86 lines
2.1 KiB
Go
86 lines
2.1 KiB
Go
package services
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"platform/web/models"
|
|
)
|
|
|
|
var Auth = &authService{}
|
|
|
|
type authService struct{}
|
|
|
|
type AuthServiceError string
|
|
|
|
func (e AuthServiceError) Error() string {
|
|
return string(e)
|
|
}
|
|
|
|
type AuthServiceOauthError string
|
|
|
|
func (e AuthServiceOauthError) Error() string {
|
|
return string(e)
|
|
}
|
|
|
|
var (
|
|
ErrOauthInvalidRequest = AuthServiceOauthError("invalid_request")
|
|
ErrOauthInvalidClient = AuthServiceOauthError("invalid_client")
|
|
ErrOauthInvalidGrant = AuthServiceOauthError("invalid_grant")
|
|
ErrOauthInvalidScope = AuthServiceOauthError("invalid_scope")
|
|
ErrOauthUnauthorizedClient = AuthServiceOauthError("unauthorized_client")
|
|
ErrOauthUnsupportedGrantType = AuthServiceOauthError("unsupported_grant_type")
|
|
)
|
|
|
|
// OauthAuthorizationCode 验证授权码
|
|
func (s *authService) OauthAuthorizationCode(ctx context.Context, client *models.Client, code, redirectURI, codeVerifier string) (*TokenDetails, error) {
|
|
// TODO: 从数据库验证授权码
|
|
return nil, errors.New("TODO")
|
|
}
|
|
|
|
// OauthClientCredentials 验证客户端凭证
|
|
func (s *authService) OauthClientCredentials(ctx context.Context, client *models.Client, scope ...[]string) (*TokenDetails, error) {
|
|
|
|
var clientType PayloadType
|
|
switch client.Spec {
|
|
case 0:
|
|
clientType = PayloadClientConfidential
|
|
case 1:
|
|
clientType = PayloadClientPublic
|
|
case 2:
|
|
clientType = PayloadClientConfidential
|
|
}
|
|
|
|
// 保存会话并返回令牌
|
|
auth := AuthContext{
|
|
Permissions: map[string]struct{}{
|
|
"client": {},
|
|
},
|
|
Payload: Payload{
|
|
Type: clientType,
|
|
Id: client.ID,
|
|
},
|
|
}
|
|
|
|
// todo 数据库定义会话持续时间
|
|
token, err := Session.Create(ctx, auth)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return token, nil
|
|
}
|
|
|
|
// OauthRefreshToken 验证刷新令牌
|
|
func (s *authService) OauthRefreshToken(ctx context.Context, client *models.Client, refreshToken string, scope ...[]string) (*TokenDetails, error) {
|
|
// TODO: 从数据库验证刷新令牌
|
|
return nil, errors.New("TODO")
|
|
}
|
|
|
|
type GrantType int
|
|
|
|
const (
|
|
GrantTypeAuthorizationCode GrantType = iota
|
|
GrantTypeClientCredentials
|
|
GrantTypeRefreshToken
|
|
)
|