2024-08-05 09:11:43 +00:00
|
|
|
|
package logic
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"ark-permission/gen_result/pb/permission"
|
2024-08-06 05:59:24 +00:00
|
|
|
|
"ark-permission/internal/domain"
|
|
|
|
|
|
"ark-permission/internal/entity"
|
2024-08-05 09:11:43 +00:00
|
|
|
|
"ark-permission/internal/svc"
|
2024-08-08 03:02:13 +00:00
|
|
|
|
ers "code.30cm.net/wanderland/library-go/errors"
|
2024-08-06 05:59:24 +00:00
|
|
|
|
"context"
|
|
|
|
|
|
"github.com/google/uuid"
|
|
|
|
|
|
"time"
|
2024-08-05 09:11:43 +00:00
|
|
|
|
|
|
|
|
|
|
"github.com/zeromicro/go-zero/core/logx"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
type NewTokenLogic struct {
|
|
|
|
|
|
ctx context.Context
|
|
|
|
|
|
svcCtx *svc.ServiceContext
|
|
|
|
|
|
logx.Logger
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func NewNewTokenLogic(ctx context.Context, svcCtx *svc.ServiceContext) *NewTokenLogic {
|
|
|
|
|
|
return &NewTokenLogic{
|
|
|
|
|
|
ctx: ctx,
|
|
|
|
|
|
svcCtx: svcCtx,
|
|
|
|
|
|
Logger: logx.WithContext(ctx),
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2024-08-06 05:59:24 +00:00
|
|
|
|
// https://datatracker.ietf.org/doc/html/rfc6749#section-3.3
|
|
|
|
|
|
type authorizationReq struct {
|
|
|
|
|
|
GrantType domain.GrantType `json:"grant_type" validate:"required,oneof=password client_credentials refresh_token"`
|
|
|
|
|
|
DeviceID string `json:"device_id"`
|
|
|
|
|
|
Scope string `json:"scope" validate:"required"`
|
|
|
|
|
|
Data map[string]any `json:"data"`
|
|
|
|
|
|
Expires int `json:"expires"`
|
|
|
|
|
|
IsRefreshToken bool `json:"is_refresh_token"`
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2024-08-06 07:52:42 +00:00
|
|
|
|
var generateAccessTokenFunc = generateAccessToken
|
|
|
|
|
|
var generateRefreshTokenFunc = generateRefreshToken
|
|
|
|
|
|
|
2024-08-05 09:11:43 +00:00
|
|
|
|
// NewToken 建立一個新的 Token,例如:AccessToken
|
|
|
|
|
|
func (l *NewTokenLogic) NewToken(in *permission.AuthorizationReq) (*permission.TokenResp, error) {
|
2024-08-06 05:59:24 +00:00
|
|
|
|
// 驗證所需
|
|
|
|
|
|
if err := l.svcCtx.Validate.ValidateAll(&authorizationReq{
|
|
|
|
|
|
GrantType: domain.GrantType(in.GetGrantType()),
|
|
|
|
|
|
Scope: in.GetScope(),
|
|
|
|
|
|
}); err != nil {
|
|
|
|
|
|
return nil, ers.InvalidFormat(err.Error())
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 準備建立 Token 所需
|
|
|
|
|
|
now := time.Now().UTC()
|
|
|
|
|
|
expires := int(in.GetExpires())
|
|
|
|
|
|
refreshExpires := int(in.GetExpires())
|
|
|
|
|
|
if expires <= 0 {
|
|
|
|
|
|
expires = int(l.svcCtx.Config.Token.Expired.Seconds())
|
|
|
|
|
|
refreshExpires = expires
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 如果這是一個 Refresh Token 過期時間要比普通的Token 長
|
|
|
|
|
|
if in.GetIsRefreshToken() {
|
|
|
|
|
|
refreshExpires = int(l.svcCtx.Config.Token.RefreshExpires.Seconds())
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
token := entity.Token{
|
|
|
|
|
|
ID: uuid.Must(uuid.NewRandom()).String(),
|
|
|
|
|
|
DeviceID: in.GetDeviceId(),
|
|
|
|
|
|
ExpiresIn: expires,
|
|
|
|
|
|
RefreshExpiresIn: refreshExpires,
|
|
|
|
|
|
AccessCreateAt: now,
|
|
|
|
|
|
RefreshCreateAt: now,
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
claims := claims(in.GetData())
|
|
|
|
|
|
claims.SetRole(domain.DefaultRole)
|
|
|
|
|
|
claims.SetID(token.ID)
|
|
|
|
|
|
claims.SetScope(in.GetScope())
|
|
|
|
|
|
|
|
|
|
|
|
token.UID = claims.UID()
|
|
|
|
|
|
|
|
|
|
|
|
if in.GetDeviceId() != "" {
|
|
|
|
|
|
claims.SetDeviceID(in.GetDeviceId())
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var err error
|
2024-08-06 07:52:42 +00:00
|
|
|
|
token.AccessToken, err = generateAccessTokenFunc(token, claims, l.svcCtx.Config.Token.Secret)
|
2024-08-06 05:59:24 +00:00
|
|
|
|
if err != nil {
|
2024-08-08 08:10:38 +00:00
|
|
|
|
logx.WithCallerSkip(1).WithFields(
|
|
|
|
|
|
logx.Field("func", "generateAccessTokenFunc"),
|
|
|
|
|
|
logx.Field("claims", claims),
|
|
|
|
|
|
).Error(err.Error())
|
|
|
|
|
|
return nil, err
|
2024-08-06 05:59:24 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if in.GetIsRefreshToken() {
|
2024-08-06 07:52:42 +00:00
|
|
|
|
token.RefreshToken = generateRefreshTokenFunc(token.AccessToken)
|
2024-08-06 05:59:24 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
err = l.svcCtx.TokenRedisRepo.Create(l.ctx, token)
|
|
|
|
|
|
if err != nil {
|
2024-08-08 08:10:38 +00:00
|
|
|
|
logx.WithCallerSkip(1).WithFields(
|
|
|
|
|
|
logx.Field("func", "TokenRedisRepo.Create"),
|
|
|
|
|
|
logx.Field("token", token),
|
|
|
|
|
|
).Error(err.Error())
|
|
|
|
|
|
return nil, err
|
2024-08-06 05:59:24 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return &permission.TokenResp{
|
|
|
|
|
|
AccessToken: token.AccessToken,
|
|
|
|
|
|
TokenType: domain.TokenTypeBearer,
|
|
|
|
|
|
ExpiresIn: int32(token.ExpiresIn),
|
|
|
|
|
|
RefreshToken: token.RefreshToken,
|
|
|
|
|
|
}, nil
|
|
|
|
|
|
}
|
