refactor: 重构 SSO 登录流程，改进错误处理和状态管理

src/app/api/auth/q58/route.ts

@@ -10,11 +10,11 @@ const discourseHost = process.env.DISCOURSE_HOST as string;
 const clientSecret = process.env.DISCOURSE_SECRET as string;
 
 export async function POST(req: Request) {
+  try {
     const nonce = WordArray.random(16).toString();
 
     // 尝试从请求体中获取 OAuth 参数
     let oauthParams = "";
-  try {
     const body = await req.json();
     if (body.oauth_params) {
       oauthParams = body.oauth_params;
@@ -22,11 +22,10 @@ export async function POST(req: Request) {
       cookies().set("oauth_params", oauthParams, {
         maxAge: 60 * 10, // 10分钟过期
         path: "/",
+        httpOnly: true,
+        secure: process.env.NODE_ENV === "production",
       });
     }
-  } catch (error) {
-    console.error("Failed to parse request body:", error);
-  }
 
     // 设置回调地址
     const return_url = oauthParams
@@ -41,8 +40,19 @@ export async function POST(req: Request) {
     const sso = btoa(ssoParams.toString());
     const sig = hmacSHA256(sso, clientSecret).toString(Hex);
 
-  cookies().set(AUTH_NONCE, nonce, { maxAge: 60 * 10 });
+    // 保存 nonce 到 cookie
+    cookies().set(AUTH_NONCE, nonce, {
+      maxAge: 60 * 10,
+      path: "/",
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+    });
+
     return Response.json({
       sso_url: `${discourseHost}/session/sso_provider?sso=${sso}&sig=${sig}`,
     });
+  } catch (error) {
+    console.error("SSO 处理错误:", error);
+    return Response.json({ error: "处理登录请求时发生错误" }, { status: 500 });
+  }
 }

src/components/auth/user-auth-form.tsx

@@ -21,30 +21,17 @@ export function UserAuthForm({
   const { toast } = useToast();
   const searchParams = useSearchParams();
 
-  // 在组件挂载时保存 OAuth 参数
+  const signIn = async () => {
-  React.useEffect(() => {
+    if (isLoading) return;
-    if (searchParams?.toString()) {
-      localStorage.setItem("oauth_params", searchParams.toString());
-    }
-  }, [searchParams]);
 
-  const signIn = () => {
-    React.startTransition(async () => {
-      try {
     setIsLoading(true);
+    try {
       // 构建请求体，包含 OAuth 参数
       const body: Record<string, any> = {};
-        // 优先使用 URL 中的参数
+      const currentParams = searchParams?.toString();
-        if (searchParams?.toString()) {
+
-          body.oauth_params = searchParams.toString();
+      if (currentParams) {
-        } else {
+        body.oauth_params = currentParams;
-          // 如果 URL 中没有参数，尝试从 localStorage 获取
-          const savedParams = localStorage.getItem("oauth_params");
-          if (savedParams) {
-            body.oauth_params = savedParams;
-            // 使用后清除存储的参数
-            localStorage.removeItem("oauth_params");
-          }
       }
 
       const response = await fetch("/api/auth/q58", {
@@ -56,20 +43,29 @@ export function UserAuthForm({
       });
 
       if (!response.ok) {
-          throw new Error(response.statusText);
+        const errorText = await response.text();
+        throw new Error(errorText || response.statusText);
       }
 
       const data: DiscourseData = await response.json();
-        router.push(data.sso_url);
+
+      // 在跳转之前确保保存当前的 OAuth 参数
+      if (currentParams) {
+        localStorage.setItem("oauth_params", currentParams);
+      }
+
+      // 跳转到 SSO 登录页面
+      window.location.href = data.sso_url;
     } catch (error) {
+      console.error("登录失败:", error);
       setIsLoading(false);
       toast({
         variant: "destructive",
-          title: "内部服务异常",
+        title: "登录失败",
-          description: error instanceof Error ? error.message : "未知错误",
+        description:
+          error instanceof Error ? error.message : "请求失败，请稍后重试",
       });
     }
-    });
   };
 
   return (
@@ -77,10 +73,7 @@ export function UserAuthForm({
       <button
         type="button"
         className={cn(buttonVariants({ variant: "outline" }))}
-        onClick={() => {
+        onClick={signIn}
-          setIsLoading(true);
-          signIn();
-        }}
         disabled={isLoading}
       >
         {isLoading ? (