wip: 继续...

2024-10-23 22:42:13 +08:00
parent eb1744bd0d
commit f3861184b6
26 changed files with 1043 additions and 96 deletions
--- a/internal/serve/serve.go
+++ b/internal/serve/serve.go
@ -0,0 +1,144 @@
+package serve
+
+import (
+	"context"
+	"fmt"
+	"github.com/google/uuid"
+	"github.com/loveuer/nf"
+	"github.com/loveuer/nf/nft/log"
+	"net/http"
+	"uauth/internal/tool"
+)
+
+func authenticateUser(username, password string) (bool, error) {
+	// 这里你应该实现真实的用户认证逻辑
+	// 为了简化，我们这里直接硬编码一个用户名和密码
+	if username == "user" && password == "pass" {
+		return true, nil
+	}
+
+	return false, fmt.Errorf("invalid username or password")
+}
+
+// 处理登录请求
+func handleLogin(c *nf.Ctx) error {
+	username := c.FormValue("username")
+	password := c.FormValue("password")
+
+	// 认证用户
+	ok, err := authenticateUser(username, password)
+	if err != nil || !ok {
+		return c.Status(http.StatusUnauthorized).SendString("Unauthorized")
+	}
+
+	// 用户认证成功，重定向到授权页面
+	http.Redirect(c.Writer, c.Request, "/authorize?client_id=12345&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcallback&scope=read%20write", http.StatusFound)
+
+	return nil
+}
+
+// 处理授权请求
+func handleAuthorize(c *nf.Ctx) error {
+	// 解析查询参数
+	clientID := c.Query("client_id")
+	responseType := c.Query("response_type")
+	redirectURI := c.Query("redirect_uri")
+	scope := c.Query("scope")
+
+	// 检查客户端 ID 和其他参数
+	// 在实际应用中，你需要检查这些参数是否合法
+	if clientID != "12345" || responseType != "code" || redirectURI != "http://localhost:8080/callback" {
+		return c.Status(http.StatusBadRequest).SendString("Invalid request")
+	}
+
+	// 显示授权页面给用户
+	_, err := c.Write([]byte(`
+        <html>
+        <head><title>Authorization</title></head>
+        <body>
+            <h1>Do you want to authorize this application?</h1>
+            <form action="/approve" method="post">
+                <input type="hidden" name="client_id" value="` + clientID + `"/>
+                <input type="hidden" name="redirect_uri" value="` + redirectURI + `"/>
+                <input type="hidden" name="scope" value="` + scope + `"/>
+                <button type="submit">Yes, I authorize</button>
+            </form>
+        </body>
+        </html>
+    `))
+
+	return err
+}
+
+// 处理用户的授权批准
+func handleApprove(c *nf.Ctx) error {
+	// 获取表单数据
+	clientID := c.FormValue("client_id")
+	redirectURI := c.FormValue("redirect_uri")
+	scope := c.FormValue("scope")
+
+	// 生成授权码
+	authorizationCode := uuid.New().String()[:8]
+
+	log.Info("[D] client_id = %s, scope = %s, auth_code = %s", clientID, scope, authorizationCode)
+
+	// 重定向到回调 URL 并附带授权码
+	http.Redirect(c.Writer, c.Request, redirectURI+"?code="+authorizationCode, http.StatusFound)
+	return nil
+}
+
+// 令牌请求的处理
+func handleToken(c *nf.Ctx) error {
+	// 获取请求参数
+	grantType := c.FormValue("grant_type")
+	code := c.FormValue("code")
+	redirectURI := c.FormValue("redirect_uri")
+
+	// 简单验证
+	if grantType != "authorization_code" {
+		return c.Status(http.StatusBadRequest).SendString("Unsupported grant type")
+	}
+
+	mu.Lock()
+	defer mu.Unlock()
+
+	// 验证授权码是否有效
+	accessToken, ok := authCodes[code]
+	if !ok {
+		return c.Status(http.StatusBadRequest).SendString("Invalid authorization code")
+	}
+
+	// 生成访问令牌
+	token := generateAccessToken()
+
+	// 返回访问令牌
+	return c.JSON(map[string]string{
+		"access_token": token,
+		"token_type":   "bearer",
+		"expires_in":   "3600", // 访问令牌有效期（秒）
+	})
+
+	// 清除已使用的授权码
+	delete(authCodes, code)
+}
+
+func Run(ctx context.Context, prefix string, address string) error {
+
+	app := nf.New()
+
+	api := app.Group(prefix)
+	// 设置路由
+	api.Get("/login", handleLogin)
+	api.Get("/authorize", handleAuthorize)
+	api.Post("/approve", handleApprove)
+	api.Post("/token", handleToken)
+
+	// 启动 HTTP 服务器
+	log.Info("Starting server on: %s", address)
+	go func() {
+		<-ctx.Done()
+		_ = app.Shutdown(tool.Timeout(2))
+	}()
+
+	return app.Run(address)
+}