♻️Refactoring authentication&authorization to develop the user management feature#2328
Merged
♻️Refactoring authentication&authorization to develop the user management feature#2328
Conversation
xuyaqist
changed the title
# Conflicts: # frontend/app/[locale]/tenant-resources/components/UserManageComp.tsx # frontend/app/[locale]/users/page.tsx # frontend/components/navigation/SideNavigation.tsx
xuyaqist
force-pushed
the
xyq/user_management
branch
from
3120d0d to
31ec742
Compare
xuyaqist
changed the title
# Conflicts: # frontend/app/[locale]/tenant-resources/page.tsx # frontend/components/auth/avatarDropdown.tsx
# Conflicts: # frontend/public/locales/en/common.json # frontend/public/locales/zh/common.json
…ment feature [Specification Details] 1. Add group_ids in authService.
# Conflicts: # frontend/components/navigation/SideNavigation.tsx
✨ User management: add resources page proxy
WMC001
force-pushed
the
xyq/user_management
branch
from
36e2d73 to
da67e15
Compare
WMC001
force-pushed
the
xyq/user_management
branch
2 times, most recently
from
c7b7b44 to
a366385
Compare
WMC001
force-pushed
the
xyq/user_management
branch
from
a366385 to
99befe9
Compare
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
…ment feature [Specification Details] 1. Add group_ids in authService.
…ment feature [Specification Details] 1. Add group_ids in authService.
…ment feature [Specification Details] 1. Resolve conflict.
WMC001
reviewed
Feb 4, 2026
WMC001
approved these changes
Feb 4, 2026
WMC001
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
认证+鉴权
认证和鉴权之间的交互通过authEvent(事件监听和触发)。
用户登录/注册
后端返回: { data: { user, session } }
session = { access_token, refresh_token, expires_at }
Session管理
Session 过期检测
当用户登录时,会返回session以及其过期时间。前端将其存储至localstorage中,按需计算其是否过期,当发现session过期时,在鉴权逻辑中,会立刻令user相关的权限信息失效。有几个特殊的节点会检查session是否过期:
滑动过期
为了避免用户在活跃的状态下session也会在10分钟过期,因此设置一个滑动过期的能力。当用户处于活跃状态(click/ keydown/ mousemove...),会判断session是否快过期了(<5分钟),如果session快过期了,则调用refresh session接口,主动延长session过期的时间。