fix(web): preserve next on 401, validate redirect target, catch navigation rejections

This commit is contained in:
2026-04-29 10:16:07 +08:00
parent 9d93bcd24b
commit 9e3b745da3
3 changed files with 9 additions and 6 deletions
+1 -1
View File
@@ -29,7 +29,7 @@ async function onSelect(key: string) {
await authApi.logout() await authApi.logout()
} finally { } finally {
auth.clearSession() auth.clearSession()
router.replace({ name: 'login' }) router.replace({ name: 'login' }).catch(() => {})
} }
} }
} }
+4 -3
View File
@@ -7,13 +7,12 @@ const routes: RouteRecordRaw[] = [
path: '/login', path: '/login',
name: 'login', name: 'login',
component: () => import('@/views/auth/LoginView.vue'), component: () => import('@/views/auth/LoginView.vue'),
meta: { layout: 'none' },
}, },
{ {
path: '/', path: '/',
name: 'home', name: 'home',
component: () => import('@/views/HomeView.vue'), component: () => import('@/views/HomeView.vue'),
meta: { layout: 'app', requiresAuth: true }, meta: { requiresAuth: true },
}, },
] ]
@@ -42,7 +41,9 @@ export function bindAuthToApi() {
tokenProvider: () => auth.token, tokenProvider: () => auth.token,
onUnauthorized: () => { onUnauthorized: () => {
auth.clearSession() auth.clearSession()
router.replace({ name: 'login' }) const current = router.currentRoute.value
const query = current.name === 'login' ? undefined : { next: current.fullPath }
router.replace({ name: 'login', query }).catch(() => {})
}, },
}) })
} }
+4 -2
View File
@@ -40,8 +40,10 @@ async function onSubmit() {
try { try {
const out = await authApi.login(email.value, password.value) const out = await authApi.login(email.value, password.value)
auth.setSession(out.token, out.user) auth.setSession(out.token, out.user)
const next = (router.currentRoute.value.query.next as string) || '/' const raw = router.currentRoute.value.query.next
await router.replace(next) const next =
typeof raw === 'string' && raw.startsWith('/') && !raw.startsWith('//') ? raw : '/'
await router.replace(next).catch(() => {})
} catch (e) { } catch (e) {
error.value = e instanceof ApiException ? e.body.message : '登录失败' error.value = e instanceof ApiException ? e.body.message : '登录失败'
} finally { } finally {