fix: auth logout, Nginx configs, missing dependency, CORS

- auth: logout endpoint now accepts refresh_token (was admin_id which
  frontend can't know) — added logout_by_token() to AuthService
- api.js: sendBeacon uses Blob with application/json content-type
  (was sending text/plain which FastAPI couldn't parse)
- Nginx: fixed SPA fallback to 404 (not SPA), added install.php
  PHP-FPM handler, added production HTTPS config for api.synaglobal.vip
- requirements: added cryptography==44.0.0 (used by crypto.py but
  was missing from requirements.txt)
- models: removed unused Fernet import from domain models
- CORS: added http://api.synaglobal.vip origin

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Your Name
2026-05-22 00:30:28 +08:00
parent cd3c35b5e6
commit 56993e4f98
8 changed files with 148 additions and 14 deletions
+5 -2
View File
@@ -29,7 +29,7 @@ class RefreshRequest(BaseModel):
class LogoutRequest(BaseModel):
admin_id: int
refresh_token: Optional[str] = None
class TotpSetupRequest(BaseModel):
@@ -85,7 +85,10 @@ async def logout(
service: AuthService = Depends(get_auth_service),
):
"""Invalidate refresh token (client should also discard access token)"""
result = await service.logout(payload.admin_id)
if payload.refresh_token:
result = await service.logout_by_token(payload.refresh_token)
else:
return {"success": True, "message": "已登出"}
return result