重构认证授权逻辑，集中到 auth 包中

2025-05-12 10:07:12 +08:00
parent cfdee98a1b
commit 2c37dcc2be
40 changed files with 905 additions and 455 deletions
--- a/web/auth/session.go
+++ b/web/auth/session.go
@@ -5,11 +5,21 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/google/uuid"
 	"github.com/redis/go-redis/v9"
+	"platform/pkg/env"
 	g "platform/web/globals"
+	"time"
 )

-func find(ctx context.Context, token string) (*Context, error) {
+type Session struct {
+	// 认证主体
+	Payload *Payload
+	// 令牌信息
+	TokenDetails *TokenDetails
+}
+
+func FindSession(ctx context.Context, token string) (*Context, error) {

 	// 读取认证数据
 	authJSON, err := g.Redis.Get(ctx, accessKey(token)).Result()
@@ -29,6 +39,170 @@ func find(ctx context.Context, token string) (*Context, error) {
 	return auth, nil
 }

+func CreateSession(ctx context.Context, authCtx *Context, remember bool) (*TokenDetails, error) {
+	var now = time.Now()
+
+	// 生成令牌组
+	accessToken := genToken()
+	refreshToken := genToken()
+
+	// 序列化认证数据
+	authData, err := json.Marshal(authCtx)
+	if err != nil {
+		return nil, err
+	}
+
+	// 序列化刷新令牌数据
+	refreshData, err := json.Marshal(RefreshData{
+		AuthContext: authCtx,
+		AccessToken: accessToken,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	// 事务保存数据到 Redis
+	var accessExpire = time.Duration(env.SessionAccessExpire) * time.Second
+	var refreshExpire = time.Duration(env.SessionRefreshExpire) * time.Second
+
+	pipe := g.Redis.TxPipeline()
+	pipe.Set(ctx, accessKey(accessToken), authData, accessExpire)
+	if remember {
+		pipe.Set(ctx, refreshKey(refreshToken), refreshData, refreshExpire)
+	}
+	_, err = pipe.Exec(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	return &TokenDetails{
+		AccessToken:         accessToken,
+		AccessTokenExpires:  now.Add(accessExpire),
+		RefreshToken:        refreshToken,
+		RefreshTokenExpires: now.Add(refreshExpire),
+		Auth:                authCtx,
+	}, nil
+}
+
+func RefreshSession(ctx context.Context, refreshToken string, renew bool) (*TokenDetails, error) {
+	var now = time.Now()
+
+	rKey := refreshKey(refreshToken)
+	var tokenDetails *TokenDetails
+
+	// 刷新令牌
+	err := g.Redis.Watch(ctx, func(tx *redis.Tx) error {
+
+		// 先获取刷新令牌数据
+		refreshJson, err := tx.Get(ctx, rKey).Result()
+		if err != nil {
+			if errors.Is(err, redis.Nil) {
+				return ErrInvalidRefreshToken
+			}
+			return err
+		}
+
+		// 解析刷新令牌数据
+		refreshData := new(RefreshData)
+		if err := json.Unmarshal([]byte(refreshJson), refreshData); err != nil {
+			return err
+		}
+
+		// 生成新的令牌
+		newAccessToken := genToken()
+		newRefreshToken := genToken()
+
+		authData, err := json.Marshal(refreshData.AuthContext)
+		if err != nil {
+			return err
+		}
+		newRefreshData, err := json.Marshal(RefreshData{
+			AuthContext: refreshData.AuthContext,
+			AccessToken: newAccessToken,
+		})
+		if err != nil {
+			return err
+		}
+
+		pipeline := tx.Pipeline()
+
+		// 保存新的令牌
+		var accessExpire = time.Duration(env.SessionAccessExpire) * time.Second
+		var refreshExpire = time.Duration(env.SessionRefreshExpire) * time.Second
+
+		pipeline.Set(ctx, accessKey(newAccessToken), authData, accessExpire)
+		pipeline.Set(ctx, refreshKey(newRefreshToken), newRefreshData, refreshExpire)
+
+		// 删除旧的令牌
+		pipeline.Del(ctx, accessKey(refreshData.AccessToken))
+		pipeline.Del(ctx, refreshKey(refreshToken))
+
+		_, err = pipeline.Exec(ctx)
+		if err != nil {
+			return err
+		}
+
+		tokenDetails = &TokenDetails{
+			AccessToken:         newAccessToken,
+			RefreshToken:        newRefreshToken,
+			AccessTokenExpires:  now.Add(accessExpire),
+			RefreshTokenExpires: now.Add(refreshExpire),
+			Auth:                refreshData.AuthContext,
+		}
+		return nil
+	}, rKey)
+	if err != nil {
+		return nil, fmt.Errorf("刷新令牌失败: %w", err)
+	}
+
+	return tokenDetails, nil
+}
+
+func RemoveSession(ctx context.Context, accessToken string, refreshToken string) error {
+	g.Redis.Del(ctx, accessKey(accessToken), refreshKey(refreshToken))
+	return nil
+}
+
+// 生成一个新的令牌
+func genToken() string {
+	return uuid.NewString()
+}
+
+// 令牌键的格式为 "session:<token>"
 func accessKey(token string) string {
 	return fmt.Sprintf("session:%s", token)
 }
+
+// 刷新令牌键的格式为 "session:refreshKey:<token>"
+func refreshKey(token string) string {
+	return fmt.Sprintf("session:refresh:%s", token)
+}
+
+// TokenDetails 存储令牌详细信息
+type TokenDetails struct {
+	// 访问令牌
+	AccessToken string
+	// 刷新令牌
+	RefreshToken string
+	// 访问令牌过期时间
+	AccessTokenExpires time.Time
+	// 刷新令牌过期时间
+	RefreshTokenExpires time.Time
+	// 认证信息
+	Auth *Context
+}
+
+type RefreshData struct {
+	AuthContext *Context
+	AccessToken string
+}
+
+type SessionErr string
+
+func (e SessionErr) Error() string {
+	return string(e)
+}
+
+const (
+	ErrInvalidRefreshToken = SessionErr("无效的刷新令牌")
+)