edc41a1500
- error.rs: AuthError with proper HTTP status mapping - service/password.rs: Argon2 hash/verify with tests - service/token_service.rs: JWT sign/validate, token DB storage with SHA-256 hash - service/auth_service.rs: login/refresh/logout flows with event publishing - service/user_service.rs: user CRUD with soft delete and tenant isolation - Added sha2 dependency to workspace for token hashing
43 lines
1.1 KiB
Rust
43 lines
1.1 KiB
Rust
use erp_core::error::AppError;
|
|
|
|
/// Auth module error types
|
|
#[derive(Debug, thiserror::Error)]
|
|
pub enum AuthError {
|
|
#[error("用户名或密码错误")]
|
|
InvalidCredentials,
|
|
|
|
#[error("Token 已过期")]
|
|
TokenExpired,
|
|
|
|
#[error("Token 已被吊销")]
|
|
TokenRevoked,
|
|
|
|
#[error("用户已被{0}")]
|
|
UserDisabled(String),
|
|
|
|
#[error("密码哈希错误")]
|
|
HashError(String),
|
|
|
|
#[error("JWT 错误: {0}")]
|
|
JwtError(#[from] jsonwebtoken::errors::Error),
|
|
|
|
#[error("{0}")]
|
|
Validation(String),
|
|
}
|
|
|
|
impl From<AuthError> for AppError {
|
|
fn from(err: AuthError) -> Self {
|
|
match err {
|
|
AuthError::InvalidCredentials => AppError::Unauthorized,
|
|
AuthError::TokenExpired => AppError::Unauthorized,
|
|
AuthError::TokenRevoked => AppError::Unauthorized,
|
|
AuthError::UserDisabled(s) => AppError::Forbidden(s),
|
|
AuthError::Validation(s) => AppError::Validation(s),
|
|
AuthError::HashError(_) => AppError::Internal(err.to_string()),
|
|
AuthError::JwtError(_) => AppError::Unauthorized,
|
|
}
|
|
}
|
|
}
|
|
|
|
pub type AuthResult<T> = Result<T, AuthError>;
|