1

api/service/biz_token_logic.js

@@ -13,6 +13,13 @@ function generatePlainToken() {
   return `waw_${crypto.randomBytes(24).toString("hex")}`;
 }
 
+/** 默认 Token 过期时间：一年后当日 23:59:59 */
+function defaultTokenExpireAt() {
+  const d = new Date();
+  d.setFullYear(d.getFullYear() + 1);
+  return `${d.getFullYear()}-${String(d.getMonth() + 1).padStart(2, "0")}-${String(d.getDate()).padStart(2, "0")} 23:59:59`;
+}
+
 /** 当前时间在 [start,end] 内且 status=active 的订阅 */
 async function findActiveSubscriptionForUser(userId) {
   const now = new Date();
@@ -72,6 +79,39 @@ async function revokeToken(body) {
   return row;
 }
 
+/**
+ * 保留同一条 Token 记录，仅更换密钥（旧明文立即失效）
+ */
+async function regenerateToken(body) {
+  const id = body.id;
+  if (id == null) throw new Error("缺少 id");
+  const row = await baseModel.biz_api_token.findByPk(id);
+  if (!row) throw new Error("Token 不存在");
+  if (row.status !== "active") throw new Error("仅可对状态为 active 的 Token 重新生成密钥");
+
+  const u = await baseModel.biz_user.findByPk(row.user_id);
+  if (!u) throw new Error("用户不存在");
+  if (u.status !== "active") throw new Error("用户已禁用，无法轮换密钥");
+
+  const sub = await findActiveSubscriptionForUser(row.user_id);
+  const plan_id = sub ? sub.plan_id : null;
+
+  const plain = generatePlainToken();
+  const token_hash = hashPlainToken(plain);
+
+  await row.update({
+    token_hash,
+    plan_id,
+  });
+  await row.reload();
+
+  return {
+    row,
+    plain_token: plain,
+    warn: sub ? null : "当前无生效中的订阅，鉴权将失败",
+  };
+}
+
 async function revokeAllForUser(userId) {
   if (userId == null) throw new Error("缺少 user_id");
   const [n] = await baseModel.biz_api_token.update(
@@ -84,8 +124,10 @@ async function revokeAllForUser(userId) {
 module.exports = {
   hashPlainToken,
   createToken,
+  regenerateToken,
   revokeToken,
   revokeAllForUser,
   findActiveSubscriptionForUser,
+  defaultTokenExpireAt,
   MAX_TOKENS_PER_USER,
 };