fix: login&logout bug

Author: barry-ran

QuickDesk/qml/views/MainWindow.qml

@@ -434,7 +434,7 @@ ApplicationWindow {
                         text: qsTr("Logout")
                         iconText: FluentIconGlyph.signOutGlyph
                         isDestructive: true
-                        onTriggered: root.mainController.authManager.logout()
+                        onTriggered: root.mainController.authManager.logout(root.mainController.deviceId)
                     }
                 }
             }

QuickDesk/src/controller/MainController.cpp

@@ -164,11 +164,10 @@ MainController::MainController(QObject* parent)
 
     // Auth: on login success, auto-bind device + start sync + fetch lists
     connect(m_authManager.get(), &AuthManager::loginSuccess, this, [this]() {
-        // Auto-bind this host device
+        // Auto-bind this host device (also marks logged_in=true on server)
         QString deviceId = m_hostManager->deviceId();
         if (!deviceId.isEmpty()) {
             m_cloudDeviceManager->autoBindDevice(deviceId);
-            m_cloudDeviceManager->deviceLogin(deviceId);
         }
         // Start sync WebSocket
         m_cloudDeviceManager->startSync();
@@ -183,19 +182,11 @@ MainController::MainController(QObject* parent)
         }
     });
 
-    // Auth: on logout, notify server device is no longer logged in + stop sync
+    // Auth: on logout, stop sync (server handles logged_in=false in its logout API)
     connect(m_authManager.get(), &AuthManager::loggedOut, this, [this]() {
         m_cloudDeviceManager->stopSync();
     });
 
-    // Notify server before token is cleared (loggedOut fires after token is gone)
-    connect(m_authManager.get(), &AuthManager::loggingOut, this, [this]() {
-        QString deviceId = m_hostManager->deviceId();
-        if (!deviceId.isEmpty()) {
-            m_cloudDeviceManager->deviceLogout(deviceId);
-        }
-    });
-
     // Sync access code changes from cloud devices to recent connections
     connect(m_cloudDeviceManager.get(), &CloudDeviceManager::myDevicesChanged, this, [this]() {
         for (const auto& v : m_cloudDeviceManager->myDevices()) {
@@ -787,7 +778,6 @@ void MainController::onHostReady(const QString& deviceId, const QString& accessC
         // Auto-bind if user is already logged in (loginSuccess may have fired before hostReady)
         if (m_authManager->isLoggedIn() && !deviceId.isEmpty()) {
             m_cloudDeviceManager->autoBindDevice(deviceId);
-            m_cloudDeviceManager->deviceLogin(deviceId);
             if (!accessCode.isEmpty()) {
                 m_cloudDeviceManager->syncAccessCode(deviceId, accessCode);
             }

QuickDesk/src/manager/AuthManager.cpp

@@ -8,6 +8,7 @@
 #include <QJsonDocument>
 #include <QJsonObject>
 #include <QUrl>
+#include <QUrlQuery>
 
 namespace quickdesk {
 
@@ -241,18 +242,23 @@ void AuthManager::loginWithSms(const QString& phone, const QString& smsCode)
         });
 }
 
-void AuthManager::logout()
+void AuthManager::logout(const QString& deviceId)
 {
     if (m_token.isEmpty()) {
         clearSession();
         return;
     }
 
     QUrl url(httpBaseUrl() + "api/v1/user/logout");
+    if (!deviceId.isEmpty()) {
+        QUrlQuery query;
+        query.addQueryItem("device_id", deviceId);
+        url.setQuery(query);
+    }
     QList<QPair<QString, QString>> headers;
     headers.append(qMakePair(QStringLiteral("Authorization"), QStringLiteral("Bearer ") + m_token));
 
-    LOG_INFO("[AuthManager] Logging out user: {}", m_username.toStdString());
+    LOG_INFO("[AuthManager] Logging out user: {}, device: {}", m_username.toStdString(), deviceId.toStdString());
 
     infra::HttpRequest::instance().sendPostRequest(
         url, headers, QString(), kRequestTimeoutMs,
@@ -297,8 +303,6 @@ void AuthManager::fetchUserInfo()
 
 void AuthManager::clearSession()
 {
-    emit loggingOut();
-
     m_isLoggedIn = false;
     m_username.clear();
     m_userId = 0;

QuickDesk/src/manager/AuthManager.h

@@ -33,7 +33,7 @@ class AuthManager : public QObject {
     Q_INVOKABLE void registerUser(const QString& username, const QString& password,
                                    const QString& phone, const QString& email,
                                    const QString& smsCode = QString());
-    Q_INVOKABLE void logout();
+    Q_INVOKABLE void logout(const QString& deviceId = QString());
     Q_INVOKABLE void fetchUserInfo();
 
     bool isLoggedIn() const;
@@ -49,7 +49,6 @@ class AuthManager : public QObject {
     void loginFailed(const QString& errorCode, const QString& errorMsg);
     void registerSuccess();
     void registerFailed(const QString& errorCode, const QString& errorMsg);
-    void loggingOut(); // emitted before token is cleared
     void loggedOut();
     void smsCodeSent();
     void smsCodeFailed(const QString& errorCode, const QString& errorMsg);

SignalingServer/cmd/signaling/main.go

@@ -118,6 +118,12 @@ func main() {
 		// User authentication (public, no API key required)
 		userAuth := handler.NewUserAuth(db, redisClient)
 		userAuth.SetSmsService(smsService)
+		userAuth.SetLogoutNotifier(func(userID uint, deviceID string) {
+			wsHandler.NotifyUserSync(userID, map[string]interface{}{
+				"type":      "device_logged_out",
+				"device_id": deviceID,
+			})
+		})
 		v1.POST("/user/register", userAuth.Register)
 		v1.POST("/user/login", userAuth.Login)
 		v1.POST("/user/login-sms", userAuth.LoginWithSms)

SignalingServer/deploy-offline.sh

@@ -97,16 +97,21 @@ fi
 
 echo "Loaded: $LOADED_IMAGE"
 
-# Tag to match what docker-compose.yml expects
-EXPECTED_IMAGE=$(grep -E '^\s*image:' docker-compose.yml | head -1 | awk '{print $2}' | tr -d '\r')
-if [ -n "$EXPECTED_IMAGE" ] && [ "$LOADED_IMAGE" != "$EXPECTED_IMAGE" ]; then
-    echo "Tagging $LOADED_IMAGE → $EXPECTED_IMAGE"
-    docker tag "$LOADED_IMAGE" "$EXPECTED_IMAGE"
+# Extract tag from loaded image for docker-compose
+if echo "$LOADED_IMAGE" | grep -q ':'; then
+    IMAGE_TAG=$(echo "$LOADED_IMAGE" | grep -oP ':\K.+')
+else
+    # Image has no tag (loaded by ID), tag it as 'latest'
+    IMAGE_TAG="latest"
+    EXPECTED="ghcr.io/barry-ran/quickdesk-signaling:latest"
+    echo "No tag found, tagging as: $EXPECTED"
+    docker tag "$LOADED_IMAGE" "$EXPECTED"
 fi
+export IMAGE_TAG
 
 # ---- 2. Start ----
-echo "[2/3] Starting services..."
-docker compose up -d
+echo "[2/3] Starting services (IMAGE_TAG=$IMAGE_TAG)..."
+docker compose up -d --force-recreate
 
 # ---- 3. Health check ----
 echo "[3/3] Waiting for server to become healthy..."

SignalingServer/deploy-pull.sh

@@ -66,19 +66,14 @@ echo "Port:     $PORT"
 echo "Domain:   ${DOMAIN:-<none>}"
 echo ""
 
-# ---- 1. Update image tag in docker-compose.yml ----
-if [ "$VERSION" != "latest" ]; then
-    sed -i "s|image: ${IMAGE_BASE}:.*|image: ${IMAGE_BASE}:${VERSION}|" docker-compose.yml
-fi
-
 export SERVER_PORT="$PORT"
+export IMAGE_TAG="$VERSION"
 
-# ---- 2. Pull and start ----
-echo "[1/3] Pulling image..."
+echo "[1/3] Pulling image ${IMAGE_BASE}:${IMAGE_TAG}..."
 docker compose pull
 
 echo "[2/3] Starting services..."
-docker compose up -d
+docker compose up -d --force-recreate
 
 # ---- 3. Health check ----
 echo "[3/3] Waiting for server to become healthy..."

SignalingServer/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   signaling-server:
-    image: ghcr.io/barry-ran/quickdesk-signaling:latest
+    image: ghcr.io/barry-ran/quickdesk-signaling:${IMAGE_TAG:-latest}
     container_name: quickdesk-signaling
     restart: always
     ports:

SignalingServer/internal/handler/user_device_handler.go

@@ -206,7 +206,10 @@ func (h *UserDeviceHandler) AutoBindDevice(c *gin.Context) {
 	}
 
 	// Update device ownership
-	h.db.Model(&models.Device{}).Where("device_id = ?", req.DeviceID).Update("user_id", authedUserID)
+	h.db.Model(&models.Device{}).Where("device_id = ?", req.DeviceID).Updates(map[string]interface{}{
+		"user_id":   authedUserID,
+		"logged_in": true,
+	})
 
 	// Upsert UserDevice: reactivate if exists but inactive, create otherwise
 	var existing models.UserDevice
@@ -235,6 +238,12 @@ func (h *UserDeviceHandler) AutoBindDevice(c *gin.Context) {
 
 	recomputeDeviceCount(h.db, authedUserID)
 
+	// Notify other devices this device is now logged in
+	h.notifySync(authedUserID, gin.H{
+		"type":      "device_logged_in",
+		"device_id": req.DeviceID,
+	})
+
 	c.JSON(http.StatusOK, gin.H{"message": "设备自动绑定成功", "binding": existing})
 }
 

SignalingServer/internal/handler/user_handler.go

@@ -263,16 +263,22 @@ const userTokenTTL = 7 * 24 * time.Hour
 
 // UserAuth manages user session tokens in Redis.
 type UserAuth struct {
-	db  *gorm.DB
-	rdb *redis.Client
-	sms *service.SmsService
+	db             *gorm.DB
+	rdb            *redis.Client
+	sms            *service.SmsService
+	logoutNotifier func(userID uint, deviceID string)
 }
 
 // NewUserAuth creates a new UserAuth instance.
 func NewUserAuth(db *gorm.DB, rdb *redis.Client) *UserAuth {
 	return &UserAuth{db: db, rdb: rdb}
 }
 
+// SetLogoutNotifier sets the callback to notify other devices when a device logs out.
+func (a *UserAuth) SetLogoutNotifier(fn func(userID uint, deviceID string)) {
+	a.logoutNotifier = fn
+}
+
 // SetSmsService injects the SMS service (may be nil if SMS is disabled).
 func (a *UserAuth) SetSmsService(sms *service.SmsService) {
 	a.sms = sms
@@ -504,6 +510,31 @@ func (a *UserAuth) Logout(c *gin.Context) {
 		apiErrorBadRequest(c, CodeInvalidRequest, "token不能为空")
 		return
 	}
+
+	// Get user ID from token before deleting it
+	val, err := a.rdb.Get(context.Background(), a.redisKey(token)).Result()
+	if err == nil {
+		userID, _ := strconv.ParseUint(val, 10, 64)
+		if userID > 0 {
+			// Get device_id from request (optional query param or JSON body)
+			deviceID := c.Query("device_id")
+			if deviceID == "" {
+				var body struct {
+					DeviceID string `json:"device_id"`
+				}
+				c.ShouldBindJSON(&body)
+				deviceID = body.DeviceID
+			}
+			if deviceID != "" {
+				// Clear logged_in for this specific device
+				a.db.Model(&models.Device{}).Where("device_id = ? AND user_id = ?", deviceID, userID).Update("logged_in", false)
+				if a.logoutNotifier != nil {
+					a.logoutNotifier(uint(userID), deviceID)
+				}
+			}
+		}
+	}
+
 	a.rdb.Del(context.Background(), a.redisKey(token))
 	c.JSON(http.StatusOK, gin.H{"message": "退出登录成功"})
 }