认证流程迁移到 oauth 风格，登出接口改为 /revoke，重构接口代码到 service

web/auth/auth.go

@@ -100,12 +100,12 @@ func Protect(c *fiber.Ctx, types []services.PayloadType, permissions []string) (
 	var header = c.Get("Authorization")
 	var split = strings.Split(header, " ")
 	if len(split) != 2 {
-		return nil, fiber.NewError(fiber.StatusBadRequest, "无效的令牌")
+		return nil, fiber.NewError(fiber.StatusUnauthorized, "无效的令牌")
 	}
 
 	var token = split[1]
 	if token == "" {
-		return nil, fiber.NewError(fiber.StatusBadRequest, "无效的令牌")
+		return nil, fiber.NewError(fiber.StatusUnauthorized, "无效的令牌")
 	}
 
 	var auth *services.AuthContext
@@ -115,7 +115,7 @@ func Protect(c *fiber.Ctx, types []services.PayloadType, permissions []string) (
 		auth, err = authBearer(c.Context(), token)
 	case "Basic":
 		if !slices.Contains(types, services.PayloadClientConfidential) {
-			return nil, fiber.NewError(fiber.StatusUnauthorized, "没有权限")
+			return nil, fiber.NewError(fiber.StatusForbidden, "没有权限")
 		}
 		auth, err = authBasic(c.Context(), token)
 	default:
@@ -127,10 +127,10 @@ func Protect(c *fiber.Ctx, types []services.PayloadType, permissions []string) (
 
 	// 检查权限
 	if !slices.Contains(types, auth.Payload.Type) {
-		return nil, fiber.NewError(fiber.StatusForbidden, "拒绝访问")
+		return nil, fiber.NewError(fiber.StatusForbidden, "没有权限")
 	}
 	if len(permissions) > 0 && !auth.AnyPermission(permissions...) {
-		return nil, fiber.NewError(fiber.StatusForbidden, "拒绝访问")
+		return nil, fiber.NewError(fiber.StatusForbidden, "没有权限")
 	}
 
 	// 将认证信息存储在上下文中