feat(session): 修复了一些未完全迁移的bug，提高了验证的时间精度

Signed-off-by: 李东云 <dongyun.li@luxcreo.ai>
2026-01-15 00:35:08 +08:00 · 2022-04-28 18:32:43 +08:00
parent 393e6d0f46
commit 9b163032e8
1 changed files with 13 additions and 11 deletions
--- a/src/Account/Services/Auth/SessionAuthentication.php
+++ b/src/Account/Services/Auth/SessionAuthentication.php
@@ -45,7 +45,7 @@ class SessionAuthentication implements AuthenticationInterface
    public function generate(User $user): string
    {
        $this->session->set('userInfo', $user);
-        $this->session->set('createdAt', time());
+        $this->session->set('createdAt', microtime(true));
        
        return $this->session->getId();
    }
@@ -53,35 +53,35 @@ class SessionAuthentication implements AuthenticationInterface
    /**
     * 解码，并返回验证后的值
     */
-    public function verified(?string $token = null):User
+    public function verified(?string $token = null): User
    {
        if (!$this->session->isValidId($token ?? '')) {
            throw new ValidateException(CommonErrorCode::AUTH_SESSION_ERROR, 'token', $token);
        }
-        /** @var ?array $decoded */
-        $decoded = $this->session->get('userInfo');
        
-        if (empty($decoded)) {
+        $user = $this->session->get('userInfo');
+        if (empty($user)) {
            throw new Unauthorized(CommonErrorCode::AUTH_SESSION_ERROR);
        }
+        $user = new User($user);
        
-        if (empty($decoded['uid'])) {
+        if (empty($user->uid)) {
            throw new Unauthorized(CommonErrorCode::AUTH_SESSION_UID_ERROR);
        }
        
        // 判断用户 session 是否应该失效
        $last_invalidate_time = $this->redis->hGet(
            $this->lastInvalidateTimeKey,
-            $decoded['uid']
+            $user->uid
        );
-    
        /**
         * @link SessionAuthentication::invalid(true)
         */
        if ($this->session->get('createdAt') < $last_invalidate_time) {
            throw new Unauthorized(CommonErrorCode::AUTH_SESSION_CREATED_AT_ERROR);
        }
-        return new User($decoded);
+        
+        return $user;
    }
    
    /**
@@ -91,10 +91,12 @@ class SessionAuthentication implements AuthenticationInterface
        bool $clearAll = false,
    ): Cookie {
        if ($clearAll) {
+            $user = $this->session->get('userInfo');
+            $user = new User($user);
            $this->redis->hSet(
                $this->lastInvalidateTimeKey,
-                $this->session->get('userInfo')['uid'] ?? '',
-                time()
+                $user->uid ?? '',
+                microtime(true)
            );
        }
        $this->session->invalidate();