mirror of https://github.com/veypi/OneAuth.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
71 lines
1.9 KiB
Go
71 lines
1.9 KiB
Go
1 week ago
|
// Copyright (C) 2024 veypi <i@veypi.com>
|
||
|
|
// 2025-03-04 16:08:06
|
||
|
|
// Distributed under terms of the MIT license.
|
||
|
|
|
||
|
|
package oauth
|
||
|
|
|
||
|
|
import (
|
||
|
|
"github.com/veypi/vbase/cfg"
|
||
|
|
"github.com/veypi/vbase/libs/cache"
|
||
|
|
"github.com/veypi/vbase/libs/crypto"
|
||
|
|
"github.com/veypi/vbase/models"
|
||
|
|
"github.com/veypi/vigo"
|
||
|
|
)
|
||
|
|
|
||
|
|
type AuthorizeRequest struct {
|
||
|
|
ResponseType string `json:"response_type" src:"query" desc:"授权类型"`
|
||
|
|
ClientID string `json:"client_id" src:"query" desc:"客户端ID"`
|
||
|
|
RedirectURI string `json:"redirect_uri" src:"query" desc:"重定向URI"`
|
||
|
|
Scope string `json:"scope" src:"query" desc:"授权范围"`
|
||
|
|
State string `json:"state" src:"query" desc:"状态值"`
|
||
|
|
}
|
||
|
|
|
||
|
|
type AuthorizeResponse struct {
|
||
|
|
Code string `json:"code"`
|
||
|
|
State string `json:"state"`
|
||
|
|
}
|
||
|
|
|
||
|
|
func authorize(x *vigo.X, req *AuthorizeRequest) (*AuthorizeResponse, error) {
|
||
|
|
// 验证客户端
|
||
|
|
var client models.OAuthClient
|
||
|
|
if err := cfg.DB().First(&client, "client_id = ?", req.ClientID).Error; err != nil {
|
||
|
|
return nil, vigo.ErrNotAuthorized.WithString("invalid client")
|
||
|
|
}
|
||
|
|
|
||
|
|
if client.Status != models.OAuthClientStatusActive {
|
||
|
|
return nil, vigo.ErrForbidden.WithString("client is disabled")
|
||
|
|
}
|
||
|
|
|
||
|
|
// 获取当前用户
|
||
|
|
userID := getCurrentUserID(x)
|
||
|
|
if userID == "" {
|
||
|
|
return nil, vigo.ErrNotAuthorized
|
||
|
|
}
|
||
|
|
|
||
|
|
// 生成授权码
|
||
|
|
code := crypto.GenerateSecret(32)
|
||
|
|
|
||
|
|
// 缓存授权码
|
||
|
|
authData := map[string]any{
|
||
|
|
"client_id": req.ClientID,
|
||
|
|
"user_id": userID,
|
||
|
|
"redirect_uri": req.RedirectURI,
|
||
|
|
"scope": req.Scope,
|
||
|
|
}
|
||
|
|
if err := cache.SetObject(cache.OAuthCodeKey(code), authData, cfg.Config.OAuth.AuthorizationExpiry); err != nil {
|
||
|
|
return nil, vigo.ErrInternalServer.WithError(err)
|
||
|
|
}
|
||
|
|
|
||
|
|
return &AuthorizeResponse{
|
||
|
|
Code: code,
|
||
|
|
State: req.State,
|
||
|
|
}, nil
|
||
|
|
}
|
||
|
|
|
||
|
|
func getCurrentUserID(x *vigo.X) string {
|
||
|
|
if uid, ok := x.Get("user_id").(string); ok {
|
||
|
|
return uid
|
||
|
|
}
|
||
|
|
return ""
|
||
|
|
}
|