197 lines
4.5 KiB
Go
197 lines
4.5 KiB
Go
|
package auth
|
|||
|
|
|
|||
|
|
import (
|
|||
|
|
"crypto/rand"
|
|||
|
|
"encoding/base64"
|
|||
|
|
"encoding/json"
|
|||
|
|
"fmt"
|
|||
|
|
"net/http"
|
|||
|
|
"net/url"
|
|||
|
|
"strings"
|
|||
|
|
"sync"
|
|||
|
|
"time"
|
|||
|
|
|
|||
|
|
"golang.org/x/oauth2"
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
// StateStore OAuth状态存储
|
|||
|
|
type StateStore struct {
|
|||
|
|
states map[string]time.Time
|
|||
|
|
mu sync.RWMutex
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
var stateStore = &StateStore{
|
|||
|
|
states: make(map[string]time.Time),
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// GenerateState 生成OAuth状态参数
|
|||
|
|
func GenerateState() (string, error) {
|
|||
|
|
b := make([]byte, 32)
|
|||
|
|
if _, err := rand.Read(b); err != nil {
|
|||
|
|
return "", fmt.Errorf("generate state failed: %w", err)
|
|||
|
|
}
|
|||
|
|
state := base64.URLEncoding.EncodeToString(b)
|
|||
|
|
|
|||
|
|
// 存储状态,10分钟过期
|
|||
|
|
stateStore.mu.Lock()
|
|||
|
|
stateStore.states[state] = time.Now().Add(10 * time.Minute)
|
|||
|
|
stateStore.mu.Unlock()
|
|||
|
|
|
|||
|
|
return state, nil
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// ValidateState 验证OAuth状态参数
|
|||
|
|
func ValidateState(state string) bool {
|
|||
|
|
stateStore.mu.Lock()
|
|||
|
|
defer stateStore.mu.Unlock()
|
|||
|
|
|
|||
|
|
expireTime, ok := stateStore.states[state]
|
|||
|
|
if !ok {
|
|||
|
|
return false
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 检查是否过期
|
|||
|
|
if time.Now().After(expireTime) {
|
|||
|
|
delete(stateStore.states, state)
|
|||
|
|
return false
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 使用后删除
|
|||
|
|
delete(stateStore.states, state)
|
|||
|
|
|
|||
|
|
return true
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// CleanupStates 清理过期的状态
|
|||
|
|
func CleanupStates() {
|
|||
|
|
stateStore.mu.Lock()
|
|||
|
|
defer stateStore.mu.Unlock()
|
|||
|
|
|
|||
|
|
now := time.Now()
|
|||
|
|
for state, expireTime := range stateStore.states {
|
|||
|
|
if now.After(expireTime) {
|
|||
|
|
delete(stateStore.states, state)
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// HTTPClient OAuth HTTP客户端
|
|||
|
|
var HTTPClient = &http.Client{
|
|||
|
|
Timeout: 30 * time.Second,
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// Get 发送GET请求
|
|||
|
|
func Get(url string) (*http.Response, error) {
|
|||
|
|
return HTTPClient.Get(url)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// PostForm 发送POST表单请求
|
|||
|
|
func PostForm(url string, data url.Values) (*http.Response, error) {
|
|||
|
|
return HTTPClient.PostForm(url, data)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// GetJSON 发送GET请求并解析JSON响应
|
|||
|
|
func GetJSON(url string, result interface{}) error {
|
|||
|
|
resp, err := Get(url)
|
|||
|
|
if err != nil {
|
|||
|
|
return err
|
|||
|
|
}
|
|||
|
|
defer resp.Body.Close()
|
|||
|
|
|
|||
|
|
if resp.StatusCode != http.StatusOK {
|
|||
|
|
return fmt.Errorf("HTTP request failed with status %d", resp.StatusCode)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return json.NewDecoder(resp.Body).Decode(result)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// PostFormJSON 发送POST表单请求并解析JSON响应
|
|||
|
|
func PostFormJSON(url string, data url.Values, result interface{}) error {
|
|||
|
|
resp, err := PostForm(url, data)
|
|||
|
|
if err != nil {
|
|||
|
|
return err
|
|||
|
|
}
|
|||
|
|
defer resp.Body.Close()
|
|||
|
|
|
|||
|
|
if resp.StatusCode != http.StatusOK {
|
|||
|
|
return fmt.Errorf("HTTP request failed with status %d", resp.StatusCode)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return json.NewDecoder(resp.Body).Decode(result)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// BuildAuthURL 构建标准OAuth授权URL
|
|||
|
|
func BuildAuthURL(baseURL, clientID, redirectURI, scope, state string) string {
|
|||
|
|
u, _ := url.Parse(baseURL)
|
|||
|
|
q := u.Query()
|
|||
|
|
q.Set("client_id", clientID)
|
|||
|
|
q.Set("redirect_uri", redirectURI)
|
|||
|
|
q.Set("scope", scope)
|
|||
|
|
q.Set("state", state)
|
|||
|
|
q.Set("response_type", "code")
|
|||
|
|
u.RawQuery = q.Encode()
|
|||
|
|
return u.String()
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// ParseAccessTokenResponse 解析访问令牌响应
|
|||
|
|
func ParseAccessTokenResponse(resp []byte) (*OAuthToken, error) {
|
|||
|
|
var result struct {
|
|||
|
|
AccessToken string `json:"access_token"`
|
|||
|
|
RefreshToken string `json:"refresh_token"`
|
|||
|
|
ExpiresIn int64 `json:"expires_in"`
|
|||
|
|
TokenType string `json:"token_type"`
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
if err := json.Unmarshal(resp, &result); err != nil {
|
|||
|
|
return nil, err
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return &OAuthToken{
|
|||
|
|
AccessToken: result.AccessToken,
|
|||
|
|
RefreshToken: result.RefreshToken,
|
|||
|
|
ExpiresIn: result.ExpiresIn,
|
|||
|
|
TokenType: result.TokenType,
|
|||
|
|
}, nil
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// ParseQueryAccessToken 解析查询字符串形式的访问令牌(用于某些返回text/plain的API)
|
|||
|
|
func ParseQueryAccessToken(body string) (accessToken string, err error) {
|
|||
|
|
values, err := url.ParseQuery(body)
|
|||
|
|
if err != nil {
|
|||
|
|
return "", err
|
|||
|
|
}
|
|||
|
|
return values.Get("access_token"), nil
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// ParseJSONPResponse 解析JSONP响应(用于QQ等平台)
|
|||
|
|
func ParseJSONPResponse(jsonp string) (map[string]interface{}, error) {
|
|||
|
|
// 移除callback包装
|
|||
|
|
start := strings.Index(jsonp, "(")
|
|||
|
|
end := strings.LastIndex(jsonp, ")")
|
|||
|
|
if start == -1 || end == -1 {
|
|||
|
|
return nil, fmt.Errorf("invalid JSONP format")
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
jsonStr := jsonp[start+1 : end]
|
|||
|
|
var result map[string]interface{}
|
|||
|
|
if err := json.Unmarshal([]byte(jsonStr), &result); err != nil {
|
|||
|
|
return nil, err
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return result, nil
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// ToOAuth2Config 转换为oauth2.Config
|
|||
|
|
func ToOAuth2Config(config *OAuthConfig) *oauth2.Config {
|
|||
|
|
return &oauth2.Config{
|
|||
|
|
ClientID: config.ClientID,
|
|||
|
|
ClientSecret: config.ClientSecret,
|
|||
|
|
RedirectURL: config.RedirectURI,
|
|||
|
|
Scopes: strings.Split(config.Scope, ","),
|
|||
|
|
Endpoint: oauth2.Endpoint{
|
|||
|
|
AuthURL: config.AuthURL,
|
|||
|
|
TokenURL: config.TokenURL,
|
|||
|
|
},
|
|||
|
|
}
|
|||
|
|
}
|