✨ 初步实现了账密登录能力。

Author: langyo

Cargo.lock

@@ -94,5 +94,6 @@ redis = { version = "^0.32", features = [
   "ahash",
   "uuid",
   "json",
+  "aio",
 ] }
 minio = "^0.3"

Cargo.toml

@@ -44,3 +44,5 @@ tracing-appender = { workspace = true }
 tracing-subscriber = { workspace = true }
 
 sea-orm = { workspace = true }
+redis = { workspace = true }
+minio = { workspace = true }

packages/functions/Cargo.toml

@@ -1,22 +1,76 @@
-use anyhow::Result;
+use anyhow::{anyhow, Result};
 
+use redis::{AsyncTypedCommands, SetOptions};
 use sea_orm::prelude::*;
 
 use _database::{models, DB_CONN};
-use _utils::types::auth::{OauthAnonymousResponse, OauthLoginResponse};
+use _utils::{
+    bcrypt::verify_hash,
+    jwt::{generate_token, EXPIRED_APPEND_DURATION},
+    types::auth::{OauthAnonymousResponse, OauthLoginResponse, OauthScopeType, OauthTokenType},
+};
 
 pub async fn oauth_password_login(
     username: String,
     password: String,
 ) -> Result<OauthLoginResponse> {
-    let user = models::system::sys_user::Entity::find()
+    let item = models::system::sys_user::Entity::find()
+        .filter(models::system::sys_user::Column::DelFlag.eq(false))
         .filter(models::system::sys_user::Column::Username.eq(username))
         .one(&DB_CONN.wait().pg_conn)
-        .await?;
+        .await?
+        .ok_or(anyhow!("User not found"))?;
 
-    // Continue with the login logic
+    if !verify_hash(
+        password,
+        item.password
+            .strip_prefix("{bcrypt}")
+            .ok_or(anyhow!("Failed to strip bcrypt prefix"))?,
+    )? {
+        return Err(anyhow!("Invalid password"));
+    }
 
-    todo!()
+    let jti = Uuid::now_v7();
+    let now = chrono::Utc::now();
+    let access_token = generate_token(now, item.id, jti).await?;
+    let refresh_token = generate_token(now, item.id, jti).await?;
+
+    let mut redis_conn = DB_CONN
+        .wait()
+        .redis_conn
+        .get_multiplexed_async_connection()
+        .await?;
+    redis_conn
+        .set_options(
+            format!("jwt:access:{}:{}", item.id, jti),
+            &access_token,
+            SetOptions::default()
+                .conditional_set(redis::ExistenceCheck::NX)
+                .with_expiration(redis::SetExpiry::EX(
+                    EXPIRED_APPEND_DURATION.as_seconds_f32() as u64,
+                )),
+        )
+        .await?;
+    redis_conn
+        .set_options(
+            format!("jwt:refresh:{}:{}", item.id, jti),
+            &refresh_token,
+            SetOptions::default()
+                .conditional_set(redis::ExistenceCheck::NX)
+                .with_expiration(redis::SetExpiry::EX(
+                    EXPIRED_APPEND_DURATION.as_seconds_f32() as u64,
+                )),
+        )
+        .await?;
+
+    Ok(OauthLoginResponse {
+        access_token,
+        refresh_token,
+        token_type: OauthTokenType::Bearer,
+        expires_in: EXPIRED_APPEND_DURATION.as_seconds_f32() as u64,
+        scope: OauthScopeType::All,
+        jti,
+    })
 }
 
 pub async fn oauth_client_credentials(scope: String) -> Result<OauthAnonymousResponse> {

packages/functions/src/functions/system/oauth.rs

@@ -37,7 +37,7 @@ where
 
             return Ok(Self(Some(AuthInfo {
                 token,
-                user_id: claims.user_id,
+                user_id: claims.sub,
                 created_at: claims.iat,
                 expires_at: claims.exp,
             })));

packages/router/src/middlewares/auth_extrator.rs

@@ -2,6 +2,7 @@ use anyhow::{Context, Result};
 use chrono::{DateTime, Utc};
 use once_cell::sync::Lazy;
 use serde::{Deserialize, Serialize};
+use uuid::Uuid;
 
 use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation};
 
@@ -47,25 +48,25 @@ mod jwt_numeric_date {
 
 #[derive(Debug, PartialEq, Serialize, Deserialize)]
 pub struct Claims {
-    pub user_id: i64,
+    pub sub: i64,
+    pub jti: Uuid,
     #[serde(with = "jwt_numeric_date")]
     pub iat: DateTime<Utc>,
     #[serde(with = "jwt_numeric_date")]
     pub exp: DateTime<Utc>,
 }
 
-pub async fn generate_token(user_id: i64) -> Result<(String, DateTime<Utc>)> {
-    let now = chrono::Utc::now();
+pub static EXPIRED_APPEND_DURATION: chrono::Duration = chrono::Duration::days(15);
+
+pub async fn generate_token(now: DateTime<Utc>, user_id: i64, jti: Uuid) -> Result<String> {
     let claims = Claims {
-        user_id,
+        sub: user_id,
+        jti,
         iat: now,
-        exp: now + chrono::Duration::days(15),
+        exp: now + EXPIRED_APPEND_DURATION,
     };
 
-    Ok((
-        encode(&Header::default(), &claims, &JWT_SECRET.0).context("Failed to encode token")?,
-        now,
-    ))
+    Ok(encode(&Header::default(), &claims, &JWT_SECRET.0).context("Failed to encode token")?)
 }
 
 pub async fn verify_token(token: &str) -> Result<Claims> {

packages/utils/src/jwt.rs

@@ -36,7 +36,7 @@ pub struct OauthAnonymousResponse {
     Debug, Clone, Copy, PartialEq, Default, EnumIter, Display, AsRefStr, Serialize, Deserialize,
 )]
 #[strum(serialize_all = "snake_case")]
-#[serde(rename_all = "snake_case", untagged)]
+#[serde(rename_all = "snake_case")]
 pub enum OauthTokenType {
     /// Bearer
     #[default]
@@ -47,7 +47,7 @@ pub enum OauthTokenType {
     Debug, Clone, Copy, PartialEq, Default, EnumIter, Display, AsRefStr, Serialize, Deserialize,
 )]
 #[strum(serialize_all = "snake_case")]
-#[serde(rename_all = "snake_case", untagged)]
+#[serde(rename_all = "snake_case")]
 pub enum OauthScopeType {
     /// 全局
     #[default]