Integrate unfinished server-rs refactor worklists

2026-04-30 13:39:06 +08:00
parent 62934b0809
commit 7ab0933f6d
676 changed files with 24487 additions and 21531 deletions
--- a/server-rs/crates/module-auth/src/domain.rs
+++ b/server-rs/crates/module-auth/src/domain.rs
@@ -1,4 +1,252 @@
-//! 认证领域模型过渡落位。
+//! 认证领域模型。
 //!
-//! 后续迁移账号、刷新会话、验证码和微信绑定聚合时，只保留认证规则；
-//! 文件持久化、真实短信发送、cookie 写入和 HTTP 上下文都不属于领域核心。
+//! 这里只保留账号、登录方式、绑定状态等纯领域事实。文件持久化、真实短信发送、
+//! cookie 写入、JWT 签发和 HTTP 上下文都属于外层 adapter。
+
+use serde::{Deserialize, Serialize};
+
+use crate::errors::{PasswordEntryError, PhoneAuthError};
+
+pub const PASSWORD_MIN_LENGTH: usize = 6;
+pub const PASSWORD_MAX_LENGTH: usize = 128;
+pub const SMS_CODE_LENGTH: usize = 6;
+pub const SMS_CODE_TTL_MINUTES: i64 = 5;
+pub const SMS_CODE_COOLDOWN_SECONDS: u64 = 60;
+pub const SMS_CODE_MAX_FAILED_ATTEMPTS: u32 = 5;
+
+/// 用户最近一次完成认证的入口类型。
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub enum AuthLoginMethod {
+    Password,
+    Phone,
+    Wechat,
+}
+
+impl AuthLoginMethod {
+    pub fn as_str(&self) -> &'static str {
+        match self {
+            Self::Password => "password",
+            Self::Phone => "phone",
+            Self::Wechat => "wechat",
+        }
+    }
+}
+
+/// 账号是否已经完成必要绑定。
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub enum AuthBindingStatus {
+    Active,
+    PendingBindPhone,
+}
+
+impl AuthBindingStatus {
+    pub fn as_str(&self) -> &'static str {
+        match self {
+            Self::Active => "active",
+            Self::PendingBindPhone => "pending_bind_phone",
+        }
+    }
+}
+
+/// 认证用户快照。
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub struct AuthUser {
+    pub id: String,
+    pub public_user_code: String,
+    pub username: String,
+    pub display_name: String,
+    pub phone_number_masked: Option<String>,
+    pub login_method: AuthLoginMethod,
+    pub binding_status: AuthBindingStatus,
+    pub wechat_bound: bool,
+    pub token_version: u64,
+}
+
+/// 规范化后的手机号快照。
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct PhoneNumberSnapshot {
+    pub e164: String,
+    pub masked_national_number: String,
+}
+
+/// 手机验证码使用场景。
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub enum PhoneAuthScene {
+    Login,
+    BindPhone,
+    ChangePhone,
+    ResetPassword,
+}
+
+impl PhoneAuthScene {
+    pub fn as_str(&self) -> &'static str {
+        match self {
+            Self::Login => "login",
+            Self::BindPhone => "bind_phone",
+            Self::ChangePhone => "change_phone",
+            Self::ResetPassword => "reset_password",
+        }
+    }
+}
+
+/// 微信授权入口场景。
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub enum WechatAuthScene {
+    Desktop,
+    WechatInApp,
+}
+
+impl WechatAuthScene {
+    pub fn as_str(&self) -> &'static str {
+        match self {
+            Self::Desktop => "desktop",
+            Self::WechatInApp => "wechat_in_app",
+        }
+    }
+}
+
+/// 微信身份资料快照。
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct WechatIdentityProfile {
+    pub provider_uid: String,
+    pub provider_union_id: Option<String>,
+    pub display_name: Option<String>,
+    pub avatar_url: Option<String>,
+}
+
+/// 微信授权 state 快照。
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct WechatAuthStateRecord {
+    pub wechat_state_id: String,
+    pub state_token: String,
+    pub redirect_path: String,
+    pub scene: WechatAuthScene,
+    pub request_user_agent: Option<String>,
+    pub expires_at: String,
+    pub consumed_at: Option<String>,
+    pub created_at: String,
+    pub updated_at: String,
+}
+
+/// refresh session 的客户端环境快照。
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub struct RefreshSessionClientInfo {
+    pub client_type: String,
+    pub client_runtime: String,
+    pub client_platform: String,
+    pub client_instance_id: Option<String>,
+    pub device_fingerprint: Option<String>,
+    pub device_display_name: String,
+    pub mini_program_app_id: Option<String>,
+    pub mini_program_env: Option<String>,
+    pub user_agent: Option<String>,
+    pub ip: Option<String>,
+}
+
+/// refresh session 快照。
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub struct RefreshSessionRecord {
+    pub session_id: String,
+    pub user_id: String,
+    pub refresh_token_hash: String,
+    pub issued_by_provider: AuthLoginMethod,
+    pub client_info: RefreshSessionClientInfo,
+    pub expires_at: String,
+    pub revoked_at: Option<String>,
+    pub created_at: String,
+    pub updated_at: String,
+    pub last_seen_at: String,
+}
+
+/// Auth store 持久化快照记录。
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub struct AuthStoreSnapshotRecord {
+    pub snapshot_json: Option<String>,
+    pub updated_at_micros: Option<i64>,
+}
+
+pub fn validate_password(password: &str) -> Result<(), PasswordEntryError> {
+    let length = password.chars().count();
+    if !(PASSWORD_MIN_LENGTH..=PASSWORD_MAX_LENGTH).contains(&length) {
+        return Err(PasswordEntryError::InvalidPasswordLength);
+    }
+
+    Ok(())
+}
+
+pub fn verify_sms_code_format(verify_code: &str) -> Result<(), PhoneAuthError> {
+    let verify_code = verify_code.trim();
+    if verify_code.len() != SMS_CODE_LENGTH
+        || !verify_code
+            .chars()
+            .all(|character| character.is_ascii_digit())
+    {
+        return Err(PhoneAuthError::InvalidVerifyCode);
+    }
+
+    Ok(())
+}
+
+pub fn normalize_mainland_china_phone_number(
+    raw_phone_number: &str,
+) -> Result<PhoneNumberSnapshot, PhoneAuthError> {
+    let digits = raw_phone_number
+        .trim()
+        .chars()
+        .filter(|character| character.is_ascii_digit())
+        .collect::<String>();
+    if digits.len() != 11 || !digits.starts_with('1') {
+        return Err(PhoneAuthError::InvalidPhoneNumber);
+    }
+
+    Ok(PhoneNumberSnapshot {
+        e164: format!("+86{digits}"),
+        masked_national_number: mask_phone_number(&digits),
+    })
+}
+
+pub fn mask_phone_number(phone_number: &str) -> String {
+    format!("{}****{}", &phone_number[..3], &phone_number[7..11])
+}
+
+pub fn build_national_phone_number(e164_phone_number: &str) -> Result<String, PhoneAuthError> {
+    let digits = e164_phone_number.trim().trim_start_matches('+');
+    if let Some(national) = digits.strip_prefix("86")
+        && national.len() == 11
+    {
+        return Ok(national.to_string());
+    }
+    Err(PhoneAuthError::InvalidPhoneNumber)
+}
+
+pub fn build_system_username(prefix: &str, sequence: u64) -> String {
+    format!("{prefix}_{sequence:08}")
+}
+
+// 公开叙世号是稳定的公开检索键，不替代内部 user_id，仅用于展示、分享与搜索。
+pub fn build_public_user_code(sequence: u64) -> String {
+    format!("SY-{sequence:08}")
+}
+
+pub fn normalize_public_user_code(input: &str) -> Result<String, PasswordEntryError> {
+    let normalized = input
+        .trim()
+        .chars()
+        .filter(|character| character.is_ascii_alphanumeric())
+        .collect::<String>()
+        .to_ascii_uppercase();
+    let digits = normalized.strip_prefix("SY").unwrap_or(&normalized);
+
+    if digits.is_empty()
+        || digits.len() > 8
+        || !digits.chars().all(|character| character.is_ascii_digit())
+    {
+        return Err(PasswordEntryError::InvalidPublicUserCode);
+    }
+
+    Ok(format!("SY-{digits:0>8}"))
+}
+
+pub fn build_phone_code_key(phone_number: &str, scene: &PhoneAuthScene) -> String {
+    format!("{}:{}", phone_number.trim(), scene.as_str())
+}