From b40802efbfb51742f5751ef48f94f98b8df4c0db Mon Sep 17 00:00:00 2001
From: gitadmin <aiyimickey@sina.com>
Date: Mon, 18 May 2026 14:49:16 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20SSO=20=E5=85=8D=E7=99=BB=E5=BD=95?=
 =?UTF-8?q?=E5=92=8C=E6=9C=AC=E5=9C=B0=20JWT=20=E8=B7=AF=E5=BE=84=E7=8E=B0?=
 =?UTF-8?q?=E5=9C=A8=E4=B9=9F=E4=BC=9A=E6=9B=B4=E6=96=B0=20last=5Flogin=5F?=
 =?UTF-8?q?at?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

此前仅密码登录路径更新 last_login_at，导致通过 SSO 共享 JWT
或本地 JWT 访问系统的用户始终显示"从未登录"。
---
 CHANGELOG.md    | 4 ++++
 src/lib/auth.ts | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4d1437e..44d71a4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # 变更日志
 
+## 2026-05-18
+
+- [修复] 用户管理"最后登录"时间不动态更新：SSO 免登录、本地 JWT 会话验证路径现在也会更新 `last_login_at`（此前仅密码登录路径更新，导致 SSO 用户始终显示"从未登录"）
+
 ## 2026-05-15
 
 - [修复] middleware 移除 `better-sqlite3` 依赖，修复 Edge Runtime 不支持 Node.js 原生模块的编译报错（`The edge runtime does not support Node.js 'fs' module`）
diff --git a/src/lib/auth.ts b/src/lib/auth.ts
index e3e1fbd..249dea3 100644
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -29,7 +29,7 @@ export async function getCurrentUser(): Promise<UserPayload | null> {
         'SELECT id, username, display_name, role FROM users WHERE username = ? AND is_active = 1'
       ).get(sharedPayload.username) as UserPayload | undefined
       if (row) {
-        db.prepare("UPDATE users SET last_active_at = datetime('now', '+8 hours') WHERE id = ?").run(row.id)
+        db.prepare("UPDATE users SET last_login_at = datetime('now', '+8 hours'), last_active_at = datetime('now', '+8 hours') WHERE id = ?").run(row.id)
         row.permissions = getUserPermissions(row.role)
         return row
       }
@@ -53,7 +53,7 @@ export async function getCurrentUser(): Promise<UserPayload | null> {
   const payload = await verifyToken(token)
   if (payload) {
     const db2 = getDb()
-    db2.prepare("UPDATE users SET last_active_at = datetime('now', '+8 hours') WHERE id = ?").run(payload.id)
+    db2.prepare("UPDATE users SET last_login_at = datetime('now', '+8 hours'), last_active_at = datetime('now', '+8 hours') WHERE id = ?").run(payload.id)
     payload.permissions = getUserPermissions(payload.role)
   }
   return payload