refactor: replace localStorage with HTTP-only cookies for auth tokens (#24365)

Signed-off-by: NeatGuyCoding <15627489+NeatGuyCoding@users.noreply.github.com> Signed-off-by: lyzno1 <yuanyouhuilyz@gmail.com> Signed-off-by: kenwoodjw <blackxin55+@gmail.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Yunlu Wen <wylswz@163.com> Co-authored-by: Joel <iamjoel007@gmail.com> Co-authored-by: GareArc <chen4851@purdue.edu> Co-authored-by: NFish <douxc512@gmail.com> Co-authored-by: Davide Delbianco <davide.delbianco@outlook.com> Co-authored-by: minglu7 <1347866672@qq.com> Co-authored-by: Ponder <ruan.lj@foxmail.com> Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: heyszt <270985384@qq.com> Co-authored-by: Asuka Minato <i@asukaminato.eu.org> Co-authored-by: Guangdong Liu <liugddx@gmail.com> Co-authored-by: Eric Guo <eric.guocz@gmail.com> Co-authored-by: NeatGuyCoding <15627489+NeatGuyCoding@users.noreply.github.com> Co-authored-by: XlKsyt <caixuesen@outlook.com> Co-authored-by: Dhruv Gorasiya <80987415+DhruvGorasiya@users.noreply.github.com> Co-authored-by: crazywoola <427733928@qq.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: lyzno1 <92089059+lyzno1@users.noreply.github.com> Co-authored-by: hj24 <mambahj24@gmail.com> Co-authored-by: GuanMu <ballmanjq@gmail.com> Co-authored-by: 非法操作 <hjlarry@163.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Tonlo <123lzs123@gmail.com> Co-authored-by: Yusuke Yamada <yamachu.dev@gmail.com> Co-authored-by: Novice <novice12185727@gmail.com> Co-authored-by: kenwoodjw <blackxin55+@gmail.com> Co-authored-by: Ademílson Tonato <ademilsonft@outlook.com> Co-authored-by: znn <jubinkumarsoni@gmail.com> Co-authored-by: yangzheli <43645580+yangzheli@users.noreply.github.com>
2025-10-19 21:29:04 +08:00
parent 141ca8904a
commit 9a5f214623
60 changed files with 879 additions and 533 deletions
--- a/web/app/components/share/text-generation/menu-dropdown.tsx
+++ b/web/app/components/share/text-generation/menu-dropdown.tsx
@@ -20,6 +20,7 @@ import type { SiteInfo } from '@/models/share'
 import cn from '@/utils/classnames'
 import { AccessMode } from '@/models/access-control'
 import { useWebAppStore } from '@/context/web-app-context'
+import { webAppLogout } from '@/service/webapp-auth'

 type Props = {
  data?: SiteInfo
@@ -49,11 +50,11 @@ const MenuDropdown: FC<Props> = ({
    setOpen(!openRef.current)
  }, [setOpen])

-  const handleLogout = useCallback(() => {
-    localStorage.removeItem('token')
-    localStorage.removeItem('webapp_access_token')
+  const shareCode = useWebAppStore(s => s.shareCode)
+  const handleLogout = useCallback(async () => {
+    await webAppLogout(shareCode!)
    router.replace(`/webapp-signin?redirect_url=${pathname}`)
-  }, [router, pathname])
+  }, [router, pathname, webAppLogout, shareCode])

  const [show, setShow] = useState(false)

--- a/web/app/components/share/utils.ts
+++ b/web/app/components/share/utils.ts
@@ -1,7 +1,3 @@
-import { CONVERSATION_ID_INFO } from '../base/chat/constants'
-import { fetchAccessToken } from '@/service/share'
-import { getProcessedSystemVariablesFromUrlParams } from '../base/chat/utils'
-
 export const isTokenV1 = (token: Record<string, any>) => {
  return !token.version
 }
@@ -9,55 +5,3 @@ export const isTokenV1 = (token: Record<string, any>) => {
 export const getInitialTokenV2 = (): Record<string, any> => ({
  version: 2,
 })
-
-export const checkOrSetAccessToken = async (appCode?: string | null) => {
-  const sharedToken = appCode || globalThis.location.pathname.split('/').slice(-1)[0]
-  const userId = (await getProcessedSystemVariablesFromUrlParams()).user_id
-  const accessToken = localStorage.getItem('token') || JSON.stringify(getInitialTokenV2())
-  let accessTokenJson = getInitialTokenV2()
-  try {
-    accessTokenJson = JSON.parse(accessToken)
-    if (isTokenV1(accessTokenJson))
-      accessTokenJson = getInitialTokenV2()
-  }
-  catch {
-
-  }
-
-  if (!accessTokenJson[sharedToken]?.[userId || 'DEFAULT']) {
-    const webAppAccessToken = localStorage.getItem('webapp_access_token')
-    const res = await fetchAccessToken({ appCode: sharedToken, userId, webAppAccessToken })
-    accessTokenJson[sharedToken] = {
-      ...accessTokenJson[sharedToken],
-      [userId || 'DEFAULT']: res.access_token,
-    }
-    localStorage.setItem('token', JSON.stringify(accessTokenJson))
-    localStorage.removeItem(CONVERSATION_ID_INFO)
-  }
-}
-
-export const setAccessToken = (sharedToken: string, token: string, user_id?: string) => {
-  const accessToken = localStorage.getItem('token') || JSON.stringify(getInitialTokenV2())
-  let accessTokenJson = getInitialTokenV2()
-  try {
-    accessTokenJson = JSON.parse(accessToken)
-    if (isTokenV1(accessTokenJson))
-      accessTokenJson = getInitialTokenV2()
-  }
-  catch {
-
-  }
-
-  localStorage.removeItem(CONVERSATION_ID_INFO)
-
-  accessTokenJson[sharedToken] = {
-    ...accessTokenJson[sharedToken],
-    [user_id || 'DEFAULT']: token,
-  }
-  localStorage.setItem('token', JSON.stringify(accessTokenJson))
-}
-
-export const removeAccessToken = () => {
-  localStorage.removeItem('token')
-  localStorage.removeItem('webapp_access_token')
-}