fix: 踢出用户时清除所有 session，确保旧 token 立即失效

- kickOfflineByUserDeviceLogic: 管理员踢设备后新增 clearAllSessions，之前只清单个 WebSocket session，用户可用旧 token 继续访问 - unbindDeviceLogic: 家庭成员被踢时增加踢设备+清 session；补全 session detail key 清理 Co-Authored-By: claude-flow <ruv@ruv.net>
2026-03-12 02:19:35 -07:00 · 2026-03-12 02:19:35 -07:00 · 384c8df506
commit 384c8df506
parent 9b6efe2901
2 changed files with 59 additions and 1 deletions
--- a/internal/logic/admin/user/kickOfflineByUserDeviceLogic.go
+++ b/internal/logic/admin/user/kickOfflineByUserDeviceLogic.go
@ -2,7 +2,9 @@ package user

 import (
 	"context"
+	"fmt"

+	"github.com/perfect-panel/server/internal/config"
 	"github.com/perfect-panel/server/internal/svc"
 	"github.com/perfect-panel/server/internal/types"
 	"github.com/perfect-panel/server/pkg/logger"
@ -38,5 +40,47 @@ func (l *KickOfflineByUserDeviceLogic) KickOfflineByUserDevice(req *types.KickOf
 		return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update Device error: %v", err.Error())
 	}

+	// 清除该用户的所有会话，确保旧 token 失效
+	l.clearAllSessions(device.UserId)
+
 	return nil
 }
+
+// clearAllSessions 清除指定用户的所有会话
+func (l *KickOfflineByUserDeviceLogic) clearAllSessions(userId int64) {
+	sessionsKey := fmt.Sprintf("%s%v", config.UserSessionsKeyPrefix, userId)
+	sessions, err := l.svcCtx.Redis.ZRange(l.ctx, sessionsKey, 0, -1).Result()
+	if err != nil {
+		l.Errorw("获取用户会话列表失败",
+			logger.Field("user_id", userId),
+			logger.Field("error", err.Error()),
+		)
+		return
+	}
+
+	if len(sessions) == 0 {
+		return
+	}
+
+	pipe := l.svcCtx.Redis.TxPipeline()
+	for _, sessionID := range sessions {
+		if sessionID == "" {
+			continue
+		}
+		pipe.Del(l.ctx, fmt.Sprintf("%v:%v", config.SessionIdKey, sessionID))
+		pipe.Del(l.ctx, fmt.Sprintf("%s:detail:%s", config.SessionIdKey, sessionID))
+	}
+	pipe.Del(l.ctx, sessionsKey)
+
+	if _, err = pipe.Exec(l.ctx); err != nil {
+		l.Errorw("清理会话缓存失败",
+			logger.Field("user_id", userId),
+			logger.Field("error", err.Error()),
+		)
+	}
+
+	l.Infow("[KickOffline] 管理员踢设备-清除所有Session",
+		logger.Field("user_id", userId),
+		logger.Field("count", len(sessions)),
+	)
+}
--- a/internal/logic/public/user/unbindDeviceLogic.go
+++ b/internal/logic/public/user/unbindDeviceLogic.go
@ -208,7 +208,7 @@ func (l *UnbindDeviceLogic) logoutUnbind(userInfo *user.User, device *user.Devic
 	// 7. 清除该用户所有 session（旧 token 全部失效）
 	l.clearAllSessions(userInfo.Id)

-	// 8. 清理受影响的家庭成员缓存（家庭解散/转移后成员需感知变化）
+	// 8. 清理受影响的家庭成员缓存 + 踢设备 + 清 session
 	for _, memberID := range familyMemberIDs {
 		if memberUser, findErr := l.svcCtx.UserModel.FindOne(l.ctx, memberID); findErr == nil {
 			if clearErr := l.svcCtx.UserModel.ClearUserCache(l.ctx, memberUser); clearErr != nil {
@ -218,6 +218,19 @@ func (l *UnbindDeviceLogic) logoutUnbind(userInfo *user.User, device *user.Devic
 				)
 			}
 		}
+
+		// 踢该成员的所有在线设备
+		var memberDevices []user.Device
+		l.svcCtx.DB.WithContext(l.ctx).
+			Model(&user.Device{}).
+			Where("user_id = ?", memberID).
+			Find(&memberDevices)
+		for _, d := range memberDevices {
+			l.svcCtx.DeviceManager.KickDevice(d.UserId, d.Identifier)
+		}
+
+		// 清除该成员所有 session，确保旧 token 失效
+		l.clearAllSessions(memberID)
 	}

 	return nil
@ -268,6 +281,7 @@ func (l *UnbindDeviceLogic) clearAllSessions(userId int64) {
 			continue
 		}
 		pipe.Del(l.ctx, fmt.Sprintf("%v:%v", config.SessionIdKey, sessionID))
+		pipe.Del(l.ctx, fmt.Sprintf("%s:detail:%s", config.SessionIdKey, sessionID))
 	}
 	pipe.Del(l.ctx, sessionsKey)