♻️ Moved services & controllers to Pass

2025-07-06 23:41:10 +08:00
parent 4b220e7ed7
commit 15fb93c2bb
75 changed files with 1733 additions and 1141 deletions
--- a/DysonNetwork.Pass/Auth/AuthGrpcService.cs
+++ b/DysonNetwork.Pass/Auth/AuthGrpcService.cs
@ -0,0 +1,96 @@
+using DysonNetwork.Shared.Protos.Auth;
+using Grpc.Core;
+using Google.Protobuf.WellKnownTypes;
+using Microsoft.EntityFrameworkCore;
+using NodaTime;
+using System.Text.Json;
+using DysonNetwork.Shared.Models;
+using DysonNetwork.Pass.Account;
+using Challenge = DysonNetwork.Shared.Models.Challenge;
+using Session = DysonNetwork.Shared.Models.Session;
+
+namespace DysonNetwork.Pass.Auth;
+
+public class AuthGrpcService(AppDatabase db, AccountService accounts, AuthService auth)
+    : DysonNetwork.Shared.Protos.Auth.AuthService.AuthServiceBase
+{
+    public override async Task<LoginResponse> Login(LoginRequest request, ServerCallContext context)
+    {
+        var account = await accounts.LookupAccount(request.Username);
+        if (account == null)
+        {
+            throw new RpcException(new Grpc.Core.Status(StatusCode.NotFound, "Account not found."));
+        }
+
+        var factor = await db.AccountAuthFactors.FirstOrDefaultAsync(f => f.AccountId == account.Id && f.Type == AccountAuthFactorType.Password);
+        if (factor == null || !factor.VerifyPassword(request.Password))
+        {
+            throw new RpcException(new Grpc.Core.Status(StatusCode.Unauthenticated, "Invalid credentials."));
+        }
+
+        var session = new Session
+        {
+            LastGrantedAt = Instant.FromDateTimeUtc(DateTime.UtcNow),
+            ExpiredAt = Instant.FromDateTimeUtc(DateTime.UtcNow.AddDays(30)),
+            Account = account,
+            Challenge = new Challenge()
+        };
+
+        db.AuthSessions.Add(session);
+        await db.SaveChangesAsync();
+
+        var token = auth.CreateToken(session);
+
+        return new LoginResponse
+        {
+            AccessToken = token,
+            ExpiresIn = (long)(session.ExpiredAt.Value - session.LastGrantedAt.Value).TotalSeconds
+        };
+    }
+
+    public override async Task<IntrospectionResponse> IntrospectToken(IntrospectTokenRequest request, ServerCallContext context)
+    {
+        if (auth.ValidateToken(request.Token, out var sessionId))
+        {
+            var session = await db.AuthSessions
+                .Include(s => s.Account)
+                .Include(s => s.Challenge)
+                .FirstOrDefaultAsync(s => s.Id == sessionId);
+
+            if (session != null)
+            {
+                return new IntrospectionResponse
+                {
+                    Active = true,
+                    Claims = JsonSerializer.Serialize(new { sub = session.AccountId }),
+                    ClientId = session.AppId?.ToString() ?? "",
+                    Username = session.Account.Name,
+                    Scope = string.Join(" ", session.Challenge.Scopes),
+                    Iat = Timestamp.FromDateTime(session.CreatedAt.ToDateTimeUtc()),
+                    Exp = Timestamp.FromDateTime(session.ExpiredAt?.ToDateTimeUtc() ?? DateTime.MaxValue)
+                };
+            }
+        }
+
+        return new IntrospectionResponse { Active = false };
+    }
+
+    public override async Task<Empty> Logout(Empty request, ServerCallContext context)
+    {
+        var authorizationHeader = context.RequestHeaders.FirstOrDefault(h => h.Key == "authorization");
+        if (authorizationHeader != null)
+        {
+            var token = authorizationHeader.Value.Replace("Bearer ", "");
+            if (auth.ValidateToken(token, out var sessionId))
+            {
+                var session = await db.AuthSessions.FindAsync(sessionId);
+                if (session != null)
+                {
+                    db.AuthSessions.Remove(session);
+                    await db.SaveChangesAsync();
+                }
+            }
+        }
+        return new Empty();
+    }
+}