chore: 同步当前开发内容

2025-11-23 01:25:20 +08:00
parent ddf584f212
commit 1169e1f220
58 changed files with 1886 additions and 82 deletions
--- a/src/Application/TakeoutSaaS.Application/Identity/Services/AdminAuthService.cs
+++ b/src/Application/TakeoutSaaS.Application/Identity/Services/AdminAuthService.cs
@@ -0,0 +1,87 @@
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Identity;
+using TakeoutSaaS.Application.Identity.Abstractions;
+using TakeoutSaaS.Application.Identity.Contracts;
+using TakeoutSaaS.Domain.Identity.Entities;
+using TakeoutSaaS.Domain.Identity.Repositories;
+using TakeoutSaaS.Shared.Abstractions.Constants;
+using TakeoutSaaS.Shared.Abstractions.Exceptions;
+
+namespace TakeoutSaaS.Application.Identity.Services;
+
+/// <summary>
+/// 管理后台认证服务实现。
+/// </summary>
+public sealed class AdminAuthService : IAdminAuthService
+{
+    private readonly IIdentityUserRepository _userRepository;
+    private readonly IPasswordHasher<IdentityUser> _passwordHasher;
+    private readonly IJwtTokenService _jwtTokenService;
+    private readonly IRefreshTokenStore _refreshTokenStore;
+
+    public AdminAuthService(
+        IIdentityUserRepository userRepository,
+        IPasswordHasher<IdentityUser> passwordHasher,
+        IJwtTokenService jwtTokenService,
+        IRefreshTokenStore refreshTokenStore)
+    {
+        _userRepository = userRepository;
+        _passwordHasher = passwordHasher;
+        _jwtTokenService = jwtTokenService;
+        _refreshTokenStore = refreshTokenStore;
+    }
+
+    public async Task<TokenResponse> LoginAsync(AdminLoginRequest request, CancellationToken cancellationToken = default)
+    {
+        var user = await _userRepository.FindByAccountAsync(request.Account, cancellationToken)
+                   ?? throw new BusinessException(ErrorCodes.Unauthorized, "账号或密码错误");
+
+        var result = _passwordHasher.VerifyHashedPassword(user, user.PasswordHash, request.Password);
+        if (result == PasswordVerificationResult.Failed)
+        {
+            throw new BusinessException(ErrorCodes.Unauthorized, "账号或密码错误");
+        }
+
+        var profile = BuildProfile(user);
+        return await _jwtTokenService.CreateTokensAsync(profile, false, cancellationToken);
+    }
+
+    public async Task<TokenResponse> RefreshTokenAsync(RefreshTokenRequest request, CancellationToken cancellationToken = default)
+    {
+        var descriptor = await _refreshTokenStore.GetAsync(request.RefreshToken, cancellationToken);
+        if (descriptor == null || descriptor.ExpiresAt <= DateTime.UtcNow || descriptor.Revoked)
+        {
+            throw new BusinessException(ErrorCodes.Unauthorized, "RefreshToken 无效或已过期");
+        }
+
+        var user = await _userRepository.FindByIdAsync(descriptor.UserId, cancellationToken)
+                   ?? throw new BusinessException(ErrorCodes.Unauthorized, "用户不存在");
+
+        await _refreshTokenStore.RevokeAsync(descriptor.Token, cancellationToken);
+        var profile = BuildProfile(user);
+        return await _jwtTokenService.CreateTokensAsync(profile, false, cancellationToken);
+    }
+
+    public async Task<CurrentUserProfile> GetProfileAsync(Guid userId, CancellationToken cancellationToken = default)
+    {
+        var user = await _userRepository.FindByIdAsync(userId, cancellationToken)
+                   ?? throw new BusinessException(ErrorCodes.NotFound, "用户不存在");
+
+        return BuildProfile(user);
+    }
+
+    private static CurrentUserProfile BuildProfile(IdentityUser user)
+        => new()
+        {
+            UserId = user.Id,
+            Account = user.Account,
+            DisplayName = user.DisplayName,
+            TenantId = user.TenantId,
+            MerchantId = user.MerchantId,
+            Roles = user.Roles,
+            Permissions = user.Permissions,
+            Avatar = user.Avatar
+        };
+}
--- a/src/Application/TakeoutSaaS.Application/Identity/Services/MiniAuthService.cs
+++ b/src/Application/TakeoutSaaS.Application/Identity/Services/MiniAuthService.cs
@@ -0,0 +1,124 @@
+using System;
+using System.Net;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using TakeoutSaaS.Application.Identity.Abstractions;
+using TakeoutSaaS.Application.Identity.Contracts;
+using TakeoutSaaS.Domain.Identity.Entities;
+using TakeoutSaaS.Domain.Identity.Repositories;
+using TakeoutSaaS.Shared.Abstractions.Constants;
+using TakeoutSaaS.Shared.Abstractions.Exceptions;
+using TakeoutSaaS.Shared.Abstractions.Tenancy;
+
+namespace TakeoutSaaS.Application.Identity.Services;
+
+/// <summary>
+/// 小程序认证服务实现。
+/// </summary>
+public sealed class MiniAuthService : IMiniAuthService
+{
+    private readonly IWeChatAuthService _weChatAuthService;
+    private readonly IMiniUserRepository _miniUserRepository;
+    private readonly IJwtTokenService _jwtTokenService;
+    private readonly IRefreshTokenStore _refreshTokenStore;
+    private readonly ILoginRateLimiter _rateLimiter;
+    private readonly IHttpContextAccessor _httpContextAccessor;
+    private readonly ITenantProvider _tenantProvider;
+
+    public MiniAuthService(
+        IWeChatAuthService weChatAuthService,
+        IMiniUserRepository miniUserRepository,
+        IJwtTokenService jwtTokenService,
+        IRefreshTokenStore refreshTokenStore,
+        ILoginRateLimiter rateLimiter,
+        IHttpContextAccessor httpContextAccessor,
+        ITenantProvider tenantProvider)
+    {
+        _weChatAuthService = weChatAuthService;
+        _miniUserRepository = miniUserRepository;
+        _jwtTokenService = jwtTokenService;
+        _refreshTokenStore = refreshTokenStore;
+        _rateLimiter = rateLimiter;
+        _httpContextAccessor = httpContextAccessor;
+        _tenantProvider = tenantProvider;
+    }
+
+    public async Task<TokenResponse> LoginWithWeChatAsync(WeChatLoginRequest request, CancellationToken cancellationToken = default)
+    {
+        var throttleKey = BuildThrottleKey();
+        await _rateLimiter.EnsureAllowedAsync(throttleKey, cancellationToken);
+
+        var session = await _weChatAuthService.Code2SessionAsync(request.Code, cancellationToken);
+        if (string.IsNullOrWhiteSpace(session.OpenId))
+        {
+            throw new BusinessException(ErrorCodes.Unauthorized, "获取微信用户信息失败");
+        }
+
+        var tenantId = _tenantProvider.GetCurrentTenantId();
+        if (tenantId == Guid.Empty)
+        {
+            throw new BusinessException(ErrorCodes.BadRequest, "缺少租户标识");
+        }
+        var (user, isNew) = await GetOrBindMiniUserAsync(session.OpenId, session.UnionId, request.Nickname, request.Avatar, tenantId, cancellationToken);
+
+        await _rateLimiter.ResetAsync(throttleKey, cancellationToken);
+        var profile = BuildProfile(user);
+        return await _jwtTokenService.CreateTokensAsync(profile, isNew, cancellationToken);
+    }
+
+    public async Task<TokenResponse> RefreshTokenAsync(RefreshTokenRequest request, CancellationToken cancellationToken = default)
+    {
+        var descriptor = await _refreshTokenStore.GetAsync(request.RefreshToken, cancellationToken);
+        if (descriptor == null || descriptor.ExpiresAt <= DateTime.UtcNow || descriptor.Revoked)
+        {
+            throw new BusinessException(ErrorCodes.Unauthorized, "RefreshToken 无效或已过期");
+        }
+
+        var user = await _miniUserRepository.FindByIdAsync(descriptor.UserId, cancellationToken)
+                   ?? throw new BusinessException(ErrorCodes.Unauthorized, "用户不存在");
+
+        await _refreshTokenStore.RevokeAsync(descriptor.Token, cancellationToken);
+        var profile = BuildProfile(user);
+        return await _jwtTokenService.CreateTokensAsync(profile, false, cancellationToken);
+    }
+
+    public async Task<CurrentUserProfile> GetProfileAsync(Guid userId, CancellationToken cancellationToken = default)
+    {
+        var user = await _miniUserRepository.FindByIdAsync(userId, cancellationToken)
+                   ?? throw new BusinessException(ErrorCodes.NotFound, "用户不存在");
+
+        return BuildProfile(user);
+    }
+
+    private async Task<(MiniUser user, bool isNew)> GetOrBindMiniUserAsync(string openId, string? unionId, string? nickname, string? avatar, Guid tenantId, CancellationToken cancellationToken)
+    {
+        var existing = await _miniUserRepository.FindByOpenIdAsync(openId, cancellationToken);
+        if (existing != null)
+        {
+            return (existing, false);
+        }
+
+        var created = await _miniUserRepository.CreateOrUpdateAsync(openId, unionId, nickname, avatar, tenantId, cancellationToken);
+        return (created, true);
+    }
+
+    private static CurrentUserProfile BuildProfile(MiniUser user)
+        => new()
+        {
+            UserId = user.Id,
+            Account = user.OpenId,
+            DisplayName = user.Nickname,
+            TenantId = user.TenantId,
+            MerchantId = null,
+            Roles = Array.Empty<string>(),
+            Permissions = Array.Empty<string>(),
+            Avatar = user.Avatar
+        };
+
+    private string BuildThrottleKey()
+    {
+        var ip = _httpContextAccessor.HttpContext?.Connection.RemoteIpAddress ?? IPAddress.Loopback;
+        return $"mini-login:{ip}";
+    }
+}