wip: 继续 day2

internal/serve/serve.go

@@ -7,7 +7,11 @@ import (
 	"github.com/loveuer/nf"
 	"github.com/loveuer/nf/nft/log"
 	"net/http"
+	"time"
+	"uauth/internal/opt"
+	"uauth/internal/store/cache"
 	"uauth/internal/tool"
+	"uauth/model"
 )
 
 func authenticateUser(username, password string) (bool, error) {
@@ -89,44 +93,76 @@ func handleApprove(c *nf.Ctx) error {
 
 // 令牌请求的处理
 func handleToken(c *nf.Ctx) error {
+	var (
+		err         error
+		grantType   string
+		code        string
+		redirectURI string
+
+		// 记录 user
+		accessToken  string
+		refreshToken string
+		user         = new(model.User)
+	)
+
 	// 获取请求参数
-	grantType := c.FormValue("grant_type")
-	code := c.FormValue("code")
-	redirectURI := c.FormValue("redirect_uri")
+	grantType = c.FormValue("grant_type")
+	code = cache.Prefix + c.FormValue("code")
+	redirectURI = c.FormValue("redirect_uri")
 
 	// 简单验证
 	if grantType != "authorization_code" {
 		return c.Status(http.StatusBadRequest).SendString("Unsupported grant type")
 	}
 
-	mu.Lock()
-	defer mu.Unlock()
-
-	// 验证授权码是否有效
-	accessToken, ok := authCodes[code]
-	if !ok {
+	if err = cache.Client.GetScan(tool.Timeout(3), code).Scan(&user); err != nil {
 		return c.Status(http.StatusBadRequest).SendString("Invalid authorization code")
 	}
+	defer func() {
+		// 清除已使用的授权码
+		cache.Client.Del(tool.Timeout(3), code)
+		_ = redirectURI
+	}()
 
 	// 生成访问令牌
-	token := generateAccessToken()
+	if accessToken, refreshToken, err = generateAccessToken(user); err != nil {
+		return c.Status(http.StatusInternalServerError).SendString(err.Error())
+	}
+
+	c.Writer.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
 
 	// 返回访问令牌
 	return c.JSON(map[string]string{
-		"access_token": token,
-		"token_type":   "bearer",
-		"expires_in":   "3600", // 访问令牌有效期（秒）
+		"access_token":  accessToken,
+		"refresh_token": refreshToken,
+		"token_type":    "bearer",
+		"expires_in":    "3600", // 访问令牌有效期（秒）
 	})
-
-	// 清除已使用的授权码
-	delete(authCodes, code)
 }
 
-func Run(ctx context.Context, prefix string, address string) error {
+func generateAccessToken(user *model.User) (accessToken string, refreshToken string, err error) {
+	if accessToken, err = user.JwtEncode(); err != nil {
+		return
+	}
+
+	refreshToken = uuid.New().String()[:8]
+
+	if err = cache.Client.SetEx(tool.Timeout(3), cache.Prefix+"refresh_token", refreshToken, 24*time.Hour); err != nil {
+		return
+	}
+
+	if err = cache.Client.SetEx(tool.Timeout(3), cache.Prefix+"access_token", accessToken, time.Hour); err != nil {
+		return
+	}
+
+	return
+}
+
+func Run(ctx context.Context) error {
 
 	app := nf.New()
 
-	api := app.Group(prefix)
+	api := app.Group(opt.Cfg.Svc.Prefix)
 	// 设置路由
 	api.Get("/login", handleLogin)
 	api.Get("/authorize", handleAuthorize)
@@ -134,11 +170,11 @@ func Run(ctx context.Context, prefix string, address string) error {
 	api.Post("/token", handleToken)
 
 	// 启动 HTTP 服务器
-	log.Info("Starting server on: %s", address)
+	log.Info("Starting server on: %s", opt.Cfg.Svc.Address)
 	go func() {
 		<-ctx.Done()
 		_ = app.Shutdown(tool.Timeout(2))
 	}()
 
-	return app.Run(address)
+	return app.Run(opt.Cfg.Svc.Address)
 }