105 lines
3.2 KiB
Rust
105 lines
3.2 KiB
Rust
use chrono::Utc;
|
|
use domain::dto::account::AuthenticateGooleAccountReq;
|
|
use domain::entities::account::Account;
|
|
use domain::vo::account::{LoginAccount, RefreshTokenResult};
|
|
use library::cache::account_cache::{CacheAccount, LOGIN_CACHE};
|
|
use library::context::Context;
|
|
use library::res::response::ResErr::ErrPerm;
|
|
use library::res::response::{ResData, ResErr, ResResult};
|
|
use library::social::google::GOOGLE_SOCIAL;
|
|
use library::token::{generate_refresh_token, generate_token};
|
|
use library::{db, token};
|
|
|
|
pub async fn authenticate_google(
|
|
req: AuthenticateGooleAccountReq,
|
|
) -> ResResult<ResData<LoginAccount>> {
|
|
let verify_result = GOOGLE_SOCIAL
|
|
.verify_id_token(&req.id_token.unwrap())
|
|
.await
|
|
.map_err(|err| {
|
|
tracing::error!(error = ?err, "校验Google Token失败");
|
|
ErrPerm(None)
|
|
})?;
|
|
|
|
let account = Account::find_by_google_id(&verify_result.aud, db!()).await?;
|
|
let account = match account {
|
|
None => {
|
|
tracing::info!("账户不存在, {:?}", verify_result);
|
|
Account::save_google_account(
|
|
&Account {
|
|
username: verify_result.name,
|
|
google_id: Some(verify_result.aud),
|
|
email: Some(verify_result.email),
|
|
display_name: Some(verify_result.given_name),
|
|
avatar_url: Some(verify_result.picture),
|
|
..Default::default()
|
|
},
|
|
db!(),
|
|
)
|
|
.await?
|
|
}
|
|
Some(account) => {
|
|
tracing::info!("账户已存在, {:?}", account);
|
|
if account.disable_time > Utc::now() {
|
|
tracing::error!("账户已禁用");
|
|
return Err(ResErr::system("账户已禁用"));
|
|
}
|
|
account
|
|
}
|
|
};
|
|
|
|
let token = token::generate_token(&account.id);
|
|
let refresh_token = token::generate_refresh_token(&account.id);
|
|
|
|
LOGIN_CACHE
|
|
.insert(
|
|
account.id.to_owned(),
|
|
CacheAccount {
|
|
account: account.clone(),
|
|
token: token.to_owned(),
|
|
},
|
|
)
|
|
.await;
|
|
|
|
let login_account = LoginAccount {
|
|
username: account.username,
|
|
display_name: account.display_name,
|
|
avatar_url: account.avatar_url,
|
|
metadata: account.metadata,
|
|
wallet: account.wallet,
|
|
email: account.email,
|
|
token,
|
|
refresh_token,
|
|
};
|
|
return Ok(ResData::some(login_account));
|
|
}
|
|
|
|
pub async fn refresh_token(
|
|
context: Context,
|
|
refresh_token: String,
|
|
) -> ResResult<ResData<RefreshTokenResult>> {
|
|
let account = context.account;
|
|
|
|
if token::verify_refresh_token(&refresh_token).is_err() {
|
|
return Err(ResErr::params("refresh_token无效"));
|
|
}
|
|
|
|
let refresh_token = RefreshTokenResult {
|
|
token: generate_token(&account.id),
|
|
refresh_token: generate_refresh_token(&account.id),
|
|
};
|
|
|
|
LOGIN_CACHE.remove(&account.id).await;
|
|
LOGIN_CACHE
|
|
.insert(
|
|
account.id.to_owned(),
|
|
CacheAccount {
|
|
account: account.clone(),
|
|
token: refresh_token.token.to_owned(),
|
|
},
|
|
)
|
|
.await;
|
|
|
|
Ok(ResData::some(refresh_token))
|
|
}
|