♻️ Refactored auth service for better security

2025-11-29 18:00:23 +08:00
parent 78f3873a0c
commit 00b3087d6a
13 changed files with 3121 additions and 101 deletions
--- a/DysonNetwork.Pass/Auth/OpenId/OidcController.cs
+++ b/DysonNetwork.Pass/Auth/OpenId/OidcController.cs
@@ -14,6 +14,7 @@ public class OidcController(
    IServiceProvider serviceProvider,
    AppDatabase db,
    AccountService accounts,
+    AuthService auth,
    ICacheService cache,
    ILogger<OidcController> logger
 )
@@ -22,6 +23,11 @@ public class OidcController(
    private const string StateCachePrefix = "oidc-state:";
    private static readonly TimeSpan StateExpiration = TimeSpan.FromMinutes(15);

+    public class TokenExchangeResponse
+    {
+        public string Token { get; set; } = string.Empty;
+    }
+    
    [HttpGet("{provider}")]
    public async Task<ActionResult> OidcLogin(
        [FromRoute] string provider,
@@ -75,7 +81,7 @@ public class OidcController(
    /// Handles Apple authentication directly from mobile apps
    /// </summary>
    [HttpPost("apple/mobile")]
-    public async Task<ActionResult<SnAuthChallenge>> AppleMobileLogin(
+    public async Task<ActionResult<TokenExchangeResponse>> AppleMobileLogin(
        [FromBody] AppleMobileSignInRequest request
    )
    {
@@ -98,16 +104,21 @@ public class OidcController(
            // Find or create user account using existing logic
            var account = await FindOrCreateAccount(userInfo, "apple");

+            if (HttpContext.Items["CurrentSession"] is not SnAuthSession parentSession) parentSession = null;
+            
            // Create session using the OIDC service
-            var challenge = await appleService.CreateChallengeForUserAsync(
+            var session = await appleService.CreateSessionForUserAsync(
                userInfo,
                account,
                HttpContext,
                request.DeviceId,
-                request.DeviceName
+                request.DeviceName,
+                ClientPlatform.Ios,
+                parentSession
            );
-
-            return Ok(challenge);
+            
+            var token = auth.CreateToken(session);
+            return Ok(new TokenExchangeResponse { Token = token });
        }
        catch (SecurityTokenValidationException ex)
        {