Skip to content

feat(projects): clear tabs cache when switching users. #744

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 30, 2025
Merged

feat(projects): clear tabs cache when switching users. #744

merged 1 commit into from
Apr 30, 2025

Conversation

Azir-11
Copy link
Member

@Azir-11 Azir-11 commented Apr 28, 2025

修复用户切换登录时未清理缓存标签页的问题

本PR解决了不同用户之间登录可能看到彼此标签页内容的安全隐患。通过在用户登出时记录当前用户ID,并在下次登录时比较用户ID是否变更,如果发现不同用户登录则自动清理所有标签页缓存。

具体实现

  1. 添加recordUserId函数,用于在用户退出登录时记录当前用户ID到本地存储
  2. 添加checkTabClear函数,在用户登录成功后检查是否与上次登录用户一致
  3. 当检测到不同用户登录时,调用tabStore.clearTabs()清理所有非固定标签页

解决的问题

之前系统会在用户退出登录时缓存标签页状态,但没有考虑到用户切换的情况,可能导致新用户看到上一个用户的标签页内容,存在潜在的信息泄露风险。本修复确保了不同用户间的标签页数据隔离。

Closes #721

@honghuangdc
Copy link
Member

实现方式可以直接 缓存 globalTabs时存储用户id Record<string, GlobalTab[]>,没有用户id,就用一个固定的key

@Azir-11
Copy link
Member Author

Azir-11 commented Apr 30, 2025

实现方式可以直接 缓存 globalTabs时存储用户id Record<string, GlobalTab[]>,没有用户id,就用一个固定的key

目前的做法是更解耦一点的,可以理解为支持判断上下是否为同一个用户,如果是则联动处理tab的clear,如果往globalTabs里放就强耦合了,后续的扩展和修改起来都会比较麻烦,如果开发者需要修改关于tab的逻辑(比如根据角色配置固定的标签页集),还需要自行处理用户id相关逻辑,会提升不必要的心智负担,增加管理和维护的复杂度

所以综合下来我觉得,还是让globalTabs的职责继续保持单一会更好一点,不应让用户和tab模块强耦合

@honghuangdc honghuangdc merged commit 1ff4d82 into soybeanjs:main Apr 30, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[功能]: tabStore init支持校验用户id,判断是否恢复cache的tabs
2 participants
@Azir-11 @honghuangdc