From 541ac1c899653be299862d4a7cbfa4bb3423aef5 Mon Sep 17 00:00:00 2001
From: Deng Ming <ming_flycash@qq.com>
Date: Tue, 26 Mar 2024 22:46:25 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=88=B7=E6=96=B0=20token=20?=
 =?UTF-8?q?=E7=9A=84=20BUG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 session/redis/provider.go | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/session/redis/provider.go b/session/redis/provider.go
index 31c1bbb..bd6d093 100644
--- a/session/redis/provider.go
+++ b/session/redis/provider.go
@@ -58,11 +58,9 @@ func (rsp *SessionProvider) RenewAccessToken(ctx *ginx.Context) error {
 	}
 	claims := jwtClaims.Data
 	sess := newRedisSession(claims.SSID, rsp.expiration, rsp.client, claims)
-	defer func() {
-		// refresh_token 只能用一次，不管成功与否
-		_ = sess.Del(ctx, keyRefreshToken)
-	}()
 	oldToken := sess.Get(ctx, keyRefreshToken).StringOrDefault("")
+	// refresh_token 只能用一次，不管成功与否
+	_ = sess.Del(ctx, keyRefreshToken)
 	// 说明这个 rt 是已经用过的 refreshToken
 	// 或者 session 本身就已经过期了
 	if oldToken != rt {
@@ -144,7 +142,7 @@ func (rsp *SessionProvider) Get(ctx *gctx.Context) (session.Session, error) {
 func NewSessionProvider(client redis.Cmdable, jwtKey string) *SessionProvider {
 	// 长 token 过期时间，被看做是 Session 的过期时间
 	expiration := time.Hour * 24 * 30
-	m := ijwt.NewManagement[session.Claims](ijwt.NewOptions(time.Hour, jwtKey),
+	m := ijwt.NewManagement[session.Claims](ijwt.NewOptions(time.Second*30, jwtKey),
 		ijwt.WithRefreshJWTOptions[session.Claims](ijwt.NewOptions(expiration, jwtKey)))
 	return &SessionProvider{
 		client:      client,