🐛 Fix rotate key

2025-08-24 01:49:48 +08:00
parent 953bf5d4de
commit 7cb14940d9
5 changed files with 58 additions and 23 deletions
--- a/DysonNetwork.Pass/Auth/ApiKey.cs
+++ b/DysonNetwork.Pass/Auth/ApiKey.cs
@@ -2,6 +2,7 @@ using System.ComponentModel.DataAnnotations;
 using System.ComponentModel.DataAnnotations.Schema;
 using System.Text.Json.Serialization;
 using DysonNetwork.Shared.Data;
+using NodaTime.Serialization.Protobuf;

 namespace DysonNetwork.Pass.Auth;

@@ -27,7 +28,9 @@ public class ApiKey : ModelBase
            Label = Label,
            AccountId = AccountId.ToString(),
            SessionId = SessionId.ToString(),
-            Key = Key
+            Key = Key,
+            CreatedAt = CreatedAt.ToTimestamp(),
+            UpdatedAt = UpdatedAt.ToTimestamp()
        };
    }

@@ -39,7 +42,9 @@ public class ApiKey : ModelBase
            AccountId = Guid.Parse(proto.AccountId),
            SessionId = Guid.Parse(proto.SessionId),
            Label = proto.Label,
-            Key = proto.Key
+            Key = proto.Key,
+            CreatedAt = proto.CreatedAt.ToInstant(),
+            UpdatedAt = proto.UpdatedAt.ToInstant()
        };
    }
 }
--- a/DysonNetwork.Pass/Auth/AuthService.cs
+++ b/DysonNetwork.Pass/Auth/AuthService.cs
@@ -317,7 +317,7 @@ public class AuthService(

        return factor.VerifyPassword(pinCode);
    }
-    
+
    public async Task<ApiKey?> GetApiKey(Guid id, Guid? accountId = null)
    {
        var key = await db.ApiKeys
@@ -340,13 +340,13 @@ public class AuthService(
                ExpiredAt = expiredAt
            },
        };
-        
+
        db.ApiKeys.Add(key);
        await db.SaveChangesAsync();
-        
+
        return key;
    }
-    
+
    public async Task<string> IssueApiKeyToken(ApiKey key)
    {
        key.Session.LastGrantedAt = SystemClock.Instance.GetCurrentInstant();
@@ -355,26 +355,48 @@ public class AuthService(
        var tk = CreateToken(key.Session);
        return tk;
    }
-    
+
    public async Task RevokeApiKeyToken(ApiKey key)
    {
        db.Remove(key);
        db.Remove(key.Session);
        await db.SaveChangesAsync();
    }
-    
+
    public async Task<ApiKey> RotateApiKeyToken(ApiKey key)
    {
-        var originalSession = key.Session;
-        db.Remove(originalSession);
-        key.Session = new AuthSession
+        await using var transaction = await db.Database.BeginTransactionAsync();
+        try
        {
-            AccountId = key.AccountId,
-            ExpiredAt = originalSession.ExpiredAt
-        };
-        db.Add(key.Session);
-        await db.SaveChangesAsync();
-        return key;
+            var oldSessionId = key.SessionId;
+
+            // Create new session
+            var newSession = new AuthSession
+            {
+                AccountId = key.AccountId,
+                ExpiredAt = key.Session?.ExpiredAt
+            };
+
+            db.AuthSessions.Add(newSession);
+            await db.SaveChangesAsync();
+
+            // Update ApiKey to point to new session
+            key.SessionId = newSession.Id;
+            key.Session = newSession;
+            db.ApiKeys.Update(key);
+            await db.SaveChangesAsync();
+
+            // Delete old session
+            await db.AuthSessions.Where(s => s.Id == oldSessionId).ExecuteDeleteAsync();
+
+            await transaction.CommitAsync();
+            return key;
+        }
+        catch
+        {
+            await transaction.RollbackAsync();
+            throw;
+        }
    }

    // Helper methods for Base64Url encoding/decoding