From d3058ce379e2cbde455772bfd08aea53727f60fe Mon Sep 17 00:00:00 2001
From: Timebomb2018 <18868801967@163.com>
Date: Tue, 28 Apr 2026 15:04:13 +0800
Subject: [PATCH] fix(workspace): make delete workspace member async and
 invalidate user tokens

---
 api/app/controllers/workspace_controller.py | 4 ++--
 api/app/services/workspace_service.py       | 6 +++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/api/app/controllers/workspace_controller.py b/api/app/controllers/workspace_controller.py
index 47068288..abe43593 100644
--- a/api/app/controllers/workspace_controller.py
+++ b/api/app/controllers/workspace_controller.py
@@ -221,7 +221,7 @@ def update_workspace_members(
 
 @router.delete("/members/{member_id}", response_model=ApiResponse)
 @cur_workspace_access_guard()
-def delete_workspace_member(
+async def delete_workspace_member(
     member_id: uuid.UUID,
     db: Session = Depends(get_db),
     current_user: User = Depends(get_current_user),
@@ -230,7 +230,7 @@ def delete_workspace_member(
     workspace_id = current_user.current_workspace_id
     api_logger.info(f"用户 {current_user.username} 请求删除工作空间 {workspace_id} 的成员 {member_id}")
 
-    workspace_service.delete_workspace_member(
+    await workspace_service.delete_workspace_member(
         db=db,
         workspace_id=workspace_id,
         member_id=member_id,
diff --git a/api/app/services/workspace_service.py b/api/app/services/workspace_service.py
index 4034eb6d..199d5953 100644
--- a/api/app/services/workspace_service.py
+++ b/api/app/services/workspace_service.py
@@ -20,6 +20,7 @@ from app.models.workspace_model import (
 )
 from app.repositories import workspace_repository
 from app.repositories.workspace_invite_repository import WorkspaceInviteRepository
+from app.services.session_service import SessionService
 from app.schemas.workspace_schema import (
     InviteAcceptRequest,
     InviteValidateResponse,
@@ -58,7 +59,7 @@ def switch_workspace(
         raise BusinessException(f"切换工作空间失败: {str(e)}", BizCode.INTERNAL_ERROR)
 
 
-def delete_workspace_member(
+async def delete_workspace_member(
         db: Session,
         workspace_id: uuid.UUID,
         member_id: uuid.UUID,
@@ -80,6 +81,9 @@ def delete_workspace_member(
         workspace_member.user.current_workspace_id = None
         db.commit()
         business_logger.info(f"用户 {user.username} 成功删除工作空间 {workspace_id} 的成员 {member_id}")
+
+        # 使被删除成员的所有 token 立即失效
+        await SessionService.invalidate_all_user_tokens(str(workspace_member.user_id))
     except Exception as e:
         db.rollback()
         business_logger.error(f"删除工作空间成员失败 - 工作空间: {workspace_id}, 成员: {member_id}, 错误: {str(e)}")