认证授权主要流程实现
This commit is contained in:
85
web/services/auth.go
Normal file
85
web/services/auth.go
Normal file
@@ -0,0 +1,85 @@
|
||||
package services
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"platform/web/models"
|
||||
)
|
||||
|
||||
var Auth = &authService{}
|
||||
|
||||
type authService struct{}
|
||||
|
||||
type AuthServiceError string
|
||||
|
||||
func (e AuthServiceError) Error() string {
|
||||
return string(e)
|
||||
}
|
||||
|
||||
type AuthServiceOauthError string
|
||||
|
||||
func (e AuthServiceOauthError) Error() string {
|
||||
return string(e)
|
||||
}
|
||||
|
||||
var (
|
||||
ErrOauthInvalidRequest = AuthServiceOauthError("invalid_request")
|
||||
ErrOauthInvalidClient = AuthServiceOauthError("invalid_client")
|
||||
ErrOauthInvalidGrant = AuthServiceOauthError("invalid_grant")
|
||||
ErrOauthInvalidScope = AuthServiceOauthError("invalid_scope")
|
||||
ErrOauthUnauthorizedClient = AuthServiceOauthError("unauthorized_client")
|
||||
ErrOauthUnsupportedGrantType = AuthServiceOauthError("unsupported_grant_type")
|
||||
)
|
||||
|
||||
// OauthAuthorizationCode 验证授权码
|
||||
func (s *authService) OauthAuthorizationCode(ctx context.Context, client *models.Client, code, redirectURI, codeVerifier string) (*TokenDetails, error) {
|
||||
// TODO: 从数据库验证授权码
|
||||
return nil, errors.New("TODO")
|
||||
}
|
||||
|
||||
// OauthClientCredentials 验证客户端凭证
|
||||
func (s *authService) OauthClientCredentials(ctx context.Context, client *models.Client, scope ...[]string) (*TokenDetails, error) {
|
||||
|
||||
var clientType PayloadType
|
||||
switch client.Spec {
|
||||
case 0:
|
||||
clientType = PayloadClientConfidential
|
||||
case 1:
|
||||
clientType = PayloadClientPublic
|
||||
case 2:
|
||||
clientType = PayloadClientConfidential
|
||||
}
|
||||
|
||||
// 保存会话并返回令牌
|
||||
auth := AuthContext{
|
||||
Permissions: map[string]struct{}{
|
||||
"client": {},
|
||||
},
|
||||
Payload: Payload{
|
||||
Type: clientType,
|
||||
Id: client.ID,
|
||||
},
|
||||
}
|
||||
|
||||
// todo 数据库定义会话持续时间
|
||||
token, err := Session.Create(ctx, auth)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return token, nil
|
||||
}
|
||||
|
||||
// OauthRefreshToken 验证刷新令牌
|
||||
func (s *authService) OauthRefreshToken(ctx context.Context, client *models.Client, refreshToken string, scope ...[]string) (*TokenDetails, error) {
|
||||
// TODO: 从数据库验证刷新令牌
|
||||
return nil, errors.New("TODO")
|
||||
}
|
||||
|
||||
type GrantType int
|
||||
|
||||
const (
|
||||
GrantTypeAuthorizationCode GrantType = iota
|
||||
GrantTypeClientCredentials
|
||||
GrantTypeRefreshToken
|
||||
)
|
||||
Reference in New Issue
Block a user