131 lines
4.1 KiB
Rust
131 lines
4.1 KiB
Rust
use std::sync::Arc;
|
|
|
|
use chrono::Utc;
|
|
use domain::dto::account::AuthenticateGooleAccountReq;
|
|
use domain::entities::account::Account;
|
|
use domain::vo::account::{LoginAccount, RefreshTokenResult};
|
|
use i18n::message;
|
|
use i18n::message_ids::MessageId;
|
|
use library::cache::inner_cache::{CacheAccount, LOGIN_ACCOUNT_CACHE};
|
|
use library::context::Context;
|
|
use library::model::response::ResErr::ErrPerm;
|
|
use library::model::response::{ResErr, ResResult};
|
|
use library::social::google::GOOGLE_SOCIAL;
|
|
use library::token::{generate_refresh_token, generate_token};
|
|
use library::{db, token};
|
|
|
|
pub async fn authenticate_google(
|
|
context: Context,
|
|
req: AuthenticateGooleAccountReq,
|
|
) -> ResResult<LoginAccount> {
|
|
let verify_result = GOOGLE_SOCIAL
|
|
.verify_id_token(&req.id_token.unwrap())
|
|
.await
|
|
.map_err(|err| {
|
|
tracing::error!(error = ?err, "校验Google Token失败");
|
|
ErrPerm(None)
|
|
})?;
|
|
|
|
let mut transaction = db!().begin().await?;
|
|
let account = Account::find_by_google_id(&verify_result.aud, db!()).await?;
|
|
let account = match account {
|
|
None => {
|
|
tracing::info!("账户不存在, {:?}", verify_result);
|
|
match Account::save_google_account(
|
|
&Account {
|
|
username: verify_result.name,
|
|
google_id: Some(verify_result.aud),
|
|
email: Some(verify_result.email),
|
|
display_name: Some(verify_result.given_name),
|
|
avatar_url: Some(verify_result.picture),
|
|
..Default::default()
|
|
},
|
|
&mut transaction,
|
|
)
|
|
.await {
|
|
Ok(account) => {
|
|
transaction.commit().await?;
|
|
account
|
|
},
|
|
Err(err) => {
|
|
transaction.rollback().await?;
|
|
tracing::error!(error = ?err, "保存Google用户失败");
|
|
return Err(ResErr::service("保存Google用户失败"));
|
|
}
|
|
}
|
|
}
|
|
Some(account) => {
|
|
tracing::info!("账户已存在, {:?}", account);
|
|
if let Some(disable_time) = account.disable_time {
|
|
if disable_time > Utc::now() {
|
|
tracing::error!("账户已禁用");
|
|
return Err(ResErr::service(message!(
|
|
context.get_lang_tag(),
|
|
MessageId::AccountDisabled
|
|
)));
|
|
}
|
|
}
|
|
|
|
account
|
|
}
|
|
};
|
|
|
|
let token = token::generate_token(&account.id);
|
|
let refresh_token = token::generate_refresh_token(&account.id);
|
|
|
|
LOGIN_ACCOUNT_CACHE
|
|
.insert(
|
|
account.id.to_owned(),
|
|
Arc::new(CacheAccount {
|
|
account: Arc::new(account.to_owned()),
|
|
token: Arc::new(token.to_owned()),
|
|
}),
|
|
)
|
|
.await;
|
|
|
|
let login_account = LoginAccount {
|
|
username: account.username,
|
|
display_name: account.display_name,
|
|
avatar_url: account.avatar_url,
|
|
metadata: account.metadata,
|
|
wallet: account.wallet,
|
|
email: account.email,
|
|
token,
|
|
refresh_token,
|
|
};
|
|
return Ok(login_account);
|
|
}
|
|
|
|
pub async fn refresh_token(
|
|
context: Context,
|
|
refresh_token: String,
|
|
) -> ResResult<RefreshTokenResult> {
|
|
let lang = context.get_lang_tag();
|
|
let account = context.get_account().unwrap();
|
|
|
|
if token::verify_refresh_token(&refresh_token).is_err() {
|
|
return Err(ResErr::params(message!(
|
|
lang,
|
|
MessageId::InvalidToken
|
|
)));
|
|
}
|
|
|
|
let refresh_token = RefreshTokenResult {
|
|
token: generate_token(&account.id),
|
|
refresh_token: generate_refresh_token(&account.id),
|
|
};
|
|
|
|
LOGIN_ACCOUNT_CACHE.remove(&account.id).await;
|
|
LOGIN_ACCOUNT_CACHE
|
|
.insert(
|
|
account.id.to_owned(),
|
|
Arc::new(CacheAccount {
|
|
account,
|
|
token: Arc::new(refresh_token.token.to_owned()),
|
|
}),
|
|
)
|
|
.await;
|
|
|
|
Ok(refresh_token)
|
|
}
|