91 lines
3.6 KiB
Rust
91 lines
3.6 KiB
Rust
use axum::{
|
||
Json,
|
||
extract::{Extension, State},
|
||
http::StatusCode,
|
||
};
|
||
use platform_auth::hash_refresh_session_token;
|
||
use shared_contracts::auth::{AuthSessionSummaryPayload, AuthSessionsResponse};
|
||
use time::OffsetDateTime;
|
||
|
||
use crate::{
|
||
api_response::json_success_body,
|
||
auth::{AuthenticatedAccessToken, RefreshSessionToken},
|
||
http_error::AppError,
|
||
request_context::RequestContext,
|
||
session_client::mask_ip,
|
||
state::AppState,
|
||
};
|
||
|
||
pub async fn auth_sessions(
|
||
State(state): State<AppState>,
|
||
Extension(request_context): Extension<RequestContext>,
|
||
Extension(authenticated): Extension<AuthenticatedAccessToken>,
|
||
maybe_refresh_token: Option<Extension<RefreshSessionToken>>,
|
||
) -> Result<Json<serde_json::Value>, AppError> {
|
||
// 当前设备识别仍然依赖 refresh cookie 命中的原始 token,对旧前端行为保持兼容。
|
||
let user_id = authenticated.claims().user_id().to_string();
|
||
let current_refresh_token_hash = maybe_refresh_token.and_then(|token| {
|
||
let token = token.0.token().trim();
|
||
if token.is_empty() {
|
||
return None;
|
||
}
|
||
|
||
Some(hash_refresh_session_token(token))
|
||
});
|
||
|
||
let sessions = state
|
||
.refresh_session_service()
|
||
.list_active_sessions_by_user(&user_id, OffsetDateTime::now_utc())
|
||
.map_err(map_refresh_session_list_error)?;
|
||
|
||
Ok(json_success_body(
|
||
Some(&request_context),
|
||
AuthSessionsResponse {
|
||
sessions: sessions
|
||
.sessions
|
||
.into_iter()
|
||
.map(|session| {
|
||
let is_current = current_refresh_token_hash
|
||
.as_ref()
|
||
.is_some_and(|hash| session.refresh_token_hash == *hash);
|
||
let client_label = session.client_info.device_display_name.clone();
|
||
|
||
AuthSessionSummaryPayload {
|
||
session_id: session.session_id,
|
||
client_type: session.client_info.client_type,
|
||
client_runtime: session.client_info.client_runtime,
|
||
client_platform: session.client_info.client_platform,
|
||
client_label,
|
||
device_display_name: session.client_info.device_display_name,
|
||
mini_program_app_id: session.client_info.mini_program_app_id,
|
||
mini_program_env: session.client_info.mini_program_env,
|
||
user_agent: session.client_info.user_agent,
|
||
ip_masked: mask_ip(session.client_info.ip.as_deref()),
|
||
is_current,
|
||
created_at: session.created_at,
|
||
last_seen_at: session.last_seen_at,
|
||
expires_at: session.expires_at,
|
||
}
|
||
})
|
||
.collect(),
|
||
},
|
||
))
|
||
}
|
||
|
||
fn map_refresh_session_list_error(error: module_auth::RefreshSessionError) -> AppError {
|
||
match error {
|
||
module_auth::RefreshSessionError::UserNotFound => {
|
||
AppError::from_status(StatusCode::UNAUTHORIZED)
|
||
.with_message("当前登录态已失效,请重新登录")
|
||
}
|
||
module_auth::RefreshSessionError::MissingToken
|
||
| module_auth::RefreshSessionError::SessionNotFound
|
||
| module_auth::RefreshSessionError::SessionExpired => {
|
||
AppError::from_status(StatusCode::UNAUTHORIZED).with_message(error.to_string())
|
||
}
|
||
module_auth::RefreshSessionError::Store(message) => {
|
||
AppError::from_status(StatusCode::INTERNAL_SERVER_ERROR).with_message(message)
|
||
}
|
||
}
|
||
}
|