chore(release): v1.0.7

- README/CHANGELOG: add v1.0.7 entry\n- Server: JWT expiry validated server-side (401 codes)\n- Web: logout/redirect on 401; proxy forwards Authorization\n- Server: bill service uses repository consistently
2026-01-16 11:15:05 +08:00
parent ad6a6d44ea
commit 3b7c1cd82b
17 changed files with 226 additions and 250 deletions
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -67,16 +67,28 @@
  onMount(() => {
    themeMode = loadThemeFromStorage();
    applyThemeToDocument(themeMode);
-    
-    // 检查登录状态，未登录则跳转到登录页
-    const pathname = $page.url.pathname;
-    if (!auth.check() && pathname !== '/login' && pathname !== '/health') {
-      goto('/login');
-      return;
-    }
-    
-    // 检查服务器状态
-    checkServerHealth();
+
+    (async () => {
+      // 检查登录状态，未登录则跳转到登录页
+      const pathname = $page.url.pathname;
+      if (!auth.check() && pathname !== '/login' && pathname !== '/health') {
+        goto('/login');
+        return;
+      }
+
+      // 由后端判断 Token 是否过期/无效
+      if (auth.check() && pathname !== '/login') {
+        const ok = await auth.validateToken();
+        if (!ok) {
+          goto('/login');
+          return;
+        }
+      }
+
+      // 检查服务器状态
+      checkServerHealth();
+    })();
+
    // 每 30 秒检查一次
    const healthInterval = setInterval(checkServerHealth, 30000);
    
--- a/web/src/routes/api/[...path]/+server.ts
+++ b/web/src/routes/api/[...path]/+server.ts
@@ -4,11 +4,15 @@ import type { RequestHandler } from './$types';
 // 服务端使用 Docker 内部地址，默认使用 localhost
 const API_URL = env.API_URL || 'http://localhost:8080';

-export const GET: RequestHandler = async ({ params, url, fetch }) => {
+export const GET: RequestHandler = async ({ params, url, request, fetch }) => {
  const path = params.path;
  const queryString = url.search;
  
-  const response = await fetch(`${API_URL}/api/${path}${queryString}`);
+  const response = await fetch(`${API_URL}/api/${path}${queryString}`, {
+    headers: {
+      'Authorization': request.headers.get('Authorization') || '',
+    },
+  });
  
  return new Response(response.body, {
    status: response.status,
@@ -27,6 +31,7 @@ export const POST: RequestHandler = async ({ params, request, fetch }) => {
    body: await request.arrayBuffer(),
    headers: {
      'Content-Type': request.headers.get('Content-Type') || 'application/octet-stream',
+      'Authorization': request.headers.get('Authorization') || '',
    },
  });