重写

2026-04-21 19:17:31 +08:00
parent d234d27cc0
commit 89129ef1f4
83 changed files with 13329 additions and 176 deletions
--- a/server-rs/crates/api-server/src/auth_session.rs
+++ b/server-rs/crates/api-server/src/auth_session.rs
@@ -9,8 +9,8 @@ use platform_auth::{
 };
 use time::OffsetDateTime;

+use crate::session_client::SessionClientContext;
 use crate::{http_error::AppError, state::AppState};
-use crate::{session_client::SessionClientContext};

 #[derive(Debug, Clone)]
 pub struct SignedAuthSession {
@@ -22,6 +22,15 @@ pub fn create_password_auth_session(
    state: &AppState,
    user: &AuthUser,
    session_client: &SessionClientContext,
+) -> Result<SignedAuthSession, AppError> {
+    create_auth_session(state, user, session_client, AuthLoginMethod::Password)
+}
+
+pub fn create_auth_session(
+    state: &AppState,
+    user: &AuthUser,
+    session_client: &SessionClientContext,
+    session_provider: AuthLoginMethod,
 ) -> Result<SignedAuthSession, AppError> {
    let refresh_token = create_refresh_session_token();
    let refresh_token_hash = hash_refresh_session_token(&refresh_token);
@@ -31,13 +40,18 @@ pub fn create_password_auth_session(
            CreateRefreshSessionInput {
                user_id: user.id.clone(),
                refresh_token_hash,
-                issued_by_provider: AuthLoginMethod::Password,
+                issued_by_provider: session_provider.clone(),
                client_info: session_client.to_refresh_session_client_info(),
            },
            OffsetDateTime::now_utc(),
        )
        .map_err(map_refresh_session_error)?;
-    let access_token = sign_access_token_for_user(state, user, &session.session.session_id)?;
+    let access_token = sign_access_token_for_user(
+        state,
+        user,
+        &session.session.session_id,
+        Some(&session_provider),
+    )?;

    Ok(SignedAuthSession {
        access_token,
@@ -49,12 +63,13 @@ pub fn sign_access_token_for_user(
    state: &AppState,
    user: &AuthUser,
    session_id: &str,
+    session_provider_override: Option<&AuthLoginMethod>,
 ) -> Result<String, AppError> {
    let access_claims = AccessTokenClaims::from_input(
        AccessTokenClaimsInput {
            user_id: user.id.clone(),
            session_id: session_id.to_string(),
-            provider: map_auth_provider(&user.login_method),
+            provider: map_auth_provider(session_provider_override.unwrap_or(&user.login_method)),
            roles: vec!["user".to_string()],
            token_version: user.token_version,
            phone_verified: user.phone_number_masked.is_some(),