Remove useless jwt role_ids

backend/app/common/jwt.py

@@ -125,7 +125,7 @@ def get_token(request: Request) -> str:
 
 
 @sync_to_async
-def jwt_decode(token: str) -> tuple[int, list[int]]:
+def jwt_decode(token: str) -> int:
     """
     Decode token
 
@@ -135,12 +135,11 @@ def jwt_decode(token: str) -> tuple[int, list[int]]:
     try:
         payload = jwt.decode(token, settings.TOKEN_SECRET_KEY, algorithms=[settings.TOKEN_ALGORITHM])
         user_id = int(payload.get('sub'))
-        role_ids = list(payload.get('role_ids'))
-        if not user_id or not role_ids:
+        if not user_id:
             raise TokenError
     except (jwt.JWTError, ValidationError, Exception):
         raise TokenError
-    return user_id, role_ids
+    return user_id
 
 
 async def jwt_authentication(token: str) -> dict[str, int]:
@@ -150,7 +149,7 @@ async def jwt_authentication(token: str) -> dict[str, int]:
     :param token:
     :return:
     """
-    user_id, _ = await jwt_decode(token)
+    user_id = await jwt_decode(token)
     key = f'{settings.TOKEN_REDIS_PREFIX}:{user_id}:{token}'
     token_verify = await redis_client.get(key)
     if not token_verify:

backend/app/crud/crud_user.py

@@ -118,13 +118,6 @@ async def set_multi_login(self, db: AsyncSession, user_id: int) -> int:
         )
         return user.rowcount
 
-    async def get_role_ids(self, db: AsyncSession, user_id: int) -> list[int]:
-        user = await db.execute(
-            select(self.model).where(self.model.id == user_id).options(selectinload(self.model.roles))
-        )
-        roles_id = [role.id for role in user.scalars().first().roles]
-        return roles_id
-
     async def get_with_relation(self, db: AsyncSession, *, user_id: int = None, username: str = None) -> User | None:
         where = []
         if user_id:

backend/app/services/auth_service.py

@@ -34,14 +34,10 @@ async def swagger_login(self, *, form_data: OAuth2PasswordRequestForm):
                 raise errors.AuthorizationError(msg='用户已锁定, 登陆失败')
             # 更新登陆时间
             await UserDao.update_login_time(db, form_data.username, self.login_time)
-            # 查询用户角色
-            user_role_ids = await UserDao.get_role_ids(db, current_user.id)
             # 获取最新用户信息
             user = await UserDao.get(db, current_user.id)
             # 创建token
-            access_token, _ = await jwt.create_access_token(
-                str(user.id), role_ids=user_role_ids, multi_login=user.is_multi_login
-            )
+            access_token, _ = await jwt.create_access_token(str(user.id), multi_login=user.is_multi_login)
             return access_token, user
 
     async def login(self, *, request: Request, obj: Auth, background_tasks: BackgroundTasks):
@@ -55,13 +51,12 @@ async def login(self, *, request: Request, obj: Auth, background_tasks: Backgrou
                 elif not current_user.is_active:
                     raise errors.AuthorizationError(msg='用户已锁定, 登陆失败')
                 await UserDao.update_login_time(db, obj.username, self.login_time)
-                user_role_ids = await UserDao.get_role_ids(db, current_user.id)
                 user = await UserDao.get(db, current_user.id)
                 access_token, access_token_expire_time = await jwt.create_access_token(
-                    str(user.id), role_ids=user_role_ids, multi_login=user.is_multi_login
+                    str(user.id), multi_login=user.is_multi_login
                 )
                 refresh_token, refresh_token_expire_time = await jwt.create_refresh_token(
-                    str(user.id), access_token_expire_time, role_ids=user_role_ids, multi_login=user.is_multi_login
+                    str(user.id), access_token_expire_time, multi_login=user.is_multi_login
                 )
             except errors.NotFoundError as e:
                 raise errors.NotFoundError(msg=e.msg)
@@ -92,15 +87,15 @@ async def login(self, *, request: Request, obj: Auth, background_tasks: Backgrou
 
     @staticmethod
     async def new_token(*, refresh_token: str) -> tuple[str, datetime]:
-        user_id, role_ids = await jwt.jwt_decode(refresh_token)
+        user_id = await jwt.jwt_decode(refresh_token)
         async with async_db_session() as db:
             current_user = await UserDao.get(db, user_id)
             if not current_user:
                 raise errors.NotFoundError(msg='用户不存在')
             elif not current_user.is_active:
                 raise errors.AuthorizationError(msg='用户已锁定, 获取失败')
             access_new_token, access_new_token_expire_time = await jwt.create_new_token(
-                str(current_user.id), refresh_token, role_ids=role_ids, multi_login=current_user.is_multi_login
+                str(current_user.id), refresh_token, multi_login=current_user.is_multi_login
             )
             return access_new_token, access_new_token_expire_time
 

backend/app/services/user_service.py

@@ -126,7 +126,7 @@ async def update_multi_login(*, request: Request, pk: int) -> int:
             else:
                 count = await UserDao.set_multi_login(db, pk)
                 token = await get_token(request)
-                user_id, role_ids = await jwt_decode(token)
+                user_id = await jwt_decode(token)
                 latest_multi_login = await UserDao.get_multi_login(db, pk)
                 # TODO: 删除用户 refresh token, 此操作需要传参，暂时不考虑实现
                 # 当前用户修改自身时（普通/超级），除当前token外，其他token失效