admin/udmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
ayou
2025-08-28 00:55:35 +08:00
commit 410f54a65e
93 changed files with 9863 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
backend/src/middlewares/jwt.rs Normal file
View File

@ -0,0 +1,56 @@
use axum::{http::HeaderMap, http::header::AUTHORIZATION};
use chrono::{Utc, Duration as ChronoDuration};
use jsonwebtoken::{EncodingKey, DecodingKey, Header, Validation};
use serde::{Serialize, Deserialize};
use crate::error::AppError;
#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct Claims {
pub sub: String,
pub uid: i64,
pub iss: String,
pub exp: usize,
pub typ: String, // access or refresh
}
pub fn encode_token(claims: &Claims, secret: &str) -> Result<String, AppError> {
let key = EncodingKey::from_secret(secret.as_bytes());
Ok(jsonwebtoken::encode(&Header::default(), claims, &key)?)
}
pub fn decode_token(token: &str, secret: &str) -> Result<Claims, AppError> {
let key = DecodingKey::from_secret(secret.as_bytes());
let data = jsonwebtoken::decode::<Claims>(token, &key, &Validation::default())?;
Ok(data.claims)
}
#[derive(Clone, Debug)]
pub struct AuthUser { pub uid: i64, pub username: String }
impl<S> axum::extract::FromRequestParts<S> for AuthUser where S: Send + Sync + 'static {
type Rejection = AppError;
async fn from_request_parts(parts: &mut axum::http::request::Parts, _state: &S) -> Result<Self, Self::Rejection> {
let headers: &HeaderMap = &parts.headers;
let auth = headers.get(AUTHORIZATION).ok_or(AppError::Unauthorized)?;
let auth = auth.to_str().map_err(|_| AppError::Unauthorized)?;
let token = auth.strip_prefix("Bearer ").ok_or(AppError::Unauthorized)?;
let secret = std::env::var("JWT_SECRET").map_err(|_| AppError::Unauthorized)?;
let claims = decode_token(token, &secret)?;
if claims.typ != "access" { return Err(AppError::Unauthorized); }
Ok(AuthUser { uid: claims.uid, username: claims.sub })
}
}
pub fn new_access_claims(uid: i64, username: &str) -> Claims {
let iss = std::env::var("JWT_ISS").unwrap_or_else(|_| "udmin".into());
let exp_secs: i64 = std::env::var("JWT_ACCESS_EXP_SECS").ok().and_then(|v| v.parse().ok()).unwrap_or(1800);
let exp = (Utc::now() + ChronoDuration::seconds(exp_secs)).timestamp() as usize;
Claims { sub: username.to_string(), uid, iss, exp, typ: "access".into() }
}
pub fn new_refresh_claims(uid: i64, username: &str) -> Claims {
let iss = std::env::var("JWT_ISS").unwrap_or_else(|_| "udmin".into());
let exp_secs: i64 = std::env::var("JWT_REFRESH_EXP_SECS").ok().and_then(|v| v.parse().ok()).unwrap_or(1209600);
let exp = (Utc::now() + ChronoDuration::seconds(exp_secs)).timestamp() as usize;
Claims { sub: username.to_string(), uid, iss, exp, typ: "refresh".into() }
}