mirror of
https://github.com/casdoor/casdoor.git
synced 2025-07-03 04:10:20 +08:00
Add /api/oauth/code API.
This commit is contained in:
Yang Luo
126
object/token.go
126
object/token.go
@ -15,10 +15,17 @@
|
||||
package object
|
||||
|
||||
import (
|
||||
"strings"
|
||||
|
||||
"github.com/casdoor/casdoor/util"
|
||||
"xorm.io/core"
|
||||
)
|
||||
|
||||
type Code struct {
|
||||
Message string `xorm:"varchar(100)" json:"message"`
|
||||
Code string `xorm:"varchar(100)" json:"code"`
|
||||
}
|
||||
|
||||
type Token struct {
|
||||
Owner string `xorm:"varchar(100) notnull pk" json:"owner"`
|
||||
Name string `xorm:"varchar(100) notnull pk" json:"name"`
|
||||
@ -26,12 +33,20 @@ type Token struct {
|
||||
|
||||
Application string `xorm:"varchar(100)" json:"application"`
|
||||
|
||||
Code string `xorm:"varchar(100)" json:"code"`
|
||||
AccessToken string `xorm:"varchar(100)" json:"accessToken"`
|
||||
ExpiresIn int `json:"expiresIn"`
|
||||
Scope string `xorm:"varchar(100)" json:"scope"`
|
||||
TokenType string `xorm:"varchar(100)" json:"tokenType"`
|
||||
}
|
||||
|
||||
type TokenWrapper struct {
|
||||
AccessToken string `json:"access_token"`
|
||||
TokenType string `json:"token_type"`
|
||||
ExpiresIn int `json:"expires_in"`
|
||||
Scope string `json:"scope"`
|
||||
}
|
||||
|
||||
func GetTokens(owner string) []*Token {
|
||||
tokens := []*Token{}
|
||||
err := adapter.engine.Desc("created_time").Find(&tokens, &Token{Owner: owner})
|
||||
@ -56,6 +71,20 @@ func getToken(owner string, name string) *Token {
|
||||
}
|
||||
}
|
||||
|
||||
func getTokenByCode(code string) *Token {
|
||||
token := Token{}
|
||||
existed, err := adapter.engine.Where("code=?", code).Get(&token)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
if existed {
|
||||
return &token
|
||||
} else {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func GetToken(id string) *Token {
|
||||
owner, name := util.GetOwnerAndNameFromId(id)
|
||||
return getToken(owner, name)
|
||||
@ -94,15 +123,34 @@ func DeleteToken(token *Token) bool {
|
||||
return affected != 0
|
||||
}
|
||||
|
||||
func GetOAuthToken(applicationId string, grantType string, clientId string, clientSecret string, scope string) *Token {
|
||||
application := GetApplication(applicationId)
|
||||
|
||||
if grantType != "client_credentials" {
|
||||
return nil
|
||||
func GetOAuthCode(clientId string, responseType string, redirectUri string, scope string, state string) *Code {
|
||||
application := getApplicationByClientId(clientId)
|
||||
if application == nil {
|
||||
return &Code{
|
||||
Message: "invalid client_id",
|
||||
Code: "",
|
||||
}
|
||||
}
|
||||
|
||||
if application.ClientId != clientId || application.ClientSecret != clientSecret {
|
||||
return nil
|
||||
if responseType != "code" {
|
||||
return &Code{
|
||||
Message: "response_type should be \"code\"",
|
||||
Code: "",
|
||||
}
|
||||
}
|
||||
|
||||
validUri := false
|
||||
for _, url := range application.RedirectUrls {
|
||||
if strings.Contains(redirectUri, url) {
|
||||
validUri = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !validUri {
|
||||
return &Code{
|
||||
Message: "redirect_uri doesn't exist in the allowed Redirect URL list",
|
||||
Code: "",
|
||||
}
|
||||
}
|
||||
|
||||
token := &Token{
|
||||
@ -110,6 +158,7 @@ func GetOAuthToken(applicationId string, grantType string, clientId string, clie
|
||||
Name: util.GenerateId(),
|
||||
CreatedTime: util.GetCurrentTime(),
|
||||
Application: application.Name,
|
||||
Code: util.GenerateClientId(),
|
||||
AccessToken: "",
|
||||
ExpiresIn: 7200,
|
||||
Scope: scope,
|
||||
@ -117,5 +166,66 @@ func GetOAuthToken(applicationId string, grantType string, clientId string, clie
|
||||
}
|
||||
AddToken(token)
|
||||
|
||||
return token
|
||||
return &Code{
|
||||
Message: "",
|
||||
Code: token.Code,
|
||||
}
|
||||
}
|
||||
|
||||
func GetOAuthToken(grantType string, clientId string, clientSecret string, code string) *TokenWrapper {
|
||||
application := getApplicationByClientId(clientId)
|
||||
if application == nil {
|
||||
return &TokenWrapper{
|
||||
AccessToken: "invalid client_id",
|
||||
TokenType: "",
|
||||
ExpiresIn: 0,
|
||||
Scope: "",
|
||||
}
|
||||
}
|
||||
|
||||
if grantType != "authorization_code" {
|
||||
return &TokenWrapper{
|
||||
AccessToken: "grant_type should be \"authorization_code\"",
|
||||
TokenType: "",
|
||||
ExpiresIn: 0,
|
||||
Scope: "",
|
||||
}
|
||||
}
|
||||
|
||||
token := getTokenByCode(code)
|
||||
if token == nil {
|
||||
return &TokenWrapper{
|
||||
AccessToken: "invalid code",
|
||||
TokenType: "",
|
||||
ExpiresIn: 0,
|
||||
Scope: "",
|
||||
}
|
||||
}
|
||||
|
||||
if application.Name != token.Application {
|
||||
return &TokenWrapper{
|
||||
AccessToken: "token is for wrong application (client_id)",
|
||||
TokenType: "",
|
||||
ExpiresIn: 0,
|
||||
Scope: "",
|
||||
}
|
||||
}
|
||||
|
||||
if application.ClientSecret != clientSecret {
|
||||
return &TokenWrapper{
|
||||
AccessToken: "invalid client_secret",
|
||||
TokenType: "",
|
||||
ExpiresIn: 0,
|
||||
Scope: "",
|
||||
}
|
||||
}
|
||||
|
||||
tokenWrapper := &TokenWrapper{
|
||||
AccessToken: token.AccessToken,
|
||||
TokenType: token.TokenType,
|
||||
ExpiresIn: token.ExpiresIn,
|
||||
Scope: token.Scope,
|
||||
}
|
||||
|
||||
return tokenWrapper
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user