feat: add current session logout flow

2026-04-21 15:36:17 +08:00
parent 60852241c9
commit a83c64133d
11 changed files with 703 additions and 9 deletions
--- a/server-rs/crates/api-server/src/auth.rs
+++ b/server-rs/crates/api-server/src/auth.rs
@@ -67,6 +67,36 @@ pub async fn require_bearer_auth(
        );
        AppError::from_status(StatusCode::UNAUTHORIZED)
    })?;
+    let current_user = state
+        .auth_user_service()
+        .get_user_by_id(claims.user_id())
+        .map_err(|error| {
+            warn!(
+                %request_id,
+                error = %error,
+                "Bearer JWT 用户快照读取失败"
+            );
+            AppError::from_status(StatusCode::INTERNAL_SERVER_ERROR)
+        })?
+        .ok_or_else(|| {
+            warn!(
+                %request_id,
+                user_id = %claims.user_id(),
+                "Bearer JWT 对应用户不存在"
+            );
+            AppError::from_status(StatusCode::UNAUTHORIZED)
+        })?;
+    if current_user.token_version != claims.token_version() {
+        warn!(
+            %request_id,
+            user_id = %claims.user_id(),
+            token_version = claims.token_version(),
+            current_token_version = current_user.token_version,
+            "Bearer JWT 版本已失效"
+        );
+        return Err(AppError::from_status(StatusCode::UNAUTHORIZED)
+            .with_message("当前登录态已失效，请重新登录"));
+    }

    request
        .extensions_mut()