You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
若要兼顾集群与即时吊销,更彻底的做法是 DB / Redis 支持的 denylist(存 jti + 过期时间,ParseToken 里查),而不是删掉吊销;
顺手清理空操作存根、死分支和同义反复的测试。
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
JWT 本身支持无状态验证, 感觉 MemCache 有点多余了; 集群所有实例使用同一个 JWT_SECRET 并使用共享数据库;退出登录、踢设备、密码变更等失效能力现在主要依赖共享的 device session 表和 PwdTS, 这样就支持集群及 lambda 等 serverless 部署了, 爽歪歪