linfeng
/
training_data
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ad

This commit is contained in:
ditiqi 2025-01-27 22:43:07 +08:00
parent f149f20052
commit 6b67107b8c
1 changed files with 37 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
apps/server/src/auth/auth.service.ts
View File

@ -4,14 +4,9 @@ import {
BadRequestException,
Logger,
InternalServerErrorException,
} from '@nestjs/common';
import { StaffService } from '../models/staff/staff.service';
import {
db,
AuthSchema,
JwtPayload,
} from '@nice/common';
import { db, AuthSchema, JwtPayload } from '@nice/common';
import * as argon2 from 'argon2';
import { JwtService } from '@nestjs/jwt';
import { redis } from '@server/utils/redis/redis.service';
@ -24,14 +19,12 @@ import { TusService } from '@server/upload/tus.service';
import { extractFileIdFromNginxUrl } from '@server/upload/utils';
@Injectable()
export class AuthService {
private logger = new Logger(AuthService.name)
private logger = new Logger(AuthService.name);
constructor(
private readonly staffService: StaffService,
private readonly jwtService: JwtService,
private readonly sessionService: SessionService
) {
}
private readonly sessionService: SessionService,
) {}
async validateFileRequest(params: FileRequest): Promise<FileAuthResult> {
try {
// 基础参数验证
@ -39,27 +32,32 @@ export class AuthService {
return { isValid: false, error: FileValidationErrorType.INVALID_URI };
}
const fileId = extractFileIdFromNginxUrl(params.originalUri);
console.log(params.originalUri, fileId)
console.log(params.originalUri, fileId);
const resource = await db.resource.findFirst({ where: { fileId } });
// 资源验证
if (!resource) {
return { isValid: false, error: FileValidationErrorType.RESOURCE_NOT_FOUND };
return {
isValid: false,
error: FileValidationErrorType.RESOURCE_NOT_FOUND,
};
}
// 处理公开资源
if (resource.isPublic) {
return {
isValid: true,
resourceType: resource.type || 'unknown'
resourceType: resource.type || 'unknown',
};
}
// 处理私有资源
const token = extractTokenFromAuthorization(params.authorization);
if (!token) {
return { isValid: false, error: FileValidationErrorType.AUTHORIZATION_REQUIRED };
return {
isValid: false,
error: FileValidationErrorType.AUTHORIZATION_REQUIRED,
};
}
const payload: JwtPayload = await this.jwtService.verify(token)
const payload: JwtPayload = await this.jwtService.verify(token);
if (!payload.sub) {
return { isValid: false, error: FileValidationErrorType.INVALID_TOKEN };
}
@ -67,9 +65,8 @@ export class AuthService {
return {
isValid: true,
userId: payload.sub,
resourceType: resource.type || 'unknown'
resourceType: resource.type || 'unknown',
};
} catch (error) {
this.logger.error('File validation error:', error);
return { isValid: false, error: FileValidationErrorType.UNKNOWN_ERROR };
@ -93,7 +90,9 @@ export class AuthService {
return { accessToken, refreshToken };
}
async signIn(data: z.infer<typeof AuthSchema.signInRequset>): Promise<SessionInfo> {
async signIn(
data: z.infer<typeof AuthSchema.signInRequset>,
): Promise<SessionInfo> {
const { username, password, phoneNumber } = data;
let staff = await db.staff.findFirst({
@ -113,7 +112,8 @@ export class AuthService {
if (!staff.enabled) {
throw new UnauthorizedException('帐号已禁用');
}
const isPasswordMatch = phoneNumber || await argon2.verify(staff.password, password);
const isPasswordMatch =
phoneNumber || (await argon2.verify(staff.password, password));
if (!isPasswordMatch) {
throw new UnauthorizedException('帐号或密码错误');
}
@ -143,7 +143,7 @@ export class AuthService {
const existingUser = await db.staff.findFirst({
where: {
OR: [{ username }, { officerId }, { phoneNumber }],
deletedAt: null
deletedAt: null,
},
});
@ -155,7 +155,7 @@ export class AuthService {
data: {
...data,
domainId: data.deptId,
}
},
});
}
async refreshToken(data: z.infer<typeof AuthSchema.refreshTokenRequest>) {
@ -168,12 +168,17 @@ export class AuthService {
throw new UnauthorizedException('用户会话已过期');
}
const session = await this.sessionService.getSession(payload.sub, sessionId);
const session = await this.sessionService.getSession(
payload.sub,
sessionId,
);
if (!session || session.refresh_token !== refreshToken) {
throw new UnauthorizedException('用户会话已过期');
}
const user = await db.staff.findUnique({ where: { id: payload.sub, deletedAt: null } });
const user = await db.staff.findUnique({
where: { id: payload.sub, deletedAt: null },
});
if (!user) {
throw new UnauthorizedException('用户不存在');
}
@ -186,14 +191,17 @@ export class AuthService {
const updatedSession = {
...session,
access_token: accessToken,
access_token_expires_at: Date.now() + tokenConfig.accessToken.expirationMs,
access_token_expires_at:
Date.now() + tokenConfig.accessToken.expirationMs,
};
await this.sessionService.saveSession(
payload.sub,
updatedSession,
tokenConfig.accessToken.expirationTTL,
);
await redis.del(UserProfileService.instance.getProfileCacheKey(payload.sub));
await redis.del(
UserProfileService.instance.getProfileCacheKey(payload.sub),
);
return {
access_token: accessToken,
access_token_expires_at: updatedSession.access_token_expires_at,
@ -212,7 +220,7 @@ export class AuthService {
where: { id: user?.id },
data: {
password: newPassword,
}
},
});
return { message: '密码已修改' };
@ -232,5 +240,4 @@ export class AuthService {
return { message: '注销成功' };
}
}
}