From 6236ff3632609fb0b8633494a5adb7a5b0212fb4 Mon Sep 17 00:00:00 2001
From: hailin <hailin.zhao@gdzx.xyz>
Date: Sat, 7 Mar 2026 08:06:37 -0800
Subject: [PATCH] =?UTF-8?q?fix(auth):=20=E5=B0=86=20JWT=20access=20token?=
 =?UTF-8?q?=20=E6=9C=89=E6=95=88=E6=9C=9F=E4=BB=8E=2015m=20=E6=94=B9?=
 =?UTF-8?q?=E4=B8=BA=2024h?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

上传大文件（如 53.7MB APK/IPA）时，若 access token 在上传过程中
到期，服务端返回 401，导致前端被迫重传整个文件（极差 UX）。
实际业务场景下 15m 过短，统一改为 24h。

涉及文件：
- backend/services/auth-service/src/application/services/token.service.ts
- backend/services/auth-service/src/auth.module.ts
- backend/services/auth-service/.env.example
- backend/.env.example
- backend/docker-compose.yml（两处）
- backend/deploy.sh
- frontend/admin-web/src/views/compliance/IpoReadinessPage.tsx（移除废弃 insuranceData）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 backend/.env.example                                          | 2 +-
 backend/deploy.sh                                             | 2 +-
 backend/docker-compose.yml                                    | 4 ++--
 backend/services/auth-service/.env.example                    | 2 +-
 .../auth-service/src/application/services/token.service.ts    | 2 +-
 backend/services/auth-service/src/auth.module.ts              | 2 +-
 frontend/admin-web/src/views/compliance/IpoReadinessPage.tsx  | 1 -
 7 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/backend/.env.example b/backend/.env.example
index a042f6d..b6694fa 100644
--- a/backend/.env.example
+++ b/backend/.env.example
@@ -20,7 +20,7 @@ KAFKA_BROKERS=kafka:9092
 
 # --- JWT ---
 JWT_ACCESS_SECRET=dev-access-secret-change-in-production
-JWT_ACCESS_EXPIRY=15m
+JWT_ACCESS_EXPIRY=24h
 JWT_REFRESH_SECRET=dev-refresh-secret-change-in-production
 JWT_REFRESH_EXPIRY=7d
 
diff --git a/backend/deploy.sh b/backend/deploy.sh
index a1612e4..5aae81c 100644
--- a/backend/deploy.sh
+++ b/backend/deploy.sh
@@ -144,7 +144,7 @@ KAFKA_BROKERS=kafka:9092
 
 # JWT
 JWT_ACCESS_SECRET=${JWT_ACCESS}
-JWT_ACCESS_EXPIRY=15m
+JWT_ACCESS_EXPIRY=24h
 JWT_REFRESH_SECRET=${JWT_REFRESH}
 JWT_REFRESH_EXPIRY=7d
 
diff --git a/backend/docker-compose.yml b/backend/docker-compose.yml
index 450d3b0..23bf736 100644
--- a/backend/docker-compose.yml
+++ b/backend/docker-compose.yml
@@ -177,7 +177,7 @@ services:
       - REDIS_PORT=6379
       - KAFKA_BROKERS=kafka:9092
       - JWT_ACCESS_SECRET=dev-access-secret-change-in-production
-      - JWT_ACCESS_EXPIRY=15m
+      - JWT_ACCESS_EXPIRY=24h
       - JWT_REFRESH_SECRET=dev-refresh-secret-change-in-production
       - JWT_REFRESH_EXPIRY=7d
     depends_on:
@@ -494,7 +494,7 @@ services:
       - REDIS_PORT=6379
       - KAFKA_BROKERS=kafka:9092
       - JWT_ACCESS_SECRET=dev-access-secret-change-in-production
-      - JWT_ACCESS_EXPIRY=15m
+      - JWT_ACCESS_EXPIRY=24h
       - JWT_REFRESH_SECRET=dev-refresh-secret-change-in-production
       - JWT_REFRESH_EXPIRY=7d
       - SMS_ENABLED=${SMS_ENABLED:-false}
diff --git a/backend/services/auth-service/.env.example b/backend/services/auth-service/.env.example
index ad225eb..bcb5b75 100644
--- a/backend/services/auth-service/.env.example
+++ b/backend/services/auth-service/.env.example
@@ -11,7 +11,7 @@ REDIS_PORT=6379
 
 # ── JWT ──
 JWT_ACCESS_SECRET=dev-access-secret-change-in-production
-JWT_ACCESS_EXPIRY=15m
+JWT_ACCESS_EXPIRY=24h
 JWT_REFRESH_SECRET=dev-refresh-secret-change-in-production
 JWT_REFRESH_EXPIRY=7d
 
diff --git a/backend/services/auth-service/src/application/services/token.service.ts b/backend/services/auth-service/src/application/services/token.service.ts
index 4336856..1a61ecf 100644
--- a/backend/services/auth-service/src/application/services/token.service.ts
+++ b/backend/services/auth-service/src/application/services/token.service.ts
@@ -24,7 +24,7 @@ export class TokenService {
   ) {
     this.accessSecret = process.env.JWT_ACCESS_SECRET || 'dev-access-secret';
     this.refreshSecret = process.env.JWT_REFRESH_SECRET || 'dev-refresh-secret';
-    this.accessExpiry = process.env.JWT_ACCESS_EXPIRY || '15m';
+    this.accessExpiry = process.env.JWT_ACCESS_EXPIRY || '24h';
     this.refreshExpiry = process.env.JWT_REFRESH_EXPIRY || '7d';
   }
 
diff --git a/backend/services/auth-service/src/auth.module.ts b/backend/services/auth-service/src/auth.module.ts
index f9ae80f..5c10b38 100644
--- a/backend/services/auth-service/src/auth.module.ts
+++ b/backend/services/auth-service/src/auth.module.ts
@@ -77,7 +77,7 @@ import { AdminSmsController } from './interface/http/controllers/admin-sms.contr
     PassportModule.register({ defaultStrategy: 'jwt' }),
     JwtModule.register({
       secret: process.env.JWT_ACCESS_SECRET || 'dev-access-secret',
-      signOptions: { expiresIn: process.env.JWT_ACCESS_EXPIRY || '15m' },
+      signOptions: { expiresIn: process.env.JWT_ACCESS_EXPIRY || '24h' },
     }),
   ],
   controllers: [AuthController, AdminSmsController],
diff --git a/frontend/admin-web/src/views/compliance/IpoReadinessPage.tsx b/frontend/admin-web/src/views/compliance/IpoReadinessPage.tsx
index 6560de4..016e921 100644
--- a/frontend/admin-web/src/views/compliance/IpoReadinessPage.tsx
+++ b/frontend/admin-web/src/views/compliance/IpoReadinessPage.tsx
@@ -48,7 +48,6 @@ const statusConfig: Record<string, { label: () => string; bg: string; fg: string
 
 export const IpoReadinessPage: React.FC = () => {
   const { data: ipoData, isLoading, error } = useApi<IpoData>('/api/v1/admin/compliance/reports');
-  const { data: insuranceData } = useApi<{ ipoReadiness: number }>('/api/v1/admin/insurance/stats');
 
   if (error) return <div style={loadingBox}>Error: {error.message}</div>;
   if (isLoading) return <div style={loadingBox}>Loading...</div>;