refactor: 移除localStorage存储，改为基于cookie的状态保持

- 移除所有localStorage相关代码，不再保存敏感信息 - 前端UserInfo接口只保留后端实际返回的字段（user, user_type） - 更新getUserInfoApi和loginApi，只映射后端实际返回的字段 - 更新UserMenu组件，使用user字段替代username - 状态保持完全基于cookie验证
2026-01-03 01:09:47 +08:00 · 2026-01-03 01:09:47 +08:00 · 2d7be8f7c4
commit 2d7be8f7c4
parent 2afe515c5e
3 changed files with 23 additions and 71 deletions
--- a/src/shared/api/auth.ts
+++ b/src/shared/api/auth.ts
@ -4,12 +4,7 @@ export interface LoginResponse {
 }

 export interface UserInfo {
-  id: string
-  username: string
-  email: string
-  avatar: string
-  first_name: string
-  last_name: string
+  user: string
  user_type: string
 }

@ -63,26 +58,21 @@ export const loginApi = async (username: string, password: string): Promise<Logi
  const data = await response.json()
  
  if (response.status === 200 && (data.message === 'Logged In' || data.message === 'No App')) {
-    const nameParts = (data.full_name || '').split(' ')
-    const userInfo: UserInfo = {
-      id: username,
-      username: username,
-      email: '',
-      avatar: '',
-      first_name: nameParts[0] || '',
-      last_name: nameParts.slice(1).join(' ') || '',
-      user_type: data.message === 'No App' ? 'Website User' : 'System User'
-    }
-    
-    // 尝试获取更完整的用户信息
+    // 尝试获取用户信息
    try {
      await new Promise(resolve => setTimeout(resolve, 200))
-      const detailedUserInfo = await getUserInfoApi()
-      if (detailedUserInfo.id && detailedUserInfo.id !== 'Guest') {
-        return { message: data.message, user: detailedUserInfo }
+      const userInfo = await getUserInfoApi()
+      if (userInfo.user && userInfo.user !== 'Guest') {
+        return { message: data.message, user: userInfo }
      }
    } catch {
-      // API调用失败不影响登录
+      // API调用失败不影响登录，使用默认值
+    }
+    
+    // 如果获取用户信息失败，使用默认值
+    const userInfo: UserInfo = {
+      user: username,
+      user_type: data.message === 'No App' ? 'Website User' : 'System User'
    }
    
    return { message: data.message, user: userInfo }
@ -117,16 +107,11 @@ export const getUserInfoApi = async (): Promise<UserInfo> => {
  const userInfo = data.message || data
  
  const formattedUserInfo: UserInfo = {
-    id: userInfo.user || userInfo.name || userInfo.username || '',
-    username: userInfo.user || userInfo.name || userInfo.username || '',
-    email: userInfo.email || '',
-    avatar: userInfo.user_image || '',
-    first_name: userInfo.first_name || '',
-    last_name: userInfo.last_name || '',
+    user: userInfo.user || '',
    user_type: userInfo.user_type || 'System User'
  }
  
-  if (!formattedUserInfo.id || formattedUserInfo.id === 'Guest') {
+  if (!formattedUserInfo.user || formattedUserInfo.user === 'Guest') {
    throw new Error('无法解析用户信息')
  }
  
--- a/src/shared/components/UserMenu.vue
+++ b/src/shared/components/UserMenu.vue
@ -8,11 +8,10 @@
      <n-avatar
        round
        size="small"
-        :src="user?.avatar"
      >
-        {{ user?.username?.charAt(0).toUpperCase() }}
+        {{ user?.user?.charAt(0).toUpperCase() }}
      </n-avatar>
-      <span class="username">{{ user?.username }}</span>
+      <span class="username">{{ user?.user }}</span>
      <Icon icon="tabler:chevron-down" />
    </n-button>
  </n-dropdown>
--- a/src/shared/stores/auth.ts
+++ b/src/shared/stores/auth.ts
@ -4,13 +4,8 @@ import { loginApi, getUserInfoApi, logoutApi, isCookieExpired, getSessionUser }
 import { setInitializingAuth } from '../utils/fetchInterceptor'

 export interface User {
-  id: string
-  username: string
-  email: string
-  avatar?: string
-  first_name?: string
-  last_name?: string
-  user_type?: string
+  user: string
+  user_type: string
 }

 export const useAuthStore = defineStore('auth', () => {
@ -28,39 +23,16 @@ export const useAuthStore = defineStore('auth', () => {
           error?.message?.includes('Cookie已过期')
  }

-  // 设置用户状态（统一的状态更新方法）
+  // 设置用户状态（统一的状态更新方法，不保存到localStorage）
  const setUserState = (userInfo: User) => {
    user.value = userInfo
    isAuthenticated.value = true
-    localStorage.setItem('jingrow_user', JSON.stringify(userInfo))
-    localStorage.setItem('jingrow_authenticated', 'true')
  }

  // 清除用户状态
  const clearUserState = () => {
    user.value = null
    isAuthenticated.value = false
-    localStorage.removeItem('jingrow_user')
-    localStorage.removeItem('jingrow_authenticated')
-  }
-
-  // 从localStorage恢复用户状态
-  const restoreUserFromStorage = (): User | null => {
-    const savedUser = localStorage.getItem('jingrow_user')
-    const savedAuth = localStorage.getItem('jingrow_authenticated')
-    
-    if (savedUser && savedAuth === 'true') {
-      try {
-        const parsedUser = JSON.parse(savedUser)
-        user.value = parsedUser
-        isAuthenticated.value = true
-        return parsedUser
-      } catch (error) {
-        console.error('解析保存的用户信息失败:', error)
-        clearUserState()
-      }
-    }
-    return null
  }

  // 验证并更新用户信息
@ -116,20 +88,16 @@ export const useAuthStore = defineStore('auth', () => {
      const hasSessionCookie = !isCookieExpired()
      const hasCookie = userId || hasSessionCookie

-      // 尝试从localStorage恢复状态（避免闪烁）
-      const savedUser = restoreUserFromStorage()
-      const hasSavedState = !!savedUser
-
-      // 如果既没有cookie也没有保存的状态，清除认证
-      if (!hasCookie && !hasSavedState) {
+      // 如果没有cookie，清除认证状态
+      if (!hasCookie) {
        if (isAuthenticated.value) {
          clearUserState()
        }
        return
      }

-      // 如果有cookie或保存的状态，尝试验证
-      if (hasCookie || hasSavedState) {
+      // 如果有cookie，尝试验证并获取用户信息
+      if (hasCookie) {
        await validateAndUpdateUser()
      }
    } finally {