OneAuth/api/oauth/authorize.go

// Copyright (C) 2024 veypi <i@veypi.com>
// 2025-03-04 16:08:06
// Distributed under terms of the MIT license.

package oauth

import (
	"time"

	"github.com/veypi/vbase/auth"
	"github.com/veypi/vbase/cfg"
	"github.com/veypi/vbase/libs/cache"
	"github.com/veypi/vbase/libs/crypto"
	"github.com/veypi/vbase/models"
	"github.com/veypi/vigo"
)

type AuthorizeRequest struct {
	ResponseType string `json:"response_type" src:"query" desc:"授权类型"`
	ClientID     string `json:"client_id" src:"query" desc:"客户端ID"`
	RedirectURI  string `json:"redirect_uri" src:"query" desc:"重定向URI"`
	Scope        string `json:"scope" src:"query" desc:"授权范围"`
	State        string `json:"state" src:"query" desc:"状态值"`
}

type AuthorizeResponse struct {
	Code  string `json:"code"`
	State string `json:"state"`
}

func authorize(x *vigo.X, req *AuthorizeRequest) (*AuthorizeResponse, error) {
	// 验证客户端
	var client models.OAuthClient
	if err := cfg.DB().First(&client, "client_id = ?", req.ClientID).Error; err != nil {
		return nil, vigo.ErrUnauthorized.WithString("invalid client")
	}

	if client.Status != models.OAuthClientStatusActive {
		return nil, vigo.ErrForbidden.WithString("client is disabled")
	}

	// 获取当前用户
	userID := auth.VBaseAuth.UserID(x)
	if userID == "" {
		return nil, vigo.ErrUnauthorized
	}

	// 生成授权码
	code := crypto.GenerateSecret(32)

	// 缓存授权码
	authData := map[string]any{
		"client_id":    req.ClientID,
		"user_id":      userID,
		"redirect_uri": req.RedirectURI,
		"scope":        req.Scope,
	}
	if err := cache.SetObject(cache.OAuthCodeKey(code), authData, time.Minute*10); err != nil {
		return nil, vigo.ErrInternalServer.WithError(err)
	}

	return &AuthorizeResponse{
		Code:  code,
		State: req.State,
	}, nil
}
upgrade new version 1 week ago			`// Copyright (C) 2024 veypi <i@veypi.com>`
			`// 2025-03-04 16:08:06`
			`// Distributed under terms of the MIT license.`

			`package oauth`

			`import (`
refactor(auth): 重构认证系统，支持多种验证方式和 OAuth 提供商管理 - 新增验证模块(api/verification)，统一处理短信和邮件验证码发送 - 新增邮件发送功能(libs/email)，支持 SMTP 协议 - 重构短信模块(libs/sms)，简化阿里云和腾讯云短信接口 - 新增 OAuth 提供商管理 API(api/oauth/providers)，支持 CRUD 操作 - 新增系统设置管理 API(api/settings)，支持动态配置更新 - 重构认证方式管理(api/auth/methods)，支持启用/禁用多种登录方式 - 删除旧的 sms_providers 和 sms API 模块，迁移至新验证体系 - 新增数据库模型：verification、email、oauth_provider、oauth_templates、setting - 更新配置文档，增加新功能的使用说明 1 week ago			`"time"`

test: improve test stability and documentation - Add 'clean_run.sh' script to reset database and restart server for clean test environment - Update 'README.md' with detailed troubleshooting guide and pitfalls - Add '04_org_load_middleware.sh' to test LoadOrg middleware functionality - Update 'run_all.sh' to include new middleware test - Fix BASE_URL handling in 'lib.sh' and test scripts to support custom environments - Update '02_resource_perm.sh' to fix admin permission checks - Remove debug logging from 'auth.go' 1 week ago			`"github.com/veypi/vbase/auth"`
upgrade new version 1 week ago			`"github.com/veypi/vbase/cfg"`
			`"github.com/veypi/vbase/libs/cache"`
			`"github.com/veypi/vbase/libs/crypto"`
			`"github.com/veypi/vbase/models"`
			`"github.com/veypi/vigo"`
			`)`

			`type AuthorizeRequest struct {`
			ResponseType string `json:"response_type" src:"query" desc:"授权类型"`
			ClientID string `json:"client_id" src:"query" desc:"客户端ID"`
			RedirectURI string `json:"redirect_uri" src:"query" desc:"重定向URI"`
			Scope string `json:"scope" src:"query" desc:"授权范围"`
			State string `json:"state" src:"query" desc:"状态值"`
			`}`

			`type AuthorizeResponse struct {`
			Code string `json:"code"`
			State string `json:"state"`
			`}`

			`func authorize(x vigo.X, req AuthorizeRequest) (*AuthorizeResponse, error) {`
			`// 验证客户端`
			`var client models.OAuthClient`
			`if err := cfg.DB().First(&client, "client_id = ?", req.ClientID).Error; err != nil {`
refactor: 统一API错误类型处理 1 week ago			`return nil, vigo.ErrUnauthorized.WithString("invalid client")`
upgrade new version 1 week ago			`}`

			`if client.Status != models.OAuthClientStatusActive {`
			`return nil, vigo.ErrForbidden.WithString("client is disabled")`
			`}`

			`// 获取当前用户`
refactor: Migrate auth to Vigo auth interface and simplify initialization - Replace GetUserID/GetOrgID with VBaseAuth.UserID/OrgID methods across all APIs - Integrate vigoauth.Auth interface into appAuth for standard auth methods - Move AuthMiddleware to PermLogin method in auth package - Add role management methods: GetRole, ListRoles, GrantRoles, RevokeRoles, ListUserRoles - Update ListUserPermissions and ListResourceUsers to return vigoauth types - Export Redis client in cfg package - Simplify app initialization by separating vigo.New in cli/main.go - Remove deprecated auth/middleware.go file 5 days ago			`userID := auth.VBaseAuth.UserID(x)`
upgrade new version 1 week ago			`if userID == "" {`
refactor: 统一API错误类型处理 1 week ago			`return nil, vigo.ErrUnauthorized`
upgrade new version 1 week ago			`}`

			`// 生成授权码`
			`code := crypto.GenerateSecret(32)`

			`// 缓存授权码`
			`authData := map[string]any{`
			`"client_id": req.ClientID,`
			`"user_id": userID,`
			`"redirect_uri": req.RedirectURI,`
			`"scope": req.Scope,`
			`}`
test: improve test stability and documentation - Add 'clean_run.sh' script to reset database and restart server for clean test environment - Update 'README.md' with detailed troubleshooting guide and pitfalls - Add '04_org_load_middleware.sh' to test LoadOrg middleware functionality - Update 'run_all.sh' to include new middleware test - Fix BASE_URL handling in 'lib.sh' and test scripts to support custom environments - Update '02_resource_perm.sh' to fix admin permission checks - Remove debug logging from 'auth.go' 1 week ago			`if err := cache.SetObject(cache.OAuthCodeKey(code), authData, time.Minute*10); err != nil {`
upgrade new version 1 week ago			`return nil, vigo.ErrInternalServer.WithError(err)`
			`}`

			`return &AuthorizeResponse{`
			`Code: code,`
			`State: req.State,`
			`}, nil`
			`}`