登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
开源项目 > WEB应用开发 > OAuth/单点登录/统一认证 &&
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 2

NilOrganization/oauth2

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
克隆/下载
client.go 7.25 KB
一键复制 编辑 原始数据 按行查看 历史
Keng 提交于 2021-07-08 09:56 . optimized code
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268
package oauth2



import (

	"encoding/json"

	"io"

	"io/ioutil"

	"net/http"

	"net/url"

	"strings"

)



// Client oauth2 client

type Client struct {

	Log                         Logger

	httpClient                  *http.Client

	ServerBaseURL               string

	AuthorizationEndpoint       string

	TokenEndpoint               string

	IntrospectEndpoint          string

	DeviceAuthorizationEndpoint string

	TokenRevocationEndpoint     string

	ID                          string

	Secret                      string

}



// NewClient new oauth2 client

func NewClient(serverBaseURL, id, secret string) *Client {

	httpclient := &http.Client{}

	httpclient.CheckRedirect = func(req *http.Request, via []*http.Request) error {

		return http.ErrUseLastResponse

	}

	return &Client{

		Log:                         &DefaultLogger{},

		httpClient:                  httpclient,

		ServerBaseURL:               serverBaseURL,

		AuthorizationEndpoint:       "/authorize",

		TokenEndpoint:               "/token",

		DeviceAuthorizationEndpoint: "/device_authorization",

		IntrospectEndpoint:          "/introspect",

		ID:                          id,

		Secret:                      secret,

	}

}



func (c *Client) authorize(w http.ResponseWriter, responseType, redirectURI, scope, state string) (err error) {

	var uri *url.URL

	uri, err = url.Parse(c.ServerBaseURL + c.AuthorizationEndpoint)

	if err != nil {

		return

	}

	query := uri.Query()

	query.Set(ResponseTypeKey, responseType)

	query.Set(ClientIDKey, c.ID)

	query.Set(RedirectURIKey, redirectURI)

	query.Set(ScopeKey, scope)

	query.Set(StateKey, state)

	uri.RawQuery = query.Encode()

	var resp *http.Response

	resp, err = c.httpClient.Get(uri.String())

	if err != nil {

		return

	}

	w.Header().Set("Location", resp.Header.Get("Location"))

	w.WriteHeader(resp.StatusCode)

	defer resp.Body.Close()

	_, err = io.Copy(w, resp.Body)

	return

}



// AuthorizeAuthorizationCode ...

func (c *Client) AuthorizeAuthorizationCode(w http.ResponseWriter, redirectURI, scope, state string) (err error) {

	return c.authorize(w, CodeKey, redirectURI, scope, state)

}



// TokenAuthorizationCode ...

// TokenAuthorizationCode(code, redirectURI, state string)

func (c *Client) TokenAuthorizationCode(code, redirectURI, clientID string) (token *TokenResponse, err error) {

	values := url.Values{

		CodeKey:        []string{code},

		RedirectURIKey: []string{redirectURI},

		ClientIDKey:    []string{clientID},

	}

	return c.token(AuthorizationCodeKey, values)

}



// AuthorizeImplicit ...

func (c *Client) AuthorizeImplicit(w http.ResponseWriter, redirectURI, scope, state string) (err error) {

	return c.authorize(w, TokenKey, redirectURI, scope, state)

}



// DeviceAuthorization ...

func (c *Client) DeviceAuthorization(w http.ResponseWriter, scope string) (err error) {

	var uri *url.URL

	uri, err = url.Parse(c.ServerBaseURL + c.DeviceAuthorizationEndpoint)

	if err != nil {

		return

	}

	query := uri.Query()

	query.Set(ClientIDKey, c.ID)

	query.Set(ScopeKey, scope)

	uri.RawQuery = query.Encode()

	var resp *http.Response

	resp, err = c.httpClient.Get(uri.String())

	if err != nil {

		return

	}

	w.WriteHeader(resp.StatusCode)

	defer resp.Body.Close()

	_, err = io.Copy(w, resp.Body)

	return

}



func (c *Client) Token(grantType string, values url.Values) (token *TokenResponse, err error) {

	return c.token(grantType, values)

}



func (c *Client) token(grantType string, values url.Values) (token *TokenResponse, err error) {

	var uri *url.URL

	uri, err = url.Parse(c.ServerBaseURL + c.TokenEndpoint)

	if err != nil {

		return

	}

	if values == nil {

		values = url.Values{

			GrantTypeKey: []string{grantType},

		}

	} else {

		values.Set(GrantTypeKey, grantType)

	}

	var req *http.Request

	req, err = http.NewRequest(http.MethodPost, uri.String(), strings.NewReader(values.Encode()))

	if err != nil {

		return

	}

	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")



	// explain: https://tools.ietf.org/html/rfc8628#section-3.4

	if grantType != DeviceCodeKey && grantType != UrnIetfParamsOAuthGrantTypeDeviceCodeKey {

		req.SetBasicAuth(c.ID, c.Secret)

	}



	var resp *http.Response

	resp, err = c.httpClient.Do(req)

	if err != nil {

		return

	}

	defer resp.Body.Close()

	var body []byte

	body, err = ioutil.ReadAll(resp.Body)

	if err != nil {

		return

	}

	if resp.StatusCode != http.StatusOK || strings.Contains(string(body), ErrorKey) {

		errModel := ErrorResponse{}

		err = json.Unmarshal(body, &errModel)

		if err != nil {

			return

		}

		err = Errors[errModel.Error]

	} else {

		token = &TokenResponse{}

		err = json.Unmarshal(body, token)

	}

	return

}



// TokenResourceOwnerPasswordCredentials ...

func (c *Client) TokenResourceOwnerPasswordCredentials(username, password string) (model *TokenResponse, err error) {

	values := url.Values{

		UsernameKey: []string{username},

		PasswordKey: []string{password},

	}

	return c.token(PasswordKey, values)

}



// TokenClientCredentials ...

func (c *Client) TokenClientCredentials() (model *TokenResponse, err error) {

	return c.token(ClientCredentialsKey, nil)

}



// RefreshToken ...

func (c *Client) RefreshToken(refreshToken string) (model *TokenResponse, err error) {

	values := url.Values{

		RefreshTokenKey: []string{refreshToken},

	}

	return c.token(RefreshTokenKey, values)

}



// TokenDeviceCode ...

func (c *Client) TokenDeviceCode(deviceCode string) (model *TokenResponse, err error) {

	values := url.Values{

		ClientIDKey:   []string{c.ID},

		DeviceCodeKey: []string{deviceCode},

	}

	return c.token(DeviceCodeKey, values)

}



// TokenIntrospect ...

func (c *Client) TokenIntrospect(token string, tokenTypeHint ...string) (introspection *IntrospectionResponse, err error) {

	values := url.Values{

		TokenKey: []string{token},

	}

	if len(tokenTypeHint) > 0 {

		if tokenTypeHint[0] != AccessTokenKey && tokenTypeHint[0] != RefreshTokenKey {

			err = ErrUnsupportedTokenType

			return

		}

		values.Set(TokenTypeHintKey, tokenTypeHint[0])

	}

	introspection = &IntrospectionResponse{}

	err = c.do(c.IntrospectEndpoint, values, introspection)

	return

}



// TokenRevocation token撤销

func (c *Client) TokenRevocation(token string, tokenTypeHint ...string) (introspection *IntrospectionResponse, err error) {

	values := url.Values{

		TokenKey: []string{token},

	}

	if len(tokenTypeHint) > 0 {

		if tokenTypeHint[0] != AccessTokenKey && tokenTypeHint[0] != RefreshTokenKey {

			err = ErrUnsupportedTokenType

			return

		}

		values.Set(TokenTypeHintKey, tokenTypeHint[0])

	}

	err = c.do(c.TokenRevocationEndpoint, values, nil)

	return

}



func (c *Client) do(path string, values url.Values, v interface{}) (err error) {

	var uri *url.URL

	uri, err = url.Parse(c.ServerBaseURL + path)

	if err != nil {

		return

	}

	var req *http.Request

	req, err = http.NewRequest(http.MethodPost, uri.String(), strings.NewReader(values.Encode()))

	if err != nil {

		return

	}

	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")

	req.SetBasicAuth(c.ID, c.Secret)

	var resp *http.Response

	resp, err = c.httpClient.Do(req)

	if err != nil {

		return

	}

	defer resp.Body.Close()

	var body []byte

	body, err = ioutil.ReadAll(resp.Body)

	if err != nil {

		return

	}

	if resp.StatusCode != http.StatusOK || strings.Contains(string(body), ErrorKey) {

		errModel := ErrorResponse{}

		err = json.Unmarshal(body, &errModel)

		if err != nil {

			return

		}

		err = Errors[errModel.Error]

	} else {

		if v != nil {

			err = json.Unmarshal(body, v)

		}

	}

	return

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
Go
1
https://gitee.com/nilorg/oauth2.git
git@gitee.com:nilorg/oauth2.git
nilorg
oauth2
oauth2
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部