增加token刷新接口

2024-06-06 17:56:27 +08:00 · 2024-06-06 17:56:27 +08:00 · 6f0c0e5f96
commit 6f0c0e5f96
parent 86bcdfae26
6 changed files with 70 additions and 17 deletions
--- a/api/src/controller/account.rs
+++ b/api/src/controller/account.rs
@ -1,6 +1,6 @@
-use axum::Json;
-use domain::{dto::account::{AuthenticateGooleAccountReq, AuthenticateWithPassword}, vo::account::LoginAccount};
-use library::resp::response::{ ResData, ResResult};
+use axum::{Extension, Json};
+use domain::{dto::account::{AuthenticateGooleAccountReq, AuthenticateWithPassword, RefreshToken}, vo::account::{LoginAccount, RefreshTokenResult}};
+use library::{cache::account_cache::CacheAccount, resp::response::{ ResData, ResResult}};
 use validator::Validate;

 pub async fn authenticate_google(
@ -17,4 +17,12 @@ pub async fn authenticate_with_password(
    req.validate()?;

    service::sys_account::authenticate_with_password(req).await
-}
+}
+
+pub async fn refresh_token(
+    Extension(account): Extension<CacheAccount>,
+    Json(refresh_token): Json<RefreshToken>
+) -> ResResult<ResData<RefreshTokenResult>> {
+    tracing::debug!("刷新token, {:?}", account);
+    service::account::refresh_token(account, refresh_token.token).await
+}
--- a/api/src/router.rs
+++ b/api/src/router.rs
@ -17,6 +17,10 @@ pub(crate) fn init() -> Router {
            "/account/sys",
            post(controller::account::authenticate_with_password),
        )
+        .route(
+            "/account/refresh-token", 
+            post(controller::account::refresh_token)
+        )
        .route(
            "/feedback",
            post(controller::feedback::add_feedback)
--- a/domain/src/dto/account.rs
+++ b/domain/src/dto/account.rs
@ -14,3 +14,8 @@ pub struct AuthenticateGooleAccountReq {
    #[validate(required(message = "用户ID Token不能为空"), length(min = 1, message = "用户ID Token不能为空"))]
    pub id_token: Option<String>,
 }
+
+#[derive(Debug, Validate, Deserialize, Serialize)]
+pub struct RefreshToken {
+    pub token: String,
+}
--- a/domain/src/vo/account.rs
+++ b/domain/src/vo/account.rs
@ -14,4 +14,10 @@ pub struct LoginAccount {
    pub email: Option<String>,
    pub token: String,
    pub refresh_token: String,
-}
+}
+
+#[derive(Debug, Clone, Deserialize, Serialize)]
+pub struct RefreshTokenResult {
+    pub token: String,
+    pub refresh_token: String,
+}
--- a/library/src/middleware/req_token.rs
+++ b/library/src/middleware/req_token.rs
@ -47,7 +47,7 @@ pub async fn authenticate_access_token(mut req: Request, next: Next) -> Response
            //     return (StatusCode::UNAUTHORIZED, "Invalid token".to_string()).into_response();
            // }
            // 将Claims附加到请求扩展中，以便后续处理使用
-            req.extensions_mut().insert(account);
+            req.extensions_mut().insert(account.unwrap());
            next.run(req).await
        },
        Err(_) => (StatusCode::UNAUTHORIZED, "Invalid token".to_string()).into_response(),
--- a/service/src/account.rs
+++ b/service/src/account.rs
@ -1,11 +1,12 @@
 use chrono::Utc;
 use domain::dto::account::AuthenticateGooleAccountReq;
 use domain::entities::account::Account;
-use domain::vo::account::LoginAccount;
+use domain::vo::account::{LoginAccount, RefreshTokenResult};
 use library::cache::account_cache::{CacheAccount, LOGIN_CACHE};
 use library::resp::response::ResErr::ErrPerm;
-use library::resp::response::{ResErr, ResData, ResResult};
+use library::resp::response::{ResData, ResErr, ResResult};
 use library::social::google::GOOGLE_SOCIAL;
+use library::token::{generate_refresh_token, generate_token};
 use library::{db, token};

 pub async fn authenticate_google(
@ -59,15 +60,44 @@ pub async fn authenticate_google(
        )
        .await;

-    let login_account = LoginAccount{ 
-        username: account.username, 
-        display_name: account.display_name, 
-        avatar_url: account.avatar_url, 
-        metadata: account.metadata, 
-        wallet: account.wallet, 
-        email: account.email, 
-        token, 
-        refresh_token  
+    let login_account = LoginAccount {
+        username: account.username,
+        display_name: account.display_name,
+        avatar_url: account.avatar_url,
+        metadata: account.metadata,
+        wallet: account.wallet,
+        email: account.email,
+        token,
+        refresh_token,
    };
    return Ok(ResData::some(login_account));
 }
+
+pub async fn refresh_token(
+    cache_account: CacheAccount,
+    refresh_token: String,
+) -> ResResult<ResData<RefreshTokenResult>> {
+    let account = cache_account.account;
+
+    if token::verify_refresh_token(&refresh_token).is_err() {
+        return Err(ResErr::params("refresh_token无效"));
+    }
+
+    let refresh_token = RefreshTokenResult {
+        token: generate_token(&account.id),
+        refresh_token: generate_refresh_token(&account.id),
+    };
+
+    LOGIN_CACHE.remove(&account.id).await;
+    LOGIN_CACHE
+        .insert(
+            account.id.to_owned(),
+            CacheAccount {
+                account: account.clone(),
+                token: refresh_token.token.to_owned(),
+            },
+        )
+        .await;
+
+    Ok(ResData::some(refresh_token))
+}