Beispiel #1
0
// ClientFormFastHandler 客户端表单信息(基于fasthttp)
func ClientFormFastHandler(ctx *fasthttp.RequestCtx) (clientID, clientSecret string, err error) {
	clientID = string(ctx.FormValue("client_id"))
	clientSecret = string(ctx.FormValue("client_secret"))
	if clientID == "" || clientSecret == "" {
		err = ErrAuthorizationFormInvalid
	}
	return
}
Beispiel #2
0
// GetAuthorizeRequest 获取授权请求参数
func (fs *FastServer) GetAuthorizeRequest(ctx *fasthttp.RequestCtx) (authReq *AuthorizeRequest, err error) {
	if !ctx.IsGet() {
		err = ErrRequestMethodInvalid
		return
	}
	redirectURI, err := url.QueryUnescape(string(ctx.FormValue("redirect_uri")))
	if err != nil {
		return
	}
	authReq = &AuthorizeRequest{
		Type:        oauth2.ResponseType(string(ctx.FormValue("response_type"))),
		RedirectURI: redirectURI,
		State:       string(ctx.FormValue("state")),
		Scope:       string(ctx.FormValue("scope")),
		ClientID:    string(ctx.FormValue("client_id")),
	}
	if authReq.Type == "" || !fs.checkResponseType(authReq.Type) {
		err = ErrResponseTypeInvalid
	} else if authReq.ClientID == "" {
		err = ErrClientInvalid
	}
	return
}
Beispiel #3
0
// HandleTokenRequest 处理令牌请求
func (fs *FastServer) HandleTokenRequest(ctx *fasthttp.RequestCtx) (err error) {
	if !ctx.IsPost() {
		err = ErrRequestMethodInvalid
		return
	}
	gt := oauth2.GrantType(string(ctx.FormValue("grant_type")))
	if gt == "" || !fs.checkGrantType(gt) {
		err = ErrGrantTypeInvalid
		return
	}

	var ti oauth2.TokenInfo
	clientID, clientSecret, err := fs.cfg.Handler.ClientFastHandler(ctx)
	if err != nil {
		return
	}
	tgr := &oauth2.TokenGenerateRequest{
		ClientID:     clientID,
		ClientSecret: clientSecret,
	}

	switch gt {
	case oauth2.AuthorizationCodeCredentials:
		tgr.RedirectURI = string(ctx.FormValue("redirect_uri"))
		tgr.Code = string(ctx.FormValue("code"))
		tgr.IsGenerateRefresh = true
		ti, err = fs.manager.GenerateAccessToken(oauth2.AuthorizationCodeCredentials, tgr)
	case oauth2.PasswordCredentials:
		userID, uerr := fs.cfg.Handler.UserHandler(string(ctx.FormValue("username")), string(ctx.FormValue("password")))
		if uerr != nil {
			err = uerr
			return
		}
		tgr.UserID = userID
		tgr.Scope = string(ctx.FormValue("scope"))
		tgr.IsGenerateRefresh = true
		ti, err = fs.manager.GenerateAccessToken(oauth2.PasswordCredentials, tgr)
	case oauth2.ClientCredentials:
		tgr.Scope = string(ctx.FormValue("scope"))
		ti, err = fs.manager.GenerateAccessToken(oauth2.ClientCredentials, tgr)
	case oauth2.RefreshCredentials:
		tgr.Refresh = string(ctx.FormValue("refresh_token"))
		tgr.Scope = string(ctx.FormValue("scope"))
		if tgr.Scope != "" { // 检查授权范围
			rti, rerr := fs.manager.LoadRefreshToken(tgr.Refresh)
			if rerr != nil {
				err = rerr
				return
			} else if rti.GetClientID() != tgr.ClientID {
				err = ErrRefreshInvalid
				return
			} else if verr := fs.cfg.Handler.ScopeHandler(tgr.Scope, rti.GetScope()); verr != nil {
				err = verr
				return
			}
		}
		ti, err = fs.manager.RefreshAccessToken(tgr)
		if err == nil {
			ti.SetRefresh("")
		}
	}

	if err != nil {
		return
	}
	err = fs.ResJSON(ctx, ti)
	return
}