登录用户缓存迁移至library，token请求中间件添加缓存用户校验

Cargo.lock

@@ -476,7 +476,6 @@ name = "domain"
 version = "0.1.0"
 dependencies = [
  "chrono",
- "library",
  "serde",
  "sqlx",
  "tracing",
@@ -1061,12 +1060,14 @@ dependencies = [
  "axum",
  "axum-extra",
  "chrono",
+ "domain",
  "futures-util",
  "http",
  "http-body",
  "http-body-util",
  "jsonwebtoken",
  "lazy_static",
+ "moka",
  "once_cell",
  "reqwest",
  "serde",

domain/Cargo.toml

@@ -13,5 +13,3 @@ chrono = { workspace = true, features = ["serde"]}
 tracing = { workspace = true }
 tracing-appender = { workspace = true }
 tracing-subscriber = { workspace = true, features = ["json"] }
-
-library = { path = "../library" }

library/Cargo.toml

@@ -26,4 +26,7 @@ futures-util = { workspace = true }
 jsonwebtoken = { workspace = true }
 reqwest = { workspace = true, features = ["blocking", "json"] }
 validator = { workspace = true }
-lazy_static = { workspace = true }
+moka = { workspace = true, features = ["future", "logging"] }
+lazy_static = { workspace = true }
+
+domain = { path = "../domain" }

library/src/lib.rs

@@ -4,4 +4,5 @@ pub mod core;
 pub mod resp;
 pub mod middleware;
 pub mod token;
-pub mod social;
+pub mod social;
+pub mod cache;

library/src/middleware/req_token.rs

@@ -2,7 +2,7 @@ use axum::{extract::Request, middleware::Next, response::{IntoResponse, Response
 use http::{header, StatusCode};
 use jsonwebtoken::{decode, DecodingKey, Validation};
 
-use crate::{config, token::Claims};
+use crate::{cache::login_cache::LOGIN_CACHE, config, token::Claims};
 
 
 pub async fn authenticate_access_token(mut req: Request, next: Next) -> Response {
@@ -21,8 +21,16 @@ pub async fn authenticate_access_token(mut req: Request, next: Next) -> Response
     let validation = Validation::default();
     match decode::<Claims>(token, &DecodingKey::from_secret(config!().jwt.token_secret.as_bytes()), &validation) {
         Ok(decoded) => {
+            let account = LOGIN_CACHE.get(&decoded.claims.sub).await;
+            if account.is_none() {
+                return (StatusCode::UNAUTHORIZED, "Invalid token".to_string()).into_response();
+            }
+            let account = account.unwrap();
+            if account.token != token {
+                return (StatusCode::UNAUTHORIZED, "Invalid token".to_string()).into_response();
+            }
             // 将Claims附加到请求扩展中，以便后续处理使用
-            req.extensions_mut().insert(decoded.claims);
+            req.extensions_mut().insert(account);
             next.run(req).await
         },
         Err(_) => (StatusCode::UNAUTHORIZED, "Invalid token".to_string()).into_response(),

library/src/token.rs

@@ -5,8 +5,8 @@ use crate::config;
 
 #[derive(Debug, Serialize, Deserialize, Clone)]
 pub struct Claims {
-    sub: String, // 用户ID
-    exp: i64, // Token过期时间戳
+    pub sub: String, // 用户ID
+    pub exp: i64, // Token过期时间戳
 }
 
 pub fn generate_token(sub: &str) -> String {

service/src/account.rs

@@ -1,13 +1,12 @@
 use chrono::Utc;
 use domain::dto::account::AuthenticateGooleAccountReq;
 use domain::entities::account::Account;
+use library::cache::login_cache::{LoginAccount, LOGIN_CACHE};
 use library::resp::response::ResErr::ErrPerm;
 use library::resp::response::{ResErr, ResOK, ResResult};
 use library::social::google::GOOGLE_SOCIAL;
 use library::{db, token};
 
-use crate::utils::login_cache::{LoginAccount, LOGIN_CACHE};
-
 pub async fn authenticate_google(
     req: AuthenticateGooleAccountReq,
 ) -> ResResult<ResOK<(String, String)>> {

service/src/lib.rs

@@ -1,5 +1,3 @@
 pub mod account;
 pub mod feedback;
 pub mod sys_account;
-
-pub mod utils;

service/src/sys_account.rs

@@ -4,12 +4,9 @@ use domain::{
     entities::account::{Account, Role},
 };
 use library::{
-    db,
-    resp::response::{ResErr, ResOK, ResResult},
-    token::{generate_refresh_token, generate_token},
+    cache::login_cache::{LoginAccount, LOGIN_CACHE}, db, resp::response::{ResErr, ResOK, ResResult}, token::{generate_refresh_token, generate_token}
 };
 
-use crate::utils::login_cache::{LoginAccount, LOGIN_CACHE};
 
 pub async fn authticate_with_password(
     req: AuthenticateWithPassword,