This commit is contained in:
eric
2026-03-12 19:54:58 -05:00
parent 14bbd3b306
commit f66859c032
31 changed files with 1132 additions and 312 deletions

33
app/lib/auth-cookie.ts Normal file
View File

@@ -0,0 +1,33 @@
/**
* 认证 Cookie 配置
* 生产环境设置 AUTH_COOKIE_DOMAIN 实现跨子域 SSO如 .hackrobot.cn
* 本地开发不设置 domain避免 IP 访问时 cookie 失效
*/
const COOKIE_NAME = "pb_session";
const COOKIE_MAX_AGE = 60 * 60 * 24 * 365;
export { COOKIE_NAME, COOKIE_MAX_AGE };
export function getHostFromRequest(request: { headers: { get: (k: string) => string | null } }): string {
const host = request.headers.get("host") || request.headers.get("x-forwarded-host") || "";
return host.split(",")[0].trim().replace(/:\d+$/, "");
}
export function getCookieOptions(clear = false, requestHost?: string) {
const isProd = process.env.NODE_ENV === "production";
const domain = process.env.AUTH_COOKIE_DOMAIN?.trim();
const opts: Record<string, unknown> = {
path: "/",
maxAge: clear ? 0 : COOKIE_MAX_AGE,
secure: isProd,
sameSite: "lax" as const,
httpOnly: true,
};
if (domain && isProd) {
opts.domain = domain;
} else if (!isProd && requestHost && /^(\d{1,3}\.){3}\d{1,3}$/.test(requestHost)) {
opts.domain = requestHost;
}
return opts;
}

View File

@@ -2,4 +2,4 @@ const isDev = process.env.NODE_ENV === "development";
export const SITE_URL =
process.env.NEXT_PUBLIC_SITE_URL ||
(isDev ? "http://localhost:3000" : "https://nomadcna.cn");
(isDev ? "http://localhost:3001" : "https://nomadcna.cn");

View File

@@ -30,8 +30,7 @@ export function getPayEnv(): PayEnv {
}
export function getRecommendedChannel(env: PayEnv): PayChannel {
if (env === "wechat") return "wxpay";
return "alipay";
return "wxpay"; // 默认微信支付PC/H5/微信内均优先)
}
export function mustUseWxPay(env: PayEnv): boolean {

View File

@@ -58,7 +58,6 @@ export function usePayStatusPoll(onPaid: () => void): boolean {
const data = await res.json();
if (data?.ok && data?.paid) {
clearInterval(timer);
clearCookie(COOKIE_NAME);
setPolling(false);
onPaidRef.current();
}

View File

@@ -0,0 +1,44 @@
import { getPocketBaseConfig } from "@/config/services.config";
let cachedToken: { token: string; expiresAt: number } | null = null;
const TOKEN_TTL_MS = 10 * 60 * 1000;
/**
* PocketBase v0.23+ 使用 _superusers 集合替代旧 /api/admins 端点。
* 此函数依次尝试新旧两个端点,兼容所有版本。
*/
export async function getAdminToken(): Promise<string | null> {
if (cachedToken && Date.now() < cachedToken.expiresAt) {
return cachedToken.token;
}
const email = process.env.POCKETBASE_EMAIL;
const password = process.env.POCKETBASE_PASSWORD;
if (!email || !password) return null;
const pb = getPocketBaseConfig();
const base = pb.url.replace(/\/$/, "");
const body = JSON.stringify({ identity: email, password });
const headers = { "Content-Type": "application/json" };
const endpoints = [
`${base}/api/collections/_superusers/auth-with-password`,
`${base}/api/admins/auth-with-password`,
];
for (const url of endpoints) {
try {
const res = await fetch(url, { method: "POST", headers, body });
if (!res.ok) continue;
const data = await res.json();
const token = data?.token;
if (token) {
cachedToken = { token, expiresAt: Date.now() + TOKEN_TTL_MS };
return token;
}
} catch {
continue;
}
}
return null;
}

View File

@@ -73,10 +73,11 @@ export async function pbLogout(): Promise<void> {
localStorage.removeItem(PB_STORAGE_KEYS.token);
localStorage.removeItem(PB_STORAGE_KEYS.user);
try {
await fetch("/api/auth/logout", { method: "POST" });
await fetch("/api/auth/logout", { method: "POST", credentials: "include" });
} catch {
/* ignore */
}
window.dispatchEvent(new CustomEvent("auth:updated"));
}
export function getStoredUserEmail(): string | null {