✨ Shared auth scheme

2025-07-13 18:36:51 +08:00
parent e66abe2e0c
commit afdbde951c
34 changed files with 2704 additions and 179 deletions
--- a/DysonNetwork.Pass/Auth/AuthServiceGrpc.cs
+++ b/DysonNetwork.Pass/Auth/AuthServiceGrpc.cs
@ -1,27 +1,49 @@
+using DysonNetwork.Shared.Cache;
 using DysonNetwork.Shared.Proto;
 using Grpc.Core;
 using Microsoft.EntityFrameworkCore;
+using NodaTime;

 namespace DysonNetwork.Pass.Auth;

-public class AuthServiceGrpc(AuthService authService, AppDatabase db) : Shared.Proto.AuthService.AuthServiceBase
+public class AuthServiceGrpc(
+    AuthService authService,
+    ICacheService cache,
+    AppDatabase db
+)
+    : Shared.Proto.AuthService.AuthServiceBase
 {
-    public override async Task<Shared.Proto.AuthSession> Authenticate(AuthenticateRequest request, ServerCallContext context)
+    public override async Task<AuthenticateResponse> Authenticate(
+        AuthenticateRequest request,
+        ServerCallContext context
+    )
    {
        if (!authService.ValidateToken(request.Token, out var sessionId))
-        {
-            throw new RpcException(new Status(StatusCode.Unauthenticated, "Invalid token."));
-        }
+            return new AuthenticateResponse { Valid = false, Message = "Invalid token." };
+        
+        var session = await cache.GetAsync<AuthSession>($"{DysonTokenAuthHandler.AuthCachePrefix}{sessionId}");
+        if (session is not null)
+            return new AuthenticateResponse { Valid = true, Session = session.ToProtoValue() };

-        var session = await db.AuthSessions
+        session = await db.AuthSessions
            .AsNoTracking()
+            .Include(e => e.Challenge)
+            .Include(e => e.Account)
+            .ThenInclude(e => e.Profile)
            .FirstOrDefaultAsync(s => s.Id == sessionId);
-
        if (session == null)
-        {
-            throw new RpcException(new Status(StatusCode.NotFound, "Session not found."));
-        }
+            return new AuthenticateResponse { Valid = false, Message = "Session was not found." };
+        var now = SystemClock.Instance.GetCurrentInstant();
+        if (session.ExpiredAt.HasValue && session.ExpiredAt < now)
+            return new AuthenticateResponse { Valid = false, Message = "Session has been expired." };
+        
+        await cache.SetWithGroupsAsync(
+            $"auth:{sessionId}",
+            session,
+            [$"{Account.AccountService.AccountCachePrefix}{session.Account.Id}"],
+            TimeSpan.FromHours(1)
+        );

-        return session.ToProtoValue();
+        return new AuthenticateResponse { Valid = true, Session = session.ToProtoValue() };
    }
-}
+}