90 lines
2.9 KiB
Rust
90 lines
2.9 KiB
Rust
use axum::{
|
|
extract::{Extension, State},
|
|
http::HeaderMap,
|
|
response::IntoResponse,
|
|
};
|
|
use module_auth::{RefreshSessionError, RotateRefreshSessionInput};
|
|
use platform_auth::hash_refresh_session_token;
|
|
use shared_contracts::auth::RefreshSessionResponse;
|
|
use time::OffsetDateTime;
|
|
|
|
use crate::{
|
|
api_response::json_success_body,
|
|
auth::RefreshSessionToken,
|
|
auth_session::{
|
|
attach_set_cookie_header, build_clear_refresh_session_cookie_header,
|
|
build_refresh_session_cookie_header, map_refresh_session_error, sign_access_token_for_user,
|
|
},
|
|
http_error::AppError,
|
|
request_context::RequestContext,
|
|
state::AppState,
|
|
};
|
|
|
|
pub async fn refresh_session(
|
|
State(state): State<AppState>,
|
|
Extension(request_context): Extension<RequestContext>,
|
|
maybe_refresh_token: Option<Extension<RefreshSessionToken>>,
|
|
) -> Result<impl IntoResponse, AppError> {
|
|
let raw_refresh_token = maybe_refresh_token
|
|
.map(|token| token.0.token().to_string())
|
|
.unwrap_or_default();
|
|
if raw_refresh_token.trim().is_empty() {
|
|
return Err(map_refresh_error_with_clear_cookie(
|
|
&state,
|
|
RefreshSessionError::MissingToken,
|
|
));
|
|
}
|
|
let refresh_token_hash = hash_refresh_session_token(&raw_refresh_token);
|
|
let next_refresh_token = platform_auth::create_refresh_session_token();
|
|
let next_refresh_token_hash = hash_refresh_session_token(&next_refresh_token);
|
|
|
|
let rotated = state
|
|
.refresh_session_service()
|
|
.rotate_session(
|
|
RotateRefreshSessionInput {
|
|
refresh_token_hash,
|
|
next_refresh_token_hash,
|
|
},
|
|
OffsetDateTime::now_utc(),
|
|
)
|
|
.map_err(|error| map_refresh_error_with_clear_cookie(&state, error))?;
|
|
let access_token = sign_access_token_for_user(
|
|
&state,
|
|
&rotated.user,
|
|
&rotated.session.session_id,
|
|
Some(&rotated.session.issued_by_provider),
|
|
)?;
|
|
state
|
|
.sync_auth_store_snapshot_to_spacetime()
|
|
.await
|
|
.map_err(|error| {
|
|
AppError::from_status(axum::http::StatusCode::INTERNAL_SERVER_ERROR)
|
|
.with_message(format!("同步认证快照失败:{error}"))
|
|
})?;
|
|
|
|
let mut headers = HeaderMap::new();
|
|
attach_set_cookie_header(
|
|
&mut headers,
|
|
build_refresh_session_cookie_header(&state, &next_refresh_token)?,
|
|
);
|
|
|
|
Ok((
|
|
headers,
|
|
json_success_body(
|
|
Some(&request_context),
|
|
RefreshSessionResponse {
|
|
token: access_token,
|
|
},
|
|
),
|
|
))
|
|
}
|
|
|
|
fn map_refresh_error_with_clear_cookie(state: &AppState, error: RefreshSessionError) -> AppError {
|
|
let response_error = map_refresh_session_error(error);
|
|
if let Ok(set_cookie) = build_clear_refresh_session_cookie_header(state) {
|
|
return response_error.with_header("set-cookie", set_cookie);
|
|
}
|
|
|
|
response_error
|
|
}
|