From 9364d56e002f0f4cc205ee12c8b15977f9292a76 Mon Sep 17 00:00:00 2001
From: gitadmin <aiyimickey@sina.com>
Date: Mon, 18 May 2026 14:49:12 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20SSO=20=E5=85=8D=E7=99=BB=E5=BD=95?=
 =?UTF-8?q?=E5=92=8C=E6=9C=AC=E5=9C=B0=20JWT=20=E8=B7=AF=E5=BE=84=E7=8E=B0?=
 =?UTF-8?q?=E5=9C=A8=E4=B9=9F=E4=BC=9A=E6=9B=B4=E6=96=B0=20last=5Flogin=5F?=
 =?UTF-8?q?at?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

此前仅密码登录路径更新 last_login_at，导致通过 SSO 共享 JWT
或本地 JWT 访问系统的用户始终显示"从未登录"。
---
 CHANGELOG.md    | 4 ++++
 src/lib/auth.ts | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 439454d..4df2345 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # 变更日志
 
+## 2026-05-18
+
+- [修复] 用户管理"最后登录"时间不动态更新：SSO 免登录、本地 JWT 会话验证路径现在也会更新 `last_login_at`（此前仅密码登录路径更新，导致 SSO 用户始终显示"从未登录"）
+
 ## 2026-05-15
 
 - [修复] docker-compose.yml 缺少 `ALLOWED_API_KEYS` 环境变量传入，导致 P2 部署后中间件返回 401，issue-ai 调用 assets API 再次失效
diff --git a/src/lib/auth.ts b/src/lib/auth.ts
index 320b35f..b3ec739 100644
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -60,7 +60,7 @@ export async function getSession(): Promise<SessionPayload | null> {
         'SELECT id, username, role FROM users WHERE username = ? AND is_active = 1'
       ).get(sharedPayload.username) as { id: number; username: string; role: string } | undefined
       if (row) {
-        db.prepare("UPDATE users SET last_active_at = datetime('now', '+8 hours') WHERE id = ?").run(row.id)
+        db.prepare("UPDATE users SET last_login_at = datetime('now', '+8 hours'), last_active_at = datetime('now', '+8 hours') WHERE id = ?").run(row.id)
         return { userId: row.id, username: row.username, role: row.role }
       }
       // SSO 免登录：LLDAP 验证通过但本地无记录 → 自动创建（viewer 角色）
@@ -81,7 +81,7 @@ export async function getSession(): Promise<SessionPayload | null> {
   if (token) {
     const payload = verifyJwt(token)
     if (payload) {
-      db.prepare("UPDATE users SET last_active_at = datetime('now', '+8 hours') WHERE id = ?").run(payload.userId)
+      db.prepare("UPDATE users SET last_login_at = datetime('now', '+8 hours'), last_active_at = datetime('now', '+8 hours') WHERE id = ?").run(payload.userId)
       return payload
     }
   }