feat: add platform auth jwt adapter

2026-04-21 13:02:44 +08:00
parent e37163d4d3
commit adaf514a1a
20 changed files with 1220 additions and 44 deletions
--- a/server-rs/crates/api-server/src/config.rs
+++ b/server-rs/crates/api-server/src/config.rs
@@ -6,6 +6,9 @@ pub struct AppConfig {
    pub bind_host: String,
    pub bind_port: u16,
    pub log_filter: String,
+    pub jwt_issuer: String,
+    pub jwt_secret: String,
+    pub jwt_access_token_ttl_seconds: u64,
 }

 impl Default for AppConfig {
@@ -14,6 +17,9 @@ impl Default for AppConfig {
            bind_host: "127.0.0.1".to_string(),
            bind_port: 3000,
            log_filter: "info,tower_http=info".to_string(),
+            jwt_issuer: "https://auth.genarrative.local".to_string(),
+            jwt_secret: "genarrative-dev-secret".to_string(),
+            jwt_access_token_ttl_seconds: 2 * 60 * 60,
        }
    }
 }
@@ -40,6 +46,25 @@ impl AppConfig {
            }
        }

+        if let Some(jwt_issuer) =
+            read_first_non_empty_env(&["GENARRATIVE_JWT_ISSUER", "JWT_ISSUER"])
+        {
+            config.jwt_issuer = jwt_issuer;
+        }
+
+        if let Some(jwt_secret) =
+            read_first_non_empty_env(&["GENARRATIVE_JWT_SECRET", "JWT_SECRET"])
+        {
+            config.jwt_secret = jwt_secret;
+        }
+
+        if let Some(ttl_seconds) = read_first_duration_seconds_env(&[
+            "GENARRATIVE_JWT_ACCESS_TOKEN_TTL_SECONDS",
+            "JWT_EXPIRES_IN",
+        ]) {
+            config.jwt_access_token_ttl_seconds = ttl_seconds;
+        }
+
        config
    }

@@ -50,3 +75,49 @@ impl AppConfig {
            .unwrap_or_else(|_| SocketAddr::from(([127, 0, 0, 1], 3000)))
    }
 }
+
+fn read_first_non_empty_env(keys: &[&str]) -> Option<String> {
+    keys.iter().find_map(|key| {
+        env::var(key).ok().and_then(|value| {
+            let value = value.trim().to_string();
+            if value.is_empty() {
+                return None;
+            }
+
+            Some(value)
+        })
+    })
+}
+
+fn read_first_duration_seconds_env(keys: &[&str]) -> Option<u64> {
+    keys.iter().find_map(|key| {
+        env::var(key)
+            .ok()
+            .and_then(|value| parse_duration_seconds(&value))
+    })
+}
+
+fn parse_duration_seconds(raw: &str) -> Option<u64> {
+    let raw = raw.trim();
+    if raw.is_empty() {
+        return None;
+    }
+
+    if let Ok(seconds) = raw.parse::<u64>() {
+        return Some(seconds);
+    }
+
+    let (number, unit) = raw.split_at(raw.len().checked_sub(1)?);
+    let unit = unit.to_ascii_lowercase();
+    let number = number.trim().parse::<u64>().ok()?;
+
+    let multiplier = match unit.as_str() {
+        "s" => 1,
+        "m" => 60,
+        "h" => 60 * 60,
+        "d" => 24 * 60 * 60,
+        _ => return None,
+    };
+
+    number.checked_mul(multiplier)
+}