refactor(auth): split IAM module and add access/refresh session flow

2026-03-01 21:26:37 +08:00
parent 6a2d2c9724
commit 57c27e9102
13 changed files with 1377 additions and 345 deletions
--- a/internal/iam/config.go
+++ b/internal/iam/config.go
@@ -0,0 +1,95 @@
+package iam
+
+import (
+	"os"
+	"strconv"
+	"strings"
+	"time"
+)
+
+type Config struct {
+	AccessSecret      string
+	RefreshSecret     string
+	RefreshPepper     string
+	AccessTTL         time.Duration
+	RefreshTTL        time.Duration
+	SessionTTL        time.Duration
+	RefreshCookieName string
+	CookieSecure      bool
+	CookieDomain      string
+	CookiePath        string
+	CookieSameSite    string
+	RedisAddr         string
+	RedisPassword     string
+	RedisDB           int
+}
+
+func LoadConfig() Config {
+	cfg := Config{
+		AccessSecret:      firstNonEmpty(strings.TrimSpace(os.Getenv("ACCESS_SECRET")), strings.TrimSpace(os.Getenv("AUTH_SECRET")), "dev-access-secret-change-me"),
+		RefreshSecret:     firstNonEmpty(strings.TrimSpace(os.Getenv("REFRESH_SECRET")), strings.TrimSpace(os.Getenv("AUTH_SECRET")), "dev-refresh-secret-change-me"),
+		RefreshPepper:     firstNonEmpty(strings.TrimSpace(os.Getenv("REFRESH_PEPPER")), "dev-refresh-pepper-change-me"),
+		AccessTTL:         parseDuration("ACCESS_TTL", 60*time.Minute),
+		RefreshTTL:        parseDuration("REFRESH_TTL", 7*24*time.Hour),
+		RefreshCookieName: firstNonEmpty(strings.TrimSpace(os.Getenv("REFRESH_COOKIE_NAME")), "rt"),
+		CookieSecure:      parseBool("COOKIE_SECURE", isProduction()),
+		CookieDomain:      strings.TrimSpace(os.Getenv("COOKIE_DOMAIN")),
+		CookiePath:        firstNonEmpty(strings.TrimSpace(os.Getenv("COOKIE_PATH")), "/"),
+		CookieSameSite:    firstNonEmpty(strings.TrimSpace(os.Getenv("COOKIE_SAMESITE")), "Lax"),
+		RedisAddr:         strings.TrimSpace(os.Getenv("REDIS_ADDR")),
+		RedisPassword:     os.Getenv("REDIS_PASSWORD"),
+		RedisDB:           parseInt("REDIS_DB", 0),
+	}
+	cfg.SessionTTL = parseDuration("SESSION_TTL", cfg.RefreshTTL)
+	return cfg
+}
+
+func parseDuration(key string, fallback time.Duration) time.Duration {
+	value := strings.TrimSpace(os.Getenv(key))
+	if value == "" {
+		return fallback
+	}
+	d, err := time.ParseDuration(value)
+	if err != nil || d <= 0 {
+		return fallback
+	}
+	return d
+}
+
+func parseBool(key string, fallback bool) bool {
+	value := strings.TrimSpace(os.Getenv(key))
+	if value == "" {
+		return fallback
+	}
+	parsed, err := strconv.ParseBool(value)
+	if err != nil {
+		return fallback
+	}
+	return parsed
+}
+
+func parseInt(key string, fallback int) int {
+	value := strings.TrimSpace(os.Getenv(key))
+	if value == "" {
+		return fallback
+	}
+	parsed, err := strconv.Atoi(value)
+	if err != nil {
+		return fallback
+	}
+	return parsed
+}
+
+func isProduction() bool {
+	env := strings.ToLower(strings.TrimSpace(os.Getenv("APP_ENV")))
+	return env == "prod" || env == "production"
+}
+
+func firstNonEmpty(values ...string) string {
+	for _, v := range values {
+		if strings.TrimSpace(v) != "" {
+			return v
+		}
+	}
+	return ""
+}