feat(auth): 优化退出登录功能并集成配置中心

- 在退出登录时使用配置中心的 session 选项 - 清除用户 session 数据并保存更改 - 将 session 配置移至 config 包，提高可维护性
2025-02-16 10:19:29 +08:00 · 2025-02-16 10:19:29 +08:00 · b5788cd8b5
commit b5788cd8b5
parent fbed496bed
3 changed files with 41 additions and 10 deletions
--- a/gateway/config/session.go
+++ b/gateway/config/session.go
@ -0,0 +1,30 @@
+package config
+
+import (
+	"net/http"
+
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-contrib/sessions/cookie"
+)
+
+// InitSessionStore 初始化session存储
+func InitSessionStore() sessions.Store {
+	store := cookie.NewStore([]byte("secret"))
+	store.Options(sessions.Options{
+		MaxAge:   86400 * 7,
+		HttpOnly: true,
+		Secure:   false,                // 如果是HTTPS需要设为true
+		SameSite: http.SameSiteLaxMode, // 允许跨站携带cookie
+	})
+	return store
+}
+
+// 退出登录时立即使客户端cookie过期
+func GetLogoutSessionOptions() sessions.Options {
+	return sessions.Options{
+		Path:     "/",   // cookie的路径
+		MaxAge:   -1,    // 立即使cookie过期
+		Secure:   false, // 如果是HTTPS需要设为true
+		HttpOnly: true,  // 防止JS访问
+	}
+}
--- a/gateway/handlers/auth.go
+++ b/gateway/handlers/auth.go
@ -6,6 +6,7 @@ import (
 	"strconv"
 	"strings"

+	"gateway/config"
 	"gateway/models"
 	"gateway/utils"

@ -138,12 +139,20 @@ func PostRegister(db *gorm.DB) gin.HandlerFunc {

 func Logout(c *gin.Context) {
 	session := sessions.Default(c)
+
+	// 使用配置中的session选项
+	session.Options(config.GetLogoutSessionOptions())
+
+	// 清除session数据
 	session.Clear()
+
+	// 保存更改
 	if err := session.Save(); err != nil {
 		utils.Logger.Errorf("退出登录失败: %v", err)
 		c.HTML(http.StatusInternalServerError, "error.html", gin.H{"error": "退出登录失败"})
 		return
 	}
+
 	c.Redirect(http.StatusSeeOther, "/login")
 }

--- a/gateway/main.go
+++ b/gateway/main.go
@ -1,15 +1,13 @@
 package main

 import (
-	"net/http"
-
+	"gateway/config"
 	"gateway/handlers"
 	"gateway/middleware"
 	"gateway/models"
 	"gateway/utils"

 	"github.com/gin-contrib/sessions"
-	"github.com/gin-contrib/sessions/cookie"
 	"github.com/gin-gonic/gin"
 	"github.com/jinzhu/gorm"
 	_ "github.com/jinzhu/gorm/dialects/sqlite"
@ -36,13 +34,7 @@ func main() {
 	r.LoadHTMLGlob("templates/*")

 	// 配置 Session 中间件
-	store := cookie.NewStore([]byte("secret"))
-	store.Options(sessions.Options{
-		MaxAge:   86400 * 7,
-		HttpOnly: true,
-		Secure:   false,                // 如果是HTTPS需要设为true
-		SameSite: http.SameSiteLaxMode, // 允许跨站携带cookie
-	})
+	store := config.InitSessionStore()
 	r.Use(sessions.Sessions("mysession", store))

 	// 路由配置