From 65bd7ca7d0f5dfad317692b7a9b448d620ec57de Mon Sep 17 00:00:00 2001
From: MingxuanGame <MingxuanGame@outlook.com>
Date: Tue, 19 Aug 2025 13:43:54 +0000
Subject: [PATCH] fix(auth): add random string to avoid same token

---
 app/auth.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/auth.py b/app/auth.py
index 4a34188..0d620c9 100644
--- a/app/auth.py
+++ b/app/auth.py
@@ -1,6 +1,6 @@
 from __future__ import annotations
 
-from datetime import datetime, timedelta
+from datetime import UTC, datetime, timedelta
 import hashlib
 import re
 import secrets
@@ -156,13 +156,13 @@ def create_access_token(data: dict, expires_delta: timedelta | None = None) -> s
     """创建访问令牌"""
     to_encode = data.copy()
     if expires_delta:
-        expire = datetime.utcnow() + expires_delta
+        expire = datetime.now(UTC) + expires_delta
     else:
-        expire = datetime.utcnow() + timedelta(
+        expire = datetime.now(UTC) + timedelta(
             minutes=settings.access_token_expire_minutes
         )
 
-    to_encode.update({"exp": expire})
+    to_encode.update({"exp": expire, "random": secrets.token_hex(16)})
     encoded_jwt = jwt.encode(
         to_encode, settings.secret_key, algorithm=settings.algorithm
     )