's'
This commit is contained in:
33
app/lib/auth-cookie.ts
Normal file
33
app/lib/auth-cookie.ts
Normal file
@@ -0,0 +1,33 @@
|
||||
/**
|
||||
* 认证 Cookie 配置
|
||||
* 生产环境设置 AUTH_COOKIE_DOMAIN 实现跨子域 SSO(如 .hackrobot.cn)
|
||||
* 本地开发不设置 domain,避免 IP 访问时 cookie 失效
|
||||
*/
|
||||
|
||||
const COOKIE_NAME = "pb_session";
|
||||
const COOKIE_MAX_AGE = 60 * 60 * 24 * 365;
|
||||
|
||||
export { COOKIE_NAME, COOKIE_MAX_AGE };
|
||||
|
||||
export function getHostFromRequest(request: { headers: { get: (k: string) => string | null } }): string {
|
||||
const host = request.headers.get("host") || request.headers.get("x-forwarded-host") || "";
|
||||
return host.split(",")[0].trim().replace(/:\d+$/, "");
|
||||
}
|
||||
|
||||
export function getCookieOptions(clear = false, requestHost?: string) {
|
||||
const isProd = process.env.NODE_ENV === "production";
|
||||
const domain = process.env.AUTH_COOKIE_DOMAIN?.trim();
|
||||
const opts: Record<string, unknown> = {
|
||||
path: "/",
|
||||
maxAge: clear ? 0 : COOKIE_MAX_AGE,
|
||||
secure: isProd,
|
||||
sameSite: "lax" as const,
|
||||
httpOnly: true,
|
||||
};
|
||||
if (domain && isProd) {
|
||||
opts.domain = domain;
|
||||
} else if (!isProd && requestHost && /^(\d{1,3}\.){3}\d{1,3}$/.test(requestHost)) {
|
||||
opts.domain = requestHost;
|
||||
}
|
||||
return opts;
|
||||
}
|
||||
@@ -2,4 +2,4 @@ const isDev = process.env.NODE_ENV === "development";
|
||||
|
||||
export const SITE_URL =
|
||||
process.env.NEXT_PUBLIC_SITE_URL ||
|
||||
(isDev ? "http://localhost:3000" : "https://nomadcna.cn");
|
||||
(isDev ? "http://localhost:3001" : "https://nomadcna.cn");
|
||||
|
||||
@@ -30,8 +30,7 @@ export function getPayEnv(): PayEnv {
|
||||
}
|
||||
|
||||
export function getRecommendedChannel(env: PayEnv): PayChannel {
|
||||
if (env === "wechat") return "wxpay";
|
||||
return "alipay";
|
||||
return "wxpay"; // 默认微信支付(PC/H5/微信内均优先)
|
||||
}
|
||||
|
||||
export function mustUseWxPay(env: PayEnv): boolean {
|
||||
|
||||
@@ -58,7 +58,6 @@ export function usePayStatusPoll(onPaid: () => void): boolean {
|
||||
const data = await res.json();
|
||||
if (data?.ok && data?.paid) {
|
||||
clearInterval(timer);
|
||||
clearCookie(COOKIE_NAME);
|
||||
setPolling(false);
|
||||
onPaidRef.current();
|
||||
}
|
||||
|
||||
44
app/lib/pocketbase/admin.ts
Normal file
44
app/lib/pocketbase/admin.ts
Normal file
@@ -0,0 +1,44 @@
|
||||
import { getPocketBaseConfig } from "@/config/services.config";
|
||||
|
||||
let cachedToken: { token: string; expiresAt: number } | null = null;
|
||||
const TOKEN_TTL_MS = 10 * 60 * 1000;
|
||||
|
||||
/**
|
||||
* PocketBase v0.23+ 使用 _superusers 集合替代旧 /api/admins 端点。
|
||||
* 此函数依次尝试新旧两个端点,兼容所有版本。
|
||||
*/
|
||||
export async function getAdminToken(): Promise<string | null> {
|
||||
if (cachedToken && Date.now() < cachedToken.expiresAt) {
|
||||
return cachedToken.token;
|
||||
}
|
||||
|
||||
const email = process.env.POCKETBASE_EMAIL;
|
||||
const password = process.env.POCKETBASE_PASSWORD;
|
||||
if (!email || !password) return null;
|
||||
|
||||
const pb = getPocketBaseConfig();
|
||||
const base = pb.url.replace(/\/$/, "");
|
||||
const body = JSON.stringify({ identity: email, password });
|
||||
const headers = { "Content-Type": "application/json" };
|
||||
|
||||
const endpoints = [
|
||||
`${base}/api/collections/_superusers/auth-with-password`,
|
||||
`${base}/api/admins/auth-with-password`,
|
||||
];
|
||||
|
||||
for (const url of endpoints) {
|
||||
try {
|
||||
const res = await fetch(url, { method: "POST", headers, body });
|
||||
if (!res.ok) continue;
|
||||
const data = await res.json();
|
||||
const token = data?.token;
|
||||
if (token) {
|
||||
cachedToken = { token, expiresAt: Date.now() + TOKEN_TTL_MS };
|
||||
return token;
|
||||
}
|
||||
} catch {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
@@ -73,10 +73,11 @@ export async function pbLogout(): Promise<void> {
|
||||
localStorage.removeItem(PB_STORAGE_KEYS.token);
|
||||
localStorage.removeItem(PB_STORAGE_KEYS.user);
|
||||
try {
|
||||
await fetch("/api/auth/logout", { method: "POST" });
|
||||
await fetch("/api/auth/logout", { method: "POST", credentials: "include" });
|
||||
} catch {
|
||||
/* ignore */
|
||||
}
|
||||
window.dispatchEvent(new CustomEvent("auth:updated"));
|
||||
}
|
||||
|
||||
export function getStoredUserEmail(): string | null {
|
||||
|
||||
Reference in New Issue
Block a user