Change authcode using redis, authtoken use client secret to sign jwt

Signed-off-by: Asai Neko <sugar@sne.moe>
2026-01-05 21:59:37 +08:00
parent aea7fddef0
commit b0684492fa
5 changed files with 179 additions and 91 deletions
--- a/service/auth/magic.go
+++ b/service/auth/magic.go
@@ -33,7 +33,7 @@ func Magic(c *gin.Context) {
 		return
 	}

-	code, err := authcode.NewAuthCode(req.Email)
+	code, err := authcode.NewAuthCode(req.ClientId, req.Email)
 	if err != nil {
 		c.JSON(500, gin.H{"status": "code gen failed"})
 	}
--- a/service/auth/redirect.go
+++ b/service/auth/redirect.go
@@ -50,7 +50,7 @@ func Redirect(c *gin.Context) {
 			return
 		}

-		code, err := authcode.NewAuthCode(user.Email)
+		code, err := authcode.NewAuthCode(clientId, user.Email)
 		if err != nil {
 			c.JSON(500, gin.H{"status": "code gen failed"})
 			return
@@ -109,7 +109,7 @@ func Redirect(c *gin.Context) {
 		return
 	}

-	newCode, err := authcode.NewAuthCode(email)
+	newCode, err := authcode.NewAuthCode(clientId, email)
 	if err != nil {
 		c.JSON(500, gin.H{"status": "internal server error"})
 		return
--- a/service/auth/token.go
+++ b/service/auth/token.go
@@ -22,14 +22,14 @@ func Token(c *gin.Context) {
 		return
 	}

-	email, ok := authcode.VerifyAuthCode(req.Code)
+	authCode, ok := authcode.VerifyAuthCode(req.Code)
 	if !ok {
 		c.JSON(403, gin.H{"status": "invalid or expired token"})
 		return
 	}

 	userData := new(data.User)
-	user, err := userData.GetByEmail(email)
+	user, err := userData.GetByEmail(authCode.Email)
 	if err != nil {
 		c.JSON(500, gin.H{"status": "internal server error"})
 		return
@@ -39,7 +39,7 @@ func Token(c *gin.Context) {
 	JwtTool := authtoken.Token{
 		Application: viper.GetString("server.application"),
 	}
-	accessToken, refreshToken, err := JwtTool.IssueTokens(user.UserId)
+	accessToken, refreshToken, err := JwtTool.IssueTokens(authCode.ClientId, user.UserId)
 	if err != nil {
 		c.JSON(500, gin.H{"status": "error generating tokens"})
 		return