fix(auth): tighten refresh session revocation

2026-05-13 15:04:37 +08:00
parent b13870f71b
commit 4fecf9c975
36 changed files with 1664 additions and 170 deletions
--- a/src/services/authService.ts
+++ b/src/services/authService.ts
@@ -289,6 +289,7 @@ export async function changePassword(
    '修改密码失败',
  );

+  clearAuthSession();
  return response.user;
 }

@@ -441,6 +442,16 @@ export async function revokeAuthSession(sessionId: string) {
  );
 }

+export async function revokeAuthSessions(sessionIds: string[]) {
+  const uniqueSessionIds = Array.from(
+    new Set(sessionIds.map((sessionId) => sessionId.trim()).filter(Boolean)),
+  );
+
+  await Promise.all(
+    uniqueSessionIds.map((sessionId) => revokeAuthSession(sessionId)),
+  );
+}
+
 export async function getAuthAuditLogs() {
  const response = await requestJson<AuthAuditLogsResponse>(
    '/api/auth/audit-logs',