修改KBAuthSession主程序添加token extension没有拿到的情况

keyBoard/Class/Shared/KBAuthManager.m

@@ -0,0 +1,211 @@
+//
+//  KBAuthManager.m
+//
+//  关键点：
+//  - 使用固定的 service/account 将 KBAuthSession 序列化后保存到钥匙串；
+//  - 通过 kSecAttrAccessGroup 指定 Keychain Sharing 访问组，实现 App 与扩展共享；
+//  - 保存/清除时发送 Darwin 跨进程通知，便于对端刷新缓存；
+//
+
+#import "KBAuthManager.h"
+#import <Security/Security.h>
+#import "KBConfig.h"  // 需要共享钥匙串访问组常量，见 KBConfig.h 中的说明
+
+NSString * const kKBDarwinAuthChanged = @"com.keyBoardst.auth.changed";
+NSNotificationName const KBAuthChangedNotification = @"KBAuthChangedNotification";
+
+static NSString * const kKBKCService = @"com.keyBoardst.auth";  // 钥匙串 service 名
+static NSString * const kKBKCAccount = @"session";              // 钥匙串 account 键
+
+// 用于 Keychain Sharing 的访问组；必须与两个 target 的 entitlements 配置一致。
+// 示例（Capabilities 中勾选 Keychain Sharing 后的值）：
+//   $(AppIdentifierPrefix)com.keyBoardst.shared
+// 运行时会被展开为：TN6HHV45BB.com.keyBoardst.shared
+#ifndef KB_KEYCHAIN_ACCESS_GROUP
+#define KB_KEYCHAIN_ACCESS_GROUP @"TN6HHV45BB.com.keyBoardst.shared"
+#endif
+
+// 过期宽限：若过期时间距离当前 <= 该阈值，则视为已过期。
+static const NSTimeInterval kKBExpiryGrace = 5.0; // 秒
+
+@implementation KBAuthSession
+
++ (BOOL)supportsSecureCoding { return YES; }
+
+- (void)encodeWithCoder:(NSCoder *)coder {
+    [coder encodeObject:self.accessToken forKey:@"accessToken"];
+    [coder encodeObject:self.refreshToken forKey:@"refreshToken"];
+    [coder encodeObject:self.expiryDate   forKey:@"expiryDate"];
+    [coder encodeObject:self.userIdentifier forKey:@"userIdentifier"];
+}
+
+- (instancetype)initWithCoder:(NSCoder *)coder {
+    if (self = [super init]) {
+        _accessToken = [coder decodeObjectOfClass:NSString.class forKey:@"accessToken"];
+        _refreshToken = [coder decodeObjectOfClass:NSString.class forKey:@"refreshToken"];
+        _expiryDate   = [coder decodeObjectOfClass:NSDate.class forKey:@"expiryDate"];
+        _userIdentifier = [coder decodeObjectOfClass:NSString.class forKey:@"userIdentifier"];
+    }
+    return self;
+}
+
+@end
+
+@interface KBAuthManager ()
+@property (atomic, strong, readwrite, nullable) KBAuthSession *current;
+@end
+
+@implementation KBAuthManager
+
++ (instancetype)shared {
+    static KBAuthManager *m; static dispatch_once_t onceToken; dispatch_once(&onceToken, ^{ m = [KBAuthManager new]; });
+    return m;
+}
+
+#if DEBUG
+static inline void KBLog(NSString *fmt, ...) {
+    va_list args; va_start(args, fmt);
+    NSString *msg = [[NSString alloc] initWithFormat:fmt arguments:args];
+    va_end(args);
+    NSLog(@"[KBAuth] %@", msg);
+}
+#endif
+
+- (instancetype)init {
+    if (self = [super init]) {
+        [self reloadFromKeychain];
+        // 监听 Darwin 跨进程通知（App 与扩展之间）
+        CFNotificationCenterAddObserver(CFNotificationCenterGetDarwinNotifyCenter(),
+                                        (__bridge const void *)(self),
+                                        KBAuthDarwinCallback,
+                                        (__bridge CFStringRef)kKBDarwinAuthChanged,
+                                        NULL,
+                                        CFNotificationSuspensionBehaviorDeliverImmediately);
+    }
+    return self;
+}
+
+static void KBAuthDarwinCallback(CFNotificationCenterRef center, void *observer, CFStringRef name, const void *object, CFDictionaryRef userInfo) {
+    KBAuthManager *self = (__bridge KBAuthManager *)observer;
+    [self reloadFromKeychain];
+}
+
+- (void)dealloc {
+    CFNotificationCenterRemoveObserver(CFNotificationCenterGetDarwinNotifyCenter(), (__bridge const void *)(self), (__bridge CFStringRef)kKBDarwinAuthChanged, NULL);
+}
+
+- (BOOL)isLoggedIn {
+    KBAuthSession *s = self.current;
+    if (s.accessToken.length == 0) return NO;
+    if (!s.expiryDate) return YES; // 未设置过期时间时，只要有 token 即视为已登录
+    return ([s.expiryDate timeIntervalSinceNow] > kKBExpiryGrace);
+}
+
+#pragma mark - Public
+
+- (void)reloadFromKeychain {
+    NSData *data = [self keychainRead];
+    KBAuthSession *session = nil;
+    if (data.length > 0) {
+        @try {
+            session = [NSKeyedUnarchiver unarchivedObjectOfClass:KBAuthSession.class fromData:data error:NULL];
+        } @catch (__unused NSException *e) { session = nil; }
+    }
+    self.current = session;
+    [[NSNotificationCenter defaultCenter] postNotificationName:KBAuthChangedNotification object:nil]; // 进程内通知
+}
+
+- (BOOL)saveAccessToken:(NSString *)accessToken
+          refreshToken:(NSString *)refreshToken
+            expiryDate:(NSDate *)expiryDate
+        userIdentifier:(NSString *)userIdentifier {
+    KBAuthSession *s = [KBAuthSession new];
+    s.accessToken = accessToken ?: @"";
+    s.refreshToken = refreshToken;
+    s.expiryDate = expiryDate;
+    s.userIdentifier = userIdentifier;
+
+    NSError *err = nil;
+    NSData *data = [NSKeyedArchiver archivedDataWithRootObject:s requiringSecureCoding:YES error:&err];
+    if (err || data.length == 0) return NO;
+
+    BOOL ok = [self keychainWrite:data];
+    if (ok) {
+        self.current = s;
+        // 进程内通知
+        [[NSNotificationCenter defaultCenter] postNotificationName:KBAuthChangedNotification object:nil];
+        // 跨进程通知（App <-> 扩展）
+        CFNotificationCenterPostNotification(CFNotificationCenterGetDarwinNotifyCenter(), (__bridge CFStringRef)kKBDarwinAuthChanged, NULL, NULL, true);
+    }
+    return ok;
+}
+
+- (void)signOut {
+    [self keychainDelete];
+    self.current = nil;
+    [[NSNotificationCenter defaultCenter] postNotificationName:KBAuthChangedNotification object:nil];
+    CFNotificationCenterPostNotification(CFNotificationCenterGetDarwinNotifyCenter(), (__bridge CFStringRef)kKBDarwinAuthChanged, NULL, NULL, true);
+}
+
+- (NSDictionary<NSString *,NSString *> *)authorizationHeader {
+    NSString *t = self.current.accessToken;
+    if (t.length == 0) return @{}; // 未登录返回空头部
+    return @{ @"Authorization": [@"Bearer " stringByAppendingString:t] };
+}
+
+#pragma mark - Keychain (shared)
+
+- (NSMutableDictionary *)baseKCQuery {
+    NSMutableDictionary *q = [@{ (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
+                                 (__bridge id)kSecAttrService: kKBKCService,
+                                 (__bridge id)kSecAttrAccount: kKBKCAccount } mutableCopy];
+    // 指定共享访问组（App 与扩展共用同一组）
+    q[(__bridge id)kSecAttrAccessGroup] = KB_KEYCHAIN_ACCESS_GROUP;
+    return q;
+}
+
+- (BOOL)keychainWrite:(NSData *)data {
+    if (!data) return NO;
+    NSMutableDictionary *query = [self baseKCQuery];
+    SecItemDelete((__bridge CFDictionaryRef)query);
+
+    // 设置属性
+    query[(__bridge id)kSecValueData] = data;
+    // 访问控制：设备首次解锁后可读，不随备份迁移
+    query[(__bridge id)kSecAttrAccessible] = (__bridge id)kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly;
+
+    OSStatus status = SecItemAdd((__bridge CFDictionaryRef)query, NULL);
+#if DEBUG
+    if (status != errSecSuccess) {
+        KBLog(@"SecItemAdd failed status=%ld group=%@", (long)status, KB_KEYCHAIN_ACCESS_GROUP);
+    } else {
+        KBLog(@"SecItemAdd ok group=%@", KB_KEYCHAIN_ACCESS_GROUP);
+    }
+#endif
+    return (status == errSecSuccess);
+}
+
+- (NSData *)keychainRead {
+    NSMutableDictionary *query = [self baseKCQuery];
+    query[(__bridge id)kSecReturnData] = @YES;
+    query[(__bridge id)kSecMatchLimit] = (__bridge id)kSecMatchLimitOne;
+
+    CFTypeRef dataRef = NULL;
+    OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &dataRef);
+#if DEBUG
+    if (status != errSecSuccess) {
+        KBLog(@"SecItemCopyMatching status=%ld group=%@ (item not found or no entitlement)", (long)status, KB_KEYCHAIN_ACCESS_GROUP);
+    } else {
+        KBLog(@"SecItemCopyMatching ok group=%@", KB_KEYCHAIN_ACCESS_GROUP);
+    }
+#endif
+    if (status != errSecSuccess || !dataRef) return nil;
+    return (__bridge_transfer NSData *)dataRef;
+}
+
+- (void)keychainDelete {
+    NSDictionary *query = [self baseKCQuery];
+    SecItemDelete((__bridge CFDictionaryRef)query);
+}
+
+@end