// ClientFormFastHandler 客户端表单信息(基于fasthttp)
func ClientFormFastHandler(ctx *fasthttp.RequestCtx) (clientID, clientSecret string, err error) {
clientID = string(ctx.FormValue("client_id"))
clientSecret = string(ctx.FormValue("client_secret"))
if clientID == "" || clientSecret == "" {
err = ErrAuthorizationFormInvalid
}
return
}
// GetAuthorizeRequest 获取授权请求参数
func (fs *FastServer) GetAuthorizeRequest(ctx *fasthttp.RequestCtx) (authReq *AuthorizeRequest, err error) {
if !ctx.IsGet() {
err = ErrRequestMethodInvalid
return
}
redirectURI, err := url.QueryUnescape(string(ctx.FormValue("redirect_uri")))
if err != nil {
return
}
authReq = &AuthorizeRequest{
Type: oauth2.ResponseType(string(ctx.FormValue("response_type"))),
RedirectURI: redirectURI,
State: string(ctx.FormValue("state")),
Scope: string(ctx.FormValue("scope")),
ClientID: string(ctx.FormValue("client_id")),
}
if authReq.Type == "" || !fs.checkResponseType(authReq.Type) {
err = ErrResponseTypeInvalid
} else if authReq.ClientID == "" {
err = ErrClientInvalid
}
return
}
// HandleTokenRequest 处理令牌请求
func (fs *FastServer) HandleTokenRequest(ctx *fasthttp.RequestCtx) (err error) {
if !ctx.IsPost() {
err = ErrRequestMethodInvalid
return
}
gt := oauth2.GrantType(string(ctx.FormValue("grant_type")))
if gt == "" || !fs.checkGrantType(gt) {
err = ErrGrantTypeInvalid
return
}
var ti oauth2.TokenInfo
clientID, clientSecret, err := fs.cfg.Handler.ClientFastHandler(ctx)
if err != nil {
return
}
tgr := &oauth2.TokenGenerateRequest{
ClientID: clientID,
ClientSecret: clientSecret,
}
switch gt {
case oauth2.AuthorizationCodeCredentials:
tgr.RedirectURI = string(ctx.FormValue("redirect_uri"))
tgr.Code = string(ctx.FormValue("code"))
tgr.IsGenerateRefresh = true
ti, err = fs.manager.GenerateAccessToken(oauth2.AuthorizationCodeCredentials, tgr)
case oauth2.PasswordCredentials:
userID, uerr := fs.cfg.Handler.UserHandler(string(ctx.FormValue("username")), string(ctx.FormValue("password")))
if uerr != nil {
err = uerr
return
}
tgr.UserID = userID
tgr.Scope = string(ctx.FormValue("scope"))
tgr.IsGenerateRefresh = true
ti, err = fs.manager.GenerateAccessToken(oauth2.PasswordCredentials, tgr)
case oauth2.ClientCredentials:
tgr.Scope = string(ctx.FormValue("scope"))
ti, err = fs.manager.GenerateAccessToken(oauth2.ClientCredentials, tgr)
case oauth2.RefreshCredentials:
tgr.Refresh = string(ctx.FormValue("refresh_token"))
tgr.Scope = string(ctx.FormValue("scope"))
if tgr.Scope != "" { // 检查授权范围
rti, rerr := fs.manager.LoadRefreshToken(tgr.Refresh)
if rerr != nil {
err = rerr
return
} else if rti.GetClientID() != tgr.ClientID {
err = ErrRefreshInvalid
return
} else if verr := fs.cfg.Handler.ScopeHandler(tgr.Scope, rti.GetScope()); verr != nil {
err = verr
return
}
}
ti, err = fs.manager.RefreshAccessToken(tgr)
if err == nil {
ti.SetRefresh("")
}
}
if err != nil {
return
}
err = fs.ResJSON(ctx, ti)
return
}
