perf: logout open tabs

Author: wkylin

.gitignore

@@ -26,3 +26,5 @@ storybook-static
 /dist-vite
 /dist-vite-zip
 /dist-zip
+/playwright-report
+/test-results

package.json

@@ -75,6 +75,7 @@
     "test:coverage": "jest --coverage",
     "test:e2e": "playwright test --config=playwright.config.ts",
     "test:watch": "jest --watch",
+    "test:report": "npx playwright show-report",
     "update:yarn": "yarn upgrade --latest",
     "update:npm": "ncu -u && npm install",
     "lint:fix": "npm run eslint:fix && npm run stylelint:fix && npm run prettier:fix",

src/pages/layout/proContent/index.jsx

@@ -45,7 +45,7 @@ const ProContent = () => {
     })
     setTabActiveKey(tabKey)
     // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [pathname, search, panes, activeKey])
+  }, [pathname, search])
 
   return (
     <Layout className={styles.layout} id="fullScreen">

src/pages/layout/proHeader/index.jsx

@@ -94,9 +94,11 @@ const ProHeader = ({ layout, onSettingClick, children, isMobile, onMobileMenuCli
   const { isAuthenticated, user, isLoading } = useAuth()
 
   const handleLogout = () => {
+    try {
+      // 兼容“测试账号登录”(仅 token) 的登出路径，确保权限缓存被清理
+      permissionService.logoutCleanup()
+    } catch (e) {}
     authService.logout()
-    removeLocalStorage('token')
-    redirectTo('/signin')
   }
 
   const tokenValue = getLocalStorage('token')?.token || 'wkylin.w'
@@ -139,6 +141,10 @@ const ProHeader = ({ layout, onSettingClick, children, isMobile, onMobileMenuCli
         if (isAuthenticated && user) {
           authService.logout()
         } else {
+          try {
+            // 测试账号登录不会进入 authService 的“已登录态”，这里也要清理权限缓存
+            permissionService.logoutCleanup()
+          } catch (e) {}
           removeLocalStorage('token')
           redirectTo('/signin')
         }
@@ -340,7 +346,7 @@ const ProHeader = ({ layout, onSettingClick, children, isMobile, onMobileMenuCli
           )}
           <Dropdown arrow menu={{ items }} trigger={['click']}>
             {isAuthenticated && user ? (
-              <Avatar src={user.avatar_url} />
+              <Avatar src={user.avatar_url || undefined} icon={<UserOutlined style={{ fontSize: 16 }} />} />
             ) : (
               <Button
                 icon={<UserOutlined style={{ fontSize: 16 }} />}

src/pages/layout/proTabs/index.jsx

@@ -5,7 +5,6 @@ import { Tabs, Dropdown, Space, theme, Button } from 'antd'
 import StickyBox from 'react-sticky-box'
 import { SyncOutlined, FireOutlined, DownOutlined } from '@ant-design/icons'
 import ErrorBoundary from '@/components/ErrorBoundary'
-import { nanoid } from 'nanoid'
 import { useTranslation } from 'react-i18next'
 import { useProTabContext } from '@app-hooks/proTabsContext'
 import Loading from '@src/components/stateless/Loading'
@@ -30,12 +29,7 @@ const ProTabs = (props) => {
 
   const renderTabBar = (props, DefaultTabBar) => (
     <StickyBox offsetTop={0} style={{ zIndex: 10 }}>
-      <DefaultTabBar
-        key={nanoid()}
-        {...props}
-        className="pro-tabs"
-        style={{ ...props.style, backgroundColor: colorBgContainer }}
-      />
+      <DefaultTabBar {...props} className="pro-tabs" style={{ ...props.style, backgroundColor: colorBgContainer }} />
     </StickyBox>
   )
 
@@ -89,7 +83,7 @@ const ProTabs = (props) => {
   }
 
   const onTabScroll = ({ direction }) => {
-    console.log('direction', direction)
+    // no-op: avoid logging on scroll (can cause jank)
   }
 
   const onEdit = (targetKey, action) => {

src/pages/signin/index.jsx

@@ -96,9 +96,9 @@ const SignIn = () => {
       console.warn('清除手动设置角色失败:', e)
     }
 
-    // 同步权限
+    // 纳入统一登录态（测试账号也算已登录），并同步权限
     try {
-      await permissionService.syncPermissions()
+      await authService.setTestAccountAuthenticated(email)
       const routes = await permissionService.getAccessibleRoutes(true)
 
       message.success(`登录成功！欢迎 ${testAccounts[email].name}`)

src/service/authService.ts

@@ -33,6 +33,23 @@ interface GitHubEmailResponse {
   visibility: string | null
 }
 
+function isLikelyEmail(value: string): boolean {
+  return /^\S+@\S+\.\S+$/.test(value)
+}
+
+function buildTestAccountUser(email: string): GitHubUser {
+  // 用于“测试账号登录”展示；不代表真实 GitHub 用户
+  const login = email
+  return {
+    id: 0,
+    login,
+    name: login,
+    email,
+    avatar_url: '',
+    html_url: '',
+  }
+}
+
 // ✅ 修复 2: parseGitHubUser - 正确的类型守卫
 function parseGitHubUser(jsonLike: unknown): GitHubUser | null {
   if (typeof jsonLike !== 'string') return null
@@ -121,6 +138,19 @@ class AuthService {
           isAuthenticated: true,
           isLoading: false,
         }
+        return
+      }
+
+      // 兼容“测试账号登录”：localStorage.token = { token: email }
+      const testTokenData = localStorage.getItem('token')
+      const testToken = parseToken(testTokenData)
+      if (testToken && isLikelyEmail(testToken)) {
+        this.authState = {
+          token: testToken,
+          user: buildTestAccountUser(testToken),
+          isAuthenticated: true,
+          isLoading: false,
+        }
       }
     } catch (error) {
       logger.error('Failed to load auth state from storage:', error)
@@ -185,6 +215,37 @@ class AuthService {
     return new Promise((resolve) => setTimeout(resolve, 100))
   }
 
+  /**
+   * 测试账号登录：将 demo 登录态也纳入 authService（避免 Header/菜单逻辑分裂）。
+   * - 不写入 github_token/github_user，仅依赖 localStorage.token
+   */
+  async setTestAccountAuthenticated(email: string): Promise<void> {
+    this.authState = {
+      user: buildTestAccountUser(email),
+      token: email,
+      isAuthenticated: true,
+      isLoading: false,
+    }
+
+    // 避免残留 GitHub 登录态影响鉴权逻辑
+    try {
+      localStorage.removeItem('github_token')
+      localStorage.removeItem('github_user')
+    } catch (e) {
+      // ignore
+    }
+
+    this.notifyListeners()
+
+    try {
+      await permissionService.syncPermissions()
+    } catch (e) {
+      logger.warn('同步权限失败:', e)
+    }
+
+    return new Promise((resolve) => setTimeout(resolve, 100))
+  }
+
   setLoading(isLoading: boolean): Promise<void> {
     return new Promise((resolve) => {
       this.authState.isLoading = isLoading
@@ -305,17 +366,15 @@ class AuthService {
       isAuthenticated: false,
       isLoading: false,
     }
-    // 清除权限缓存，确保下次登录时重新获取并刷新菜单
+    // 登出时清理权限相关缓存与覆盖，避免下次登录残留旧权限
     try {
-      permissionService.clearCache()
+      permissionService.logoutCleanup()
     } catch (e) {
-      logger.warn('清除权限缓存失败:', e)
+      logger.warn('清除权限相关缓存失败:', e)
     }
-    // 清除所有相关的 localStorage 键
+
+    // 清除所有相关的 localStorage 键（token 等）
     try {
-      localStorage.removeItem('user_permissions')
-      localStorage.removeItem('user_role')
-      localStorage.removeItem('permissions_fetch_time')
       localStorage.removeItem('token') // 测试账号登录的 token
       localStorage.removeItem('github_token') // GitHub OAuth token
       localStorage.removeItem('github_user') // GitHub user info
@@ -326,7 +385,7 @@ class AuthService {
     this.notifyListeners()
     // SPA 跳转到登录页
     if (typeof window !== 'undefined') {
-      window.location.href = '/signin'
+      window.location.href = '#/signin'
     }
   }
 

src/service/permissionService.ts

@@ -14,11 +14,74 @@ class PermissionService {
   private readonly cacheExpireTime: number = 30 * 60 * 1000 // 30分钟
   private lastFetchTime: number = 0
 
+  private readonly STORAGE_KEYS = {
+    PERMISSIONS: 'user_permissions',
+    FETCH_TIME: 'permissions_fetch_time',
+    AUTH_KEY: 'permissions_auth_key',
+    // 用于开发/演示的本地覆盖（不应污染真实登录态）
+    ROLE_OVERRIDE: 'user_role',
+    FORCE_DEMO_SWITCH: 'force_demo_switch',
+  } as const
+
   private constructor() {
     // 从 localStorage 恢复权限信息
     this.loadFromStorage()
   }
 
+  /**
+   * 当前登录身份指纹（用于避免“切换账号/登出后仍复用旧权限缓存”）
+   * - 测试账号：localStorage.token = { token: email }
+   * - GitHub OAuth：github_user / github_token
+   * - 开发覆盖：user_role（会影响 mock 权限计算）
+   */
+  private getCurrentAuthKey(): string {
+    const safeRead = (key: string) => {
+      try {
+        return localStorage.getItem(key) || ''
+      } catch {
+        return ''
+      }
+    }
+
+    const roleOverride = safeRead(this.STORAGE_KEYS.ROLE_OVERRIDE)
+
+    const githubUser = safeRead('github_user')
+    const githubToken = safeRead('github_token')
+    if (githubUser) {
+      try {
+        const obj = JSON.parse(githubUser)
+        const email = obj?.email || ''
+        const login = obj?.login || ''
+        const id = obj?.id || ''
+        return `github:${email || login || id}${roleOverride ? `|role:${roleOverride}` : ''}`
+      } catch {
+        return `github:${githubUser}${roleOverride ? `|role:${roleOverride}` : ''}`
+      }
+    }
+    if (githubToken) {
+      return `githubToken:${githubToken}${roleOverride ? `|role:${roleOverride}` : ''}`
+    }
+
+    // 测试账号 token
+    const rawToken = safeRead('token')
+    if (rawToken) {
+      try {
+        const obj = JSON.parse(rawToken)
+        const token = obj?.token || rawToken
+        return `token:${token}${roleOverride ? `|role:${roleOverride}` : ''}`
+      } catch {
+        return `token:${rawToken}${roleOverride ? `|role:${roleOverride}` : ''}`
+      }
+    }
+
+    // 未登录但存在 roleOverride 的情况（演示页）
+    if (roleOverride) {
+      return `anonymous|role:${roleOverride}`
+    }
+
+    return 'anonymous'
+  }
+
   static getInstance(): PermissionService {
     if (!PermissionService.instance) {
       PermissionService.instance = new PermissionService()
@@ -31,8 +94,22 @@ class PermissionService {
    */
   private loadFromStorage(): void {
     try {
-      const stored = localStorage.getItem('user_permissions')
-      const lastFetch = localStorage.getItem('permissions_fetch_time')
+      const stored = localStorage.getItem(this.STORAGE_KEYS.PERMISSIONS)
+      const lastFetch = localStorage.getItem(this.STORAGE_KEYS.FETCH_TIME)
+      const storedAuthKey = localStorage.getItem(this.STORAGE_KEYS.AUTH_KEY)
+      const currentAuthKey = this.getCurrentAuthKey()
+
+      // 如果登录身份发生变化，直接丢弃旧缓存，避免残留旧权限
+      if (storedAuthKey && storedAuthKey !== currentAuthKey) {
+        this.clearCache()
+        return
+      }
+
+      // 兼容旧版本：若存在权限缓存但没有 authKey，视为不可信，直接丢弃
+      if (!storedAuthKey && stored) {
+        this.clearCache()
+        return
+      }
 
       if (stored && lastFetch) {
         this.userPermissions = JSON.parse(stored)
@@ -55,8 +132,9 @@ class PermissionService {
    */
   private saveToStorage(permissions: UserPermission): void {
     try {
-      localStorage.setItem('user_permissions', JSON.stringify(permissions))
-      localStorage.setItem('permissions_fetch_time', Date.now().toString())
+      localStorage.setItem(this.STORAGE_KEYS.PERMISSIONS, JSON.stringify(permissions))
+      localStorage.setItem(this.STORAGE_KEYS.FETCH_TIME, Date.now().toString())
+      localStorage.setItem(this.STORAGE_KEYS.AUTH_KEY, this.getCurrentAuthKey())
       this.userPermissions = permissions
       this.lastFetchTime = Date.now()
     } catch (error) {
@@ -70,8 +148,23 @@ class PermissionService {
   clearCache(): void {
     this.userPermissions = null
     this.lastFetchTime = 0
-    localStorage.removeItem('user_permissions')
-    localStorage.removeItem('permissions_fetch_time')
+    localStorage.removeItem(this.STORAGE_KEYS.PERMISSIONS)
+    localStorage.removeItem(this.STORAGE_KEYS.FETCH_TIME)
+    localStorage.removeItem(this.STORAGE_KEYS.AUTH_KEY)
+  }
+
+  /**
+   * 登出时清理（仅清理“权限相关”本地状态，不直接清理 token）
+   * - 解决：登录/登出或 401 跳转时权限缓存残留，导致下个账号复用旧权限
+   */
+  logoutCleanup(): void {
+    this.clearCache()
+    try {
+      localStorage.removeItem(this.STORAGE_KEYS.ROLE_OVERRIDE)
+      localStorage.removeItem(this.STORAGE_KEYS.FORCE_DEMO_SWITCH)
+    } catch (e) {
+      console.warn('清理权限相关本地覆盖失败:', e)
+    }
   }
 
   /**
@@ -80,6 +173,18 @@ class PermissionService {
    * @param userId 用户ID（可选，用于获取特定用户的权限）
    */
   async getPermissions(forceRefresh: boolean = false, userId?: string): Promise<UserPermission> {
+    // 若登录身份发生变化，强制清理旧缓存并重新获取
+    try {
+      const storedAuthKey = localStorage.getItem(this.STORAGE_KEYS.AUTH_KEY)
+      const currentAuthKey = this.getCurrentAuthKey()
+      if (storedAuthKey && storedAuthKey !== currentAuthKey) {
+        this.clearCache()
+        forceRefresh = true
+      }
+    } catch {
+      // ignore
+    }
+
     // 如果强制刷新或缓存过期，重新获取
     const now = Date.now()
     const isExpired = now - this.lastFetchTime > this.cacheExpireTime

src/service/request.js

@@ -273,6 +273,17 @@ axiosInstance.interceptors.request.use(
 // 处理未授权
 function handleUnauthorized(message) {
   // authService.logout() // 移除以避免循环依赖
+  // 清理权限缓存与开发覆盖，避免跳转登录后仍沿用旧权限
+  try {
+    localStorage.removeItem('user_permissions')
+    localStorage.removeItem('permissions_fetch_time')
+    localStorage.removeItem('permissions_auth_key')
+    localStorage.removeItem('user_role')
+    localStorage.removeItem('force_demo_switch')
+  } catch (e) {
+    // ignore
+  }
+
   localStorage.removeItem('token')
   localStorage.removeItem('github_token')
   localStorage.removeItem('github_user')