From 80d2549316c6129ed23168c44ae237485e60aafb Mon Sep 17 00:00:00 2001
From: jsasg <735273025@qq.com>
Date: Tue, 15 Jul 2025 14:45:16 +0800
Subject: [PATCH] =?UTF-8?q?perf:=20openapi=20token=E6=9C=89=E6=95=88?=
 =?UTF-8?q?=E6=9C=9F=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .example.env                            | 2 ++
 app/openapi/controller/v1/Authorize.php | 5 ++++-
 app/openapi/middleware/Auth.php         | 5 ++++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/.example.env b/.example.env
index 9f004047..b96002f5 100644
--- a/.example.env
+++ b/.example.env
@@ -42,6 +42,8 @@ MAX_ATTACHMENT_SIZE = 100mb # 附件上传最大限制
 
 # 开放API
 [OPENAPI]
+ACCESS_TOKEN_LIFETIME = 3600 # 访问令牌有效期
+REFRESH_TOKEN_LIFETIME = 1209600 # 刷新令牌有效期
 RESOURCE_IMAGES_DOMAIN = http://local.orico.com; # 图片资源服务器地址
 RESOURCE_VIDEOS_DOMAIN = http://local.orico.com; # 视频资源服务器地址
 
diff --git a/app/openapi/controller/v1/Authorize.php b/app/openapi/controller/v1/Authorize.php
index 13bd8c02..262273c8 100644
--- a/app/openapi/controller/v1/Authorize.php
+++ b/app/openapi/controller/v1/Authorize.php
@@ -25,7 +25,10 @@ class Authorize
             $server  = request()->server();
             $request = new Request([], $post, [], [], [], $server);
             $storage = new OAuthStorage;
-            $oauth   = new OAuth2($storage);
+            $oauth   = new OAuth2($storage, [
+                'access_token_lifetime'  => env('OPENAPI.ACCESS_TOKEN_LIFETIME', 3600),
+                'refresh_token_lifetime' => env('OPENAPI.REFRESH_TOKEN_LIFETIME', 1209600),
+            ]);
             $token   = $oauth->grantAccessToken($request);
             return success('success', json_decode($token->getContent(), true));
         } catch (OAuth2ServerException $e) {
diff --git a/app/openapi/middleware/Auth.php b/app/openapi/middleware/Auth.php
index 5df2c101..5b439684 100644
--- a/app/openapi/middleware/Auth.php
+++ b/app/openapi/middleware/Auth.php
@@ -19,7 +19,10 @@ class Auth
     public function handle($request, \Closure $next)
     {
         try {
-            $oauth = new OAuth2(new OAuthStorage);
+            $oauth = new OAuth2(new OAuthStorage, [
+                'access_token_lifetime'  => env('OPENAPI.ACCESS_TOKEN_LIFETIME', 3600),
+                'refresh_token_lifetime' => env('OPENAPI.REFRESH_TOKEN_LIFETIME', 1209600),
+            ]);
             $token = $oauth->getBearerToken();
             $oauth->verifyAccessToken($token);
         } catch (OAuth2ServerException $e) {