gitdata.ai/appks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): replace internal auth with JWT token service

Browse Source 
- Replace InternalAuthService with TokenService using JWT tokens
- Add support for token issuance, refresh, verification and revocation
- Implement automatic signing key rotation with Redis storage
- Add database migration checks for indexes and foreign key constraints
- Update gRPC endpoints to use token-based authentication
- Remove deprecated API key based authentication system
- Add JSON Web Token support with HMAC-SHA256 signing
- Implement refresh token handling with automatic rotation
- Add token revocation by JTI and user ID
- Update build configuration to include core proto files
- Migrate database schema to handle token-based authentication
- Add comprehensive token validation and verification logic
This commit is contained in:
zhenyi
2026-06-11 15:08:13 +08:00
parent a0bea36041
commit dbbfb747a4
16 changed files with 833 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files
grpc/mod.rs
+3 -4
View File
@@ -6,6 +6,7 @@ pub mod permission;
use std::net::SocketAddr;
use crate::pb::core::token_service_server::TokenServiceServer;
use crate::pb::im::channel_audit_service_server::ChannelAuditServiceServer;
use crate::pb::im::channel_invitation_service_server::ChannelInvitationServiceServer;
use crate::pb::im::channel_repo_link_service_server::ChannelRepoLinkServiceServer;
@@ -16,7 +17,6 @@ use crate::pb::im::channel_webhook_service_server::ChannelWebhookServiceServer;
use crate::pb::im::custom_emoji_service_server::CustomEmojiServiceServer;
use crate::pb::im::forum_tag_service_server::ForumTagServiceServer;
use crate::pb::im::im_integration_service_server::ImIntegrationServiceServer;
use crate::pb::im::internal_auth_service_server::InternalAuthServiceServer;
use crate::pb::im::member_service_server::MemberServiceServer;
use crate::pb::im::permission_service_server::PermissionServiceServer;
use crate::pb::im::stage_service_server::StageServiceServer;
@@ -27,18 +27,17 @@ pub async fn start_grpc_server(
addr: SocketAddr,
service: AppService,
) -> Result<(), Box<dyn std::error::Error>> {
let auth_service = service.internal_auth.clone();
let token_svc = auth::TokenGrpcService::new(service.internal_auth.clone());
let channel_svc = channel::ChannelGrpcService::new(service.clone());
let member_svc = member::MemberGrpcService::new(service.clone());
let permission_svc = permission::PermissionGrpcService::new(service.clone());
let internal_auth_svc = auth::InternalAuthGrpcService::new(auth_service);
let cs = channel_settings::ChannelSettingsServices::new(service);
tracing::info!(%addr, "gRPC server listening");
tonic::transport::Server::builder()
.add_service(InternalAuthServiceServer::new(internal_auth_svc))
.add_service(TokenServiceServer::new(token_svc))
.add_service(ChannelServiceServer::new(channel_svc))
.add_service(MemberServiceServer::new(member_svc))
.add_service(PermissionServiceServer::new(permission_svc))