return config;
+});
+
 /**
 * 演练场API服务
 */
@@ -30,7 +39,12 @@ export const playgroundApi = {
  async login(password) {
    try {
      const response = await axiosInstance.post('/v2/playground/login', { password });
-      return response.data;
+      const data = response.data;
+      // 登录成功时从响应中提取并保存Token
+      if ((data.code === 200 || data.success) && data.data?.token) {
+        localStorage.setItem('playground_token', data.data.token);
+      }
+      return data;
    } catch (error) {
      throw new Error(error.response?.data?.error || error.message || '登录失败');
    }
--- a/web-front/src/views/Playground.vue
+++ b/web-front/src/views/Playground.vue
@@ -1146,10 +1146,11 @@ function parseById(shareLinkInfo, http, logger) {
          const isAuthed = res.data.authed || res.data.public;
          authed.value = isAuthed;
          
-          // 如果后端session已失效，清除localStorage
+          // 如果后端认证已失效，清除localStorage中的认证信息
          if (!isAuthed && savedAuth === 'true') {
            localStorage.removeItem('playground_authed');
            localStorage.removeItem('playground_auth_time');
+            localStorage.removeItem('playground_token');
          }
          
          return isAuthed;