| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 |
- package pub
- import (
- "context"
- "strings"
- "time"
- "perms-system-server/internal/consts"
- authHelper "perms-system-server/internal/logic/auth"
- "perms-system-server/internal/response"
- "perms-system-server/internal/svc"
- "perms-system-server/internal/types"
- "github.com/zeromicro/go-zero/core/logx"
- )
- type RefreshTokenLogic struct {
- logx.Logger
- ctx context.Context
- svcCtx *svc.ServiceContext
- }
- func NewRefreshTokenLogic(ctx context.Context, svcCtx *svc.ServiceContext) *RefreshTokenLogic {
- return &RefreshTokenLogic{
- Logger: logx.WithContext(ctx),
- ctx: ctx,
- svcCtx: svcCtx,
- }
- }
- // RefreshToken 刷新令牌。使用有效的 refreshToken 换取新的 accessToken/refreshToken 令牌对,旧令牌即时失效(单会话轮转)。
- func (l *RefreshTokenLogic) RefreshToken(req *types.RefreshTokenReq) (resp *types.LoginResp, err error) {
- tokenStr := strings.TrimPrefix(req.Authorization, "Bearer ")
- if tokenStr == "" || tokenStr == req.Authorization {
- return nil, response.ErrUnauthorized("refreshToken格式错误")
- }
- claims, err := authHelper.ParseRefreshToken(tokenStr, l.svcCtx.Config.Auth.RefreshSecret)
- if err != nil {
- return nil, response.ErrUnauthorized("refreshToken无效或已过期")
- }
- productCode := claims.ProductCode
- if req.ProductCode != "" && req.ProductCode != productCode {
- return nil, response.ErrBadRequest("刷新令牌不允许切换产品")
- }
- ud := l.svcCtx.UserDetailsLoader.Load(l.ctx, claims.UserId, productCode)
- if ud.Status != consts.StatusEnabled {
- return nil, response.ErrForbidden("账号已被冻结")
- }
- if productCode != "" && ud.ProductStatus != consts.StatusEnabled {
- return nil, response.ErrForbidden("该产品已被禁用")
- }
- if productCode != "" && !ud.IsSuperAdmin && ud.MemberType == "" {
- return nil, response.ErrForbidden("您已不是该产品的成员")
- }
- if claims.TokenVersion != ud.TokenVersion {
- return nil, response.ErrUnauthorized("登录状态已失效,请重新登录")
- }
- newVersion, err := l.svcCtx.SysUserModel.IncrementTokenVersion(l.ctx, claims.UserId)
- if err != nil {
- return nil, err
- }
- l.svcCtx.UserDetailsLoader.Clean(l.ctx, claims.UserId)
- accessToken, err := authHelper.GenerateAccessToken(
- l.svcCtx.Config.Auth.AccessSecret,
- l.svcCtx.Config.Auth.AccessExpire,
- ud.UserId, ud.Username, ud.ProductCode, ud.MemberType, newVersion,
- )
- if err != nil {
- return nil, err
- }
- newRefreshToken, err := authHelper.GenerateRefreshTokenWithExpiry(
- l.svcCtx.Config.Auth.RefreshSecret,
- claims.ExpiresAt.Time,
- ud.UserId, ud.ProductCode, newVersion,
- )
- if err != nil {
- return nil, response.ErrUnauthorized("refreshToken已过期,请重新登录")
- }
- return &types.LoginResp{
- AccessToken: accessToken,
- RefreshToken: newRefreshToken,
- Expires: time.Now().Unix() + l.svcCtx.Config.Auth.AccessExpire,
- UserInfo: types.UserInfo{
- UserId: ud.UserId,
- Username: ud.Username,
- Nickname: ud.Nickname,
- Avatar: ud.Avatar,
- Email: ud.Email,
- Phone: ud.Phone,
- IsSuperAdmin: ud.IsSuperAdminRaw,
- MustChangePassword: ud.MustChangePwdRaw,
- MemberType: ud.MemberType,
- Perms: ud.Perms,
- },
- }, nil
- }
|
