update

app/api/deps.py

@@ -18,12 +18,14 @@ async def get_current_user(
     token = None
     if authorization and authorization.startswith("Bearer "):
         token = authorization.split(" ")[1]
-    elif access_token and access_token.startswith("Bearer "):
-        token = access_token.split(" ")[1]
+    elif access_token:
+        token = access_token
         
     if not token:
         raise HTTPException(status_code=401, detail="未提供有效的认证信息")
     
+    print(f"token: {token}")
+
     sub, phone = verify_token(token)
     if not sub:
         raise HTTPException(status_code=401, detail="Token已过期或无效")

app/core/security.py

@@ -25,7 +25,7 @@ def set_jwt_cookie(response: Response, token: str):
     """设置JWT cookie"""
     response.set_cookie(
         key="access_token",
-        value=f"Bearer {token}",
+        value=token,
         httponly=True,  # 防止JavaScript访问
         # secure=not settings.DEBUG,  # 生产环境使用HTTPS
         samesite="lax",  # CSRF保护
@@ -47,6 +47,7 @@ def verify_token(token: str) -> Optional[str]:
         payload = jwt.decode(token, settings.SECRET_KEY, algorithms=["HS256"])
         sub: str = payload.get("sub")
         phone: str = payload.get("phone")
+        print(f"payload: {payload}")
         return sub, phone
     except JWTError:
         return None, None