superToDo/todo-vibe-coding
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(auth): split IAM module and add access/refresh session flow

Browse Source
This commit is contained in:
wolves
2026-03-01 21:26:37 +08:00
parent 6a2d2c9724
commit 57c27e9102
13 changed files with 1377 additions and 345 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
internal/iam/cache_redis.go Normal file
View File

@@ -0,0 +1,104 @@
package iam
import (
"context"
"errors"
"time"
"github.com/redis/go-redis/v9"
)
type tokenCache struct {
client *redis.Client
}
func newTokenCache(addr, password string, db int) (*tokenCache, error) {
if addr == "" {
return nil, nil
}
client := redis.NewClient(&redis.Options{Addr: addr, Password: password, DB: db})
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
defer cancel()
if err := client.Ping(ctx).Err(); err != nil {
return nil, err
}
return &tokenCache{client: client}, nil
}
func (c *tokenCache) Close() error {
if c == nil || c.client == nil {
return nil
}
return c.client.Close()
}
func (c *tokenCache) SetSessionActive(ctx context.Context, sid string, ttl time.Duration) error {
if c == nil {
return nil
}
return c.client.Set(ctx, "auth:session:"+sid, "active", ttl).Err()
}
func (c *tokenCache) IsSessionActive(ctx context.Context, sid string) (bool, error) {
if c == nil {
return false, nil
}
count, err := c.client.Exists(ctx, "auth:session:"+sid).Result()
if err != nil {
return false, err
}
return count == 1, nil
}
func (c *tokenCache) DeleteSession(ctx context.Context, sid string) error {
if c == nil {
return nil
}
return c.client.Del(ctx, "auth:session:"+sid).Err()
}
func (c *tokenCache) SetRefreshHash(ctx context.Context, rid, tokenHash string, ttl time.Duration) error {
if c == nil {
return nil
}
return c.client.Set(ctx, "auth:refresh:"+rid, tokenHash, ttl).Err()
}
func (c *tokenCache) GetRefreshHash(ctx context.Context, rid string) (string, error) {
if c == nil {
return "", nil
}
v, err := c.client.Get(ctx, "auth:refresh:"+rid).Result()
if err != nil {
if errors.Is(err, redis.Nil) {
return "", nil
}
return "", err
}
return v, nil
}
func (c *tokenCache) DeleteRefresh(ctx context.Context, rid string) error {
if c == nil {
return nil
}
return c.client.Del(ctx, "auth:refresh:"+rid).Err()
}
func (c *tokenCache) DenyAccessJTI(ctx context.Context, jti string, ttl time.Duration) error {
if c == nil {
return nil
}
return c.client.Set(ctx, "auth:deny:access:"+jti, "1", ttl).Err()
}
func (c *tokenCache) IsAccessJTIDenied(ctx context.Context, jti string) (bool, error) {
if c == nil {
return false, nil
}
count, err := c.client.Exists(ctx, "auth:deny:access:"+jti).Result()
if err != nil {
return false, err
}
return count == 1, nil
}