重构认证授权逻辑，集中到 auth 包中

web/handlers/auth.go

@@ -110,7 +110,7 @@ func Token(c *fiber.Ctx) error {
 		scope := strings.Split(req.Scope, ",")
 		token, err := s.Auth.OauthRefreshToken(c.Context(), client, req.RefreshToken, scope)
 		if err != nil {
-			if errors.Is(err, s.ErrInvalidToken) {
+			if errors.Is(err, auth2.ErrInvalidRefreshToken) {
 				return sendError(c, s.ErrOauthInvalidGrant)
 			}
 			return sendError(c, err)
@@ -226,7 +226,7 @@ func protect(c *fiber.Ctx, grant auth2.GrantType, clientId, clientSecret string)
 }
 
 // 发送成功响应
-func sendSuccess(c *fiber.Ctx, details *s.TokenDetails) error {
+func sendSuccess(c *fiber.Ctx, details *auth2.TokenDetails) error {
 	return c.JSON(TokenResp{
 		AccessToken:  details.AccessToken,
 		TokenType:    "Bearer",
@@ -292,7 +292,7 @@ func Revoke(c *fiber.Ctx) error {
 	}
 
 	// 删除会话
-	err = s.Session.Remove(c.Context(), req.AccessToken, req.RefreshToken)
+	err = auth2.RemoveSession(c.Context(), req.AccessToken, req.RefreshToken)
 	if err != nil {
 		return err
 	}

web/handlers/channel.go

@@ -198,10 +198,7 @@ type RemoveChannelsReq struct {
 
 func RemoveChannels(c *fiber.Ctx) error {
 	// 检查权限
-	authCtx, err := auth.Protect(c, []auth.PayloadType{
-		auth.PayloadUser,
-		auth.PayloadSecuredServer,
-	}, []string{})
+	authCtx, err := auth.Protect(c, []auth.PayloadType{auth.PayloadUser, auth.PayloadInternalServer}, []string{})
 	if err != nil {
 		return err
 	}

web/handlers/verifier.go

@@ -17,9 +17,7 @@ type VerifierReq struct {
 
 func SmsCode(c *fiber.Ctx) error {
 
-	_, err := auth.Protect(c, []auth.PayloadType{
-		auth.PayloadSecuredServer,
-	}, []string{})
+	_, err := auth.Protect(c, []auth.PayloadType{auth.PayloadSecuredServer}, []string{})
 	if err != nil {
 		return err
 	}