feat: add CNB login functionality and user management

- Introduced `cnb-login` route to handle user login via CNB token.
- Created `CnbServices` class for managing CNB user interactions.
- Added `findByCnbId` method in the User model to retrieve users by CNB ID.
- Updated error handling to provide more structured error messages.
- Enhanced user creation logic to handle CNB users.
- Added tests for the new CNB login functionality.

src/auth/oauth/oauth.ts

@@ -147,6 +147,7 @@ export class RedisTokenStore implements Store<OauthUser> {
     // 计算过期时间，根据opts.expire 和 opts.loginType
     // 如果expire存在，则使用expire，否则使用opts.loginType 进行计算；
     let expire = opts?.expire;
+    const day = 24 * 60 * 60; // 一天的秒数
     if (!expire) {
       switch (opts.loginType) {
         case 'day':
@@ -170,7 +171,8 @@ export class RedisTokenStore implements Store<OauthUser> {
 
     await this.set(accessToken, JSON.stringify(value), expire);
     await this.set(userPrefix + ':token:' + accessToken, accessToken, expire);
-    let refreshTokenExpiresIn = Math.min(expire * 7, 60 * 60 * 24 * 30, 60 * 60 * 24 * 365); // 最大为一年
+    // refreshToken的过期时间比accessToken多2天，确保在accessToken过期后，refreshToken仍然有效
+    let refreshTokenExpiresIn = expire + 2 * day;
     if (refreshToken) {
       // 小于7天, 则设置为7天
       if (refreshTokenExpiresIn < 60 * 60 * 24 * 7) {