重构错误处理逻辑,使用 fiber.Error 统一返回错误状态码;统一授权枚举值定义到 auth 包
This commit is contained in:
@@ -4,7 +4,7 @@ import (
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"log/slog"
|
||||
"platform/web/auth"
|
||||
auth2 "platform/web/auth"
|
||||
client2 "platform/web/domains/client"
|
||||
m "platform/web/models"
|
||||
q "platform/web/queries"
|
||||
@@ -20,10 +20,10 @@ import (
|
||||
// region /token
|
||||
|
||||
type TokenReq struct {
|
||||
GrantType s.OauthGrantType `json:"grant_type" form:"grant_type"`
|
||||
ClientID string `json:"client_id" form:"client_id"`
|
||||
ClientSecret string `json:"client_secret" form:"client_secret"`
|
||||
Scope string `json:"scope" form:"scope"`
|
||||
GrantType auth2.GrantType `json:"grant_type" form:"grant_type"`
|
||||
ClientID string `json:"client_id" form:"client_id"`
|
||||
ClientSecret string `json:"client_secret" form:"client_secret"`
|
||||
Scope string `json:"scope" form:"scope"`
|
||||
s.GrantCodeData
|
||||
s.GrantClientData
|
||||
s.GrantRefreshData
|
||||
@@ -64,7 +64,7 @@ func Token(c *fiber.Ctx) error {
|
||||
switch req.GrantType {
|
||||
|
||||
// 授权码模式
|
||||
case s.OauthGrantTypeAuthorizationCode:
|
||||
case auth2.GrantAuthorizationCode:
|
||||
if req.Code == "" {
|
||||
return sendError(c, s.ErrOauthInvalidRequest, "缺少必要参数:code")
|
||||
}
|
||||
@@ -82,7 +82,7 @@ func Token(c *fiber.Ctx) error {
|
||||
return sendSuccess(c, token)
|
||||
|
||||
// 客户端凭证模式
|
||||
case s.OauthGrantTypeClientCredentials:
|
||||
case auth2.GrantClientCredentials:
|
||||
client, err := protect(c, req.GrantType, req.ClientID, req.ClientSecret)
|
||||
if err != nil {
|
||||
return sendError(c, err)
|
||||
@@ -97,7 +97,7 @@ func Token(c *fiber.Ctx) error {
|
||||
return sendSuccess(c, token)
|
||||
|
||||
// 刷新令牌模式
|
||||
case s.OauthGrantTypeRefreshToken:
|
||||
case auth2.GrantRefreshToken:
|
||||
if req.RefreshToken == "" {
|
||||
return sendError(c, s.ErrOauthInvalidRequest, "缺少必要参数:refresh_token")
|
||||
}
|
||||
@@ -119,7 +119,7 @@ func Token(c *fiber.Ctx) error {
|
||||
return sendSuccess(c, token)
|
||||
|
||||
// 密码模式
|
||||
case s.OauthGrantTypePassword:
|
||||
case auth2.GrantPassword:
|
||||
if req.LoginType == "" {
|
||||
return sendError(c, s.ErrOauthInvalidRequest, "缺少必要参数:password_type")
|
||||
}
|
||||
@@ -148,7 +148,7 @@ func Token(c *fiber.Ctx) error {
|
||||
}
|
||||
|
||||
// 检查客户端凭证
|
||||
func protect(c *fiber.Ctx, grant s.OauthGrantType, clientId, clientSecret string) (*m.Client, error) {
|
||||
func protect(c *fiber.Ctx, grant auth2.GrantType, clientId, clientSecret string) (*m.Client, error) {
|
||||
header := c.Get("Authorization")
|
||||
if header != "" {
|
||||
basic := strings.TrimPrefix(header, "Basic ")
|
||||
@@ -184,19 +184,19 @@ func protect(c *fiber.Ctx, grant s.OauthGrantType, clientId, clientSecret string
|
||||
|
||||
// 验证授权类型
|
||||
switch grant {
|
||||
case s.OauthGrantTypeAuthorizationCode:
|
||||
case auth2.GrantAuthorizationCode:
|
||||
if !client.GrantCode {
|
||||
return nil, s.ErrOauthUnauthorizedClient
|
||||
}
|
||||
case s.OauthGrantTypeClientCredentials:
|
||||
case auth2.GrantClientCredentials:
|
||||
if !client.GrantClient || client.Spec != int32(client2.SpecWeb) || client.Spec != int32(client2.SpecTrusted) {
|
||||
return nil, s.ErrOauthUnauthorizedClient
|
||||
}
|
||||
case s.OauthGrantTypeRefreshToken:
|
||||
case auth2.GrantRefreshToken:
|
||||
if !client.GrantRefresh {
|
||||
return nil, s.ErrOauthUnauthorizedClient
|
||||
}
|
||||
case s.OauthGrantTypePassword:
|
||||
case auth2.GrantPassword:
|
||||
if !client.GrantPassword {
|
||||
return nil, s.ErrOauthUnauthorizedClient
|
||||
}
|
||||
@@ -213,10 +213,10 @@ func protect(c *fiber.Ctx, grant s.OauthGrantType, clientId, clientSecret string
|
||||
}
|
||||
|
||||
// 保存 auth 信息到上下文(以兼容通用 auth 处理逻辑)
|
||||
auth.Locals(c, &auth.Context{
|
||||
Payload: auth.Payload{
|
||||
auth2.Locals(c, &auth2.Context{
|
||||
Payload: auth2.Payload{
|
||||
Id: client.ID,
|
||||
Type: auth.PayloadSecuredServer,
|
||||
Type: auth2.PayloadSecuredServer,
|
||||
Name: client.Name,
|
||||
Avatar: client.Icon,
|
||||
},
|
||||
@@ -279,7 +279,7 @@ type RevokeReq struct {
|
||||
}
|
||||
|
||||
func Revoke(c *fiber.Ctx) error {
|
||||
_, err := auth.Protect(c, []auth.PayloadType{auth.PayloadUser}, []string{})
|
||||
_, err := auth2.Protect(c, []auth2.PayloadType{auth2.PayloadUser}, []string{})
|
||||
if err != nil {
|
||||
// 用户未登录
|
||||
return nil
|
||||
@@ -310,7 +310,7 @@ type IntrospectResp struct {
|
||||
|
||||
func Introspect(c *fiber.Ctx) error {
|
||||
// 验证权限
|
||||
authCtx, err := auth.Protect(c, []auth.PayloadType{auth.PayloadUser}, []string{})
|
||||
authCtx, err := auth2.Protect(c, []auth2.PayloadType{auth2.PayloadUser}, []string{})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user