05006cb5df
登录 30 天会话 hash 持久化到 admin_refresh_tokens;启动从 MySQL 回填 Redis, Redis 重启后会话仍可 refresh。 Co-authored-by: Cursor <cursoragent@cursor.com>
1.1 KiB
1.1 KiB
审计 — 2026-06-07 Refresh Token Redis+MySQL 双写
| 文件 | 变更要点 |
|---|---|
server/domain/models/__init__.py |
AdminRefreshToken ORM |
server/infrastructure/database/refresh_token_repo.py |
MySQL 持久层 |
server/application/services/auth_service.py |
先 Redis 后 MySQL;membership/rotate 双端 |
server/application/services/refresh_token_hydration.py |
启动回填 |
server/main.py |
hydration 调用 |
server/api/dependencies.py |
repo 注入 |
server/api/auth.py |
改密双端清 token |
server/infrastructure/database/migrations.py |
admin_refresh_tokens 表 |
tests/test_refresh_token_persistence.py |
单测 |
deploy/gate_log.jsonl |
门控记录 |
Step 3 规则扫描
| H | 规则 | 结论 |
|---|---|---|
| H1 | 仅存 SHA-256 hash | PASS |
| H2 | Redis 丢失 MySQL 回退 | PASS |
| H3 | 改密双端清 token | PASS |
Closure
- Step3✓ — 双写 + hydration + 回退
- Closure✓ — 满足「Redis 先写、MySQL 持久、重启不丢会话」
- DoD✓ — pytest 6 passed;待生产 Redis 重启验证