Genarrative/server-rs/crates/api-server/src/password_entry.rs

use axum::{
    Json,
    extract::{Extension, State},
    http::{HeaderMap, StatusCode},
    response::IntoResponse,
};
use module_auth::{PasswordEntryError, PasswordEntryInput};
use serde_json::json;
use shared_contracts::auth::{AuthUserPayload, PasswordEntryRequest, PasswordEntryResponse};

use crate::{
    api_response::json_success_body,
    auth_session::{
        attach_set_cookie_header, build_refresh_session_cookie_header, create_password_auth_session,
    },
    http_error::AppError,
    request_context::RequestContext,
    session_client::resolve_session_client_context,
    state::AppState,
};

pub async fn password_entry(
    State(state): State<AppState>,
    Extension(request_context): Extension<RequestContext>,
    headers: HeaderMap,
    Json(payload): Json<PasswordEntryRequest>,
) -> Result<impl IntoResponse, AppError> {
    let result = state
        .password_entry_service()
        .execute(PasswordEntryInput {
            username: payload.username,
            password: payload.password,
        })
        .await
        .map_err(map_password_entry_error)?;
    let session_client = resolve_session_client_context(&headers);
    let signed_session = create_password_auth_session(&state, &result.user, &session_client)?;

    let mut headers = HeaderMap::new();
    attach_set_cookie_header(
        &mut headers,
        build_refresh_session_cookie_header(&state, &signed_session.refresh_token)?,
    );

    Ok((
        headers,
        json_success_body(
            Some(&request_context),
            PasswordEntryResponse {
                token: signed_session.access_token,
                user: AuthUserPayload {
                    id: result.user.id,
                    username: result.user.username,
                    display_name: result.user.display_name,
                    phone_number_masked: result.user.phone_number_masked,
                    login_method: result.user.login_method.as_str().to_string(),
                    binding_status: result.user.binding_status.as_str().to_string(),
                    wechat_bound: result.user.wechat_bound,
                },
            },
        ),
    ))
}

fn map_password_entry_error(error: PasswordEntryError) -> AppError {
    match error {
        PasswordEntryError::InvalidUsername => AppError::from_status(StatusCode::BAD_REQUEST)
            .with_message("用户名只允许 3 到 24 位字母、数字、下划线")
            .with_details(json!({
                "field": "username",
            })),
        PasswordEntryError::InvalidPasswordLength => AppError::from_status(StatusCode::BAD_REQUEST)
            .with_message("密码长度需要在 6 到 128 位之间")
            .with_details(json!({
                "field": "password",
            })),
        PasswordEntryError::InvalidCredentials => {
            AppError::from_status(StatusCode::UNAUTHORIZED).with_message("用户名或密码错误")
        }
        PasswordEntryError::Store(_) | PasswordEntryError::PasswordHash(_) => {
            AppError::from_status(StatusCode::INTERNAL_SERVER_ERROR).with_message(error.to_string())
        }
    }
}