♻️ reconstruct the authentication mode

2024-12-21 13:01:10 +08:00
parent f213644aa9
commit 462e811742
25 changed files with 371 additions and 77 deletions
--- a/app/core/api/internal/logic/user/account_login_logic.go
+++ b/app/core/api/internal/logic/user/account_login_logic.go
@@ -81,15 +81,15 @@ func HandleLoginJWT(user *model.ScaAuthUser, svcCtx *svc.ServiceContext, autoLog
 		return nil, err
 	}
 	// 生成jwt token
-	accessToken := jwt.GenerateAccessToken(svcCtx.Config.Auth.AccessSecret, jwt.AccessJWTPayload{
+	accessToken, expireAt := jwt.GenerateAccessToken(svcCtx.Config.Auth.AccessSecret, jwt.AccessJWTPayload{
 		UserID: user.UID,
 		Type:   constant.JWT_TYPE_ACCESS,
 	})
 	var days time.Duration
 	if autoLogin {
-		days = 24 * time.Hour
+		days = 3 * 24 * time.Hour
 	} else {
-		days = time.Hour * 1
+		days = time.Hour * 24
 	}
 	refreshToken := jwt.GenerateRefreshToken(svcCtx.Config.Auth.AccessSecret, jwt.RefreshJWTPayload{
 		UserID: user.UID,
@@ -97,6 +97,7 @@ func HandleLoginJWT(user *model.ScaAuthUser, svcCtx *svc.ServiceContext, autoLog
 	}, days)
 	data := types.LoginResponse{
 		AccessToken: accessToken,
+		ExpireAt:    expireAt,
 		UID:         user.UID,
 		Username:    user.Username,
 		Nickname:    user.Nickname,
@@ -109,6 +110,10 @@ func HandleLoginJWT(user *model.ScaAuthUser, svcCtx *svc.ServiceContext, autoLog
 		RefreshToken: refreshToken,
 		UID:          user.UID,
 		Revoked:      false,
+		GeneratedAt:  time.Now().Format(constant.TimeFormat),
+		AllowAgent:   r.UserAgent(),
+		GeneratedIP:  utils.GetClientIP(r),
+		UpdatedAt:    time.Now().Format(constant.TimeFormat),
 	}
 	err = svcCtx.RedisClient.Set(ctx, constant.UserTokenPrefix+user.UID, redisToken, days).Err()
 	if err != nil {
--- a/app/core/api/internal/logic/user/get_wechat_offiaccount_qrcode_logic.go
+++ b/app/core/api/internal/logic/user/get_wechat_offiaccount_qrcode_logic.go
@@ -31,7 +31,7 @@ func NewGetWechatOffiaccountQrcodeLogic(ctx context.Context, svcCtx *svc.Service
 }

 func (l *GetWechatOffiaccountQrcodeLogic) GetWechatOffiaccountQrcode(r *http.Request, req *types.OAuthWechatRequest) (resp *types.Response, err error) {
-	ip := utils.GetClientIP(r) // 使用工具函数获取客户端IP
+	ip := utils.GetClientIP(r)
 	key := constant.UserQrcodePrefix + ip

 	// 从Redis获取二维码数据
@@ -45,7 +45,7 @@ func (l *GetWechatOffiaccountQrcodeLogic) GetWechatOffiaccountQrcode(r *http.Req
 	}

 	// 生成临时二维码
-	data, err := l.svcCtx.WechatOfficial.QRCode.Temporary(l.ctx, req.Client_id, 7*24*3600)
+	data, err := l.svcCtx.WechatOfficial.QRCode.Temporary(l.ctx, req.ClientId, 7*24*3600)
 	if err != nil {
 		return nil, err
 	}
--- a/app/core/api/internal/logic/user/wechat_offiaccount_login_logic.go
+++ b/app/core/api/internal/logic/user/wechat_offiaccount_login_logic.go
@@ -7,6 +7,7 @@ import (
 	"gorm.io/gorm"
 	"net/http"
 	"schisandra-album-cloud-microservices/app/core/api/common/constant"
+	"schisandra-album-cloud-microservices/app/core/api/common/encrypt"
 	randomname "schisandra-album-cloud-microservices/app/core/api/common/random_name"
 	"schisandra-album-cloud-microservices/app/core/api/common/response"
 	"schisandra-album-cloud-microservices/app/core/api/common/utils"
@@ -34,9 +35,21 @@ func NewWechatOffiaccountLoginLogic(ctx context.Context, svcCtx *svc.ServiceCont
 }

 func (l *WechatOffiaccountLoginLogic) WechatOffiaccountLogin(r *http.Request, req *types.WechatOffiaccountLoginRequest) (resp *types.Response, err error) {
+	decryptedClientId, err := encrypt.Decrypt(req.ClientId, l.svcCtx.Config.Encrypt.Key, l.svcCtx.Config.Encrypt.IV)
+	if err != nil {
+		return response.ErrorWithI18n(l.ctx, "login.loginFailed"), nil
+	}
+	clientId := l.svcCtx.RedisClient.Get(r.Context(), constant.UserClientPrefix+decryptedClientId).Val()
+	if clientId == "" {
+		return response.ErrorWithI18n(l.ctx, "login.loginFailed"), nil
+	}
+	Openid, err := encrypt.Decrypt(req.Openid, l.svcCtx.Config.Encrypt.Key, l.svcCtx.Config.Encrypt.IV)
+	if err != nil {
+		return response.ErrorWithI18n(l.ctx, "login.loginFailed"), nil
+	}
 	tx := l.svcCtx.DB.Begin()
 	userSocial := l.svcCtx.DB.ScaAuthUserSocial
-	socialUser, err := tx.ScaAuthUserSocial.Where(userSocial.OpenID.Eq(req.Openid), userSocial.Source.Eq(constant.OAuthSourceWechat)).First()
+	socialUser, err := tx.ScaAuthUserSocial.Where(userSocial.OpenID.Eq(Openid), userSocial.Source.Eq(constant.OAuthSourceWechat)).First()
 	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
 		return nil, err
 	}
@@ -50,7 +63,7 @@ func (l *WechatOffiaccountLoginLogic) WechatOffiaccountLogin(r *http.Request, re
 		addUser := &model.ScaAuthUser{
 			UID:      uidStr,
 			Avatar:   avatar,
-			Username: req.Openid,
+			Username: Openid,
 			Nickname: name,
 			Gender:   constant.Male,
 		}
@@ -62,7 +75,7 @@ func (l *WechatOffiaccountLoginLogic) WechatOffiaccountLogin(r *http.Request, re

 		newSocialUser := &model.ScaAuthUserSocial{
 			UserID: uidStr,
-			OpenID: req.Openid,
+			OpenID: Openid,
 			Source: constant.OAuthSourceWechat,
 		}
 		err = tx.ScaAuthUserSocial.Create(newSocialUser)