Add server package

Author: LyricTian

generates/access_test.go

@@ -22,7 +22,7 @@ func TestAccess(t *testing.T) {
 		gen := NewAccessGenerate()
 		access, refresh, err := gen.Token(data, true)
 		So(err, ShouldBeNil)
-		Println("\nAccess:", access)
-		Println("Refresh:", refresh)
+		So(access, ShouldNotBeEmpty)
+		So(refresh, ShouldNotBeEmpty)
 	})
 }

generates/authorize_test.go

@@ -22,6 +22,6 @@ func TestAuthorize(t *testing.T) {
 		gen := NewAuthorizeGenerate()
 		code, err := gen.Token(data)
 		So(err, ShouldBeNil)
-		Println("\nCode:", code)
+		So(code, ShouldNotBeEmpty)
 	})
 }

manage.go

@@ -8,6 +8,7 @@ type TokenGenerateRequest struct {
 	RedirectURI       string // 重定向URI
 	Scope             string // 授权范围
 	Code              string // 授权码(授权码模式使用)
+	Refresh           string // 刷新令牌
 	IsGenerateRefresh bool   // 是否生成更新令牌
 }
 
@@ -20,17 +21,17 @@ type Manager interface {
 	// GenerateAuthToken 生成授权令牌
 	// rt 授权类型
 	// tgr 生成令牌的请求参数
-	GenerateAuthToken(rt ResponseType, tgr *TokenGenerateRequest) (token string, err error)
+	GenerateAuthToken(rt ResponseType, tgr *TokenGenerateRequest) (authToken TokenInfo, err error)
 
 	// GenerateAccessToken 生成访问令牌、更新令牌
 	// rt 授权模式
 	// tgr 生成令牌的请求参数
-	GenerateAccessToken(rt GrantType, tgr *TokenGenerateRequest) (access, refresh string, err error)
+	GenerateAccessToken(rt GrantType, tgr *TokenGenerateRequest) (accessToken TokenInfo, err error)
 
 	// RefreshAccessToken 更新访问令牌
 	// refresh 更新令牌
 	// scope 作用域
-	RefreshAccessToken(refresh, scope string) (access string, err error)
+	RefreshAccessToken(refresh, scope string) (accessToken TokenInfo, err error)
 
 	// RemoveAccessToken 删除访问令牌
 	// access 访问令牌

manage/error.go

@@ -12,8 +12,8 @@ var (
 	// ErrClientInvalid Client invalid
 	ErrClientInvalid = errors.New("client invalid")
 
-	// ErrAuthTokenInvalid Authorize token invalid
-	ErrAuthTokenInvalid = errors.New("authorize token invalid")
+	// ErrAuthCodeInvalid Authorize token invalid
+	ErrAuthCodeInvalid = errors.New("authorize code invalid")
 
 	// ErrAccessInvalid Access token expired
 	ErrAccessInvalid = errors.New("access token invalid")

manage/manage_test.go

@@ -51,18 +51,23 @@ func testManager(manager oauth2.Manager) {
 		RedirectURI: "http://localhost/oauth2",
 		Scope:       "all",
 	}
-	code, err := manager.GenerateAuthToken(oauth2.Code, reqParams)
+	cti, err := manager.GenerateAuthToken(oauth2.Code, reqParams)
 	So(err, ShouldBeNil)
+
+	code := cti.GetAccess()
 	So(code, ShouldNotBeEmpty)
 
 	atParams := &oauth2.TokenGenerateRequest{
-		ClientID:          "1",
-		RedirectURI:       "http://localhost/oauth2",
+		ClientID:          reqParams.ClientID,
+		ClientSecret:      "11",
+		RedirectURI:       reqParams.RedirectURI,
 		Code:              code,
 		IsGenerateRefresh: true,
 	}
-	accessToken, refreshToken, err := manager.GenerateAccessToken(oauth2.AuthorizationCodeCredentials, atParams)
+	ati, err := manager.GenerateAccessToken(oauth2.AuthorizationCodeCredentials, atParams)
 	So(err, ShouldBeNil)
+
+	accessToken, refreshToken := ati.GetAccess(), ati.GetRefresh()
 	So(accessToken, ShouldNotBeEmpty)
 	So(refreshToken, ShouldNotBeEmpty)
 
@@ -77,8 +82,10 @@ func testManager(manager oauth2.Manager) {
 	So(err, ShouldBeNil)
 	So(rinfo.GetClientID(), ShouldEqual, atParams.ClientID)
 
-	refreshAT, err := manager.RefreshAccessToken(refreshToken, "owner")
+	rti, err := manager.RefreshAccessToken(refreshToken, "owner")
 	So(err, ShouldBeNil)
+
+	refreshAT := rti.GetAccess()
 	So(refreshAT, ShouldNotBeEmpty)
 
 	_, err = manager.LoadAccessToken(accessToken)

manage/manager.go

@@ -146,7 +146,7 @@ func (m *Manager) GetClient(clientID string) (cli oauth2.ClientInfo, err error)
 // GenerateAuthToken 生成授权令牌
 // rt 授权类型
 // tgr 生成令牌的配置参数
-func (m *Manager) GenerateAuthToken(rt oauth2.ResponseType, tgr *oauth2.TokenGenerateRequest) (token string, err error) {
+func (m *Manager) GenerateAuthToken(rt oauth2.ResponseType, tgr *oauth2.TokenGenerateRequest) (authToken oauth2.TokenInfo, err error) {
 	cli, err := m.GetClient(tgr.ClientID)
 	if err != nil {
 		return
@@ -177,7 +177,7 @@ func (m *Manager) GenerateAuthToken(rt oauth2.ResponseType, tgr *oauth2.TokenGen
 		if err != nil {
 			return
 		}
-		token = tv
+		authToken = ti
 	})
 	if ierr != nil && err == nil {
 		err = ierr
@@ -188,14 +188,14 @@ func (m *Manager) GenerateAuthToken(rt oauth2.ResponseType, tgr *oauth2.TokenGen
 // GenerateAccessToken 生成访问令牌、更新令牌
 // gt 授权模式
 // tgr 生成令牌的参数
-func (m *Manager) GenerateAccessToken(gt oauth2.GrantType, tgr *oauth2.TokenGenerateRequest) (access, refresh string, err error) {
+func (m *Manager) GenerateAccessToken(gt oauth2.GrantType, tgr *oauth2.TokenGenerateRequest) (accessToken oauth2.TokenInfo, err error) {
 	if gt == oauth2.AuthorizationCodeCredentials { // 授权码模式
 		ti, terr := m.LoadAccessToken(tgr.Code)
 		if terr != nil {
 			err = terr
 			return
 		} else if ti.GetRedirectURI() != tgr.RedirectURI || ti.GetClientID() != tgr.ClientID {
-			err = ErrAuthTokenInvalid
+			err = ErrAuthCodeInvalid
 			return
 		} else if verr := m.RemoveAccessToken(tgr.Code); verr != nil { // 删除授权码
 			err = verr
@@ -239,8 +239,7 @@ func (m *Manager) GenerateAccessToken(gt oauth2.GrantType, tgr *oauth2.TokenGene
 		if err != nil {
 			return
 		}
-		access = av
-		refresh = rv
+		accessToken = ti
 	})
 	if ierr != nil && err == nil {
 		err = ierr
@@ -249,16 +248,25 @@ func (m *Manager) GenerateAccessToken(gt oauth2.GrantType, tgr *oauth2.TokenGene
 }
 
 // RefreshAccessToken 更新访问令牌
-func (m *Manager) RefreshAccessToken(refresh, scope string) (token string, err error) {
-	ti, err := m.LoadRefreshToken(refresh)
+func (m *Manager) RefreshAccessToken(tgr *oauth2.TokenGenerateRequest) (accessToken oauth2.TokenInfo, err error) {
+	cli, err := m.GetClient(tgr.ClientID)
 	if err != nil {
 		return
+	} else if tgr.ClientSecret != "" && tgr.ClientSecret != cli.GetSecret() {
+		err = ErrClientInvalid
+		return
+	}
+	ti, err := m.LoadRefreshToken(tgr.Refresh)
+	if err != nil {
+		return
+	} else if ti.GetClientID() != tgr.ClientID {
+		err = ErrRefreshInvalid
+		return
 	}
-	access := ti.GetAccess()
 	_, ierr := m.injector.Invoke(func(stor oauth2.TokenStore, gen oauth2.AccessGenerate) {
-		cli, cerr := m.GetClient(ti.GetClientID())
-		if cerr != nil {
-			err = cerr
+		// 移除旧的访问令牌
+		if verr := stor.RemoveByAccess(ti.GetAccess()); verr != nil {
+			err = verr
 			return
 		}
 		td := &oauth2.GenerateBasic{
@@ -273,18 +281,14 @@ func (m *Manager) RefreshAccessToken(refresh, scope string) (token string, err e
 		}
 		ti.SetAccess(tv)
 		ti.SetAccessCreateAt(td.CreateAt)
-		if scope != "" {
+		if scope := tgr.Scope; scope != "" {
 			ti.SetScope(scope)
 		}
-		if verr := stor.RemoveByAccess(access); verr != nil {
-			err = verr
-			return
-		}
 		if verr := stor.Create(ti); verr != nil {
 			err = verr
 			return
 		}
-		token = tv
+		accessToken = ti
 	})
 	if ierr != nil && err == nil {
 		err = ierr

server/.gitkeep

@@ -0,0 +1,53 @@
+package server
+
+import (
+	"encoding/base64"
+	"net/http"
+	"strings"
+
+	"gopkg.in/oauth2.v2"
+)
+
+// AuthorizeRequest 授权请求
+type AuthorizeRequest struct {
+	Type        oauth2.ResponseType
+	ClientID    string
+	Scope       string
+	RedirectURI string
+	State       string
+	UserID      string
+}
+
+// ClientHandler 获取客户端信息
+type ClientHandler func(r *http.Request) (clientID, clientSecret string, err error)
+
+// UserHandler 获取用户信息
+type UserHandler func(username, password string) (userID string, err error)
+
+// ClientFormHandler 客户端表单信息
+func ClientFormHandler(r *http.Request) (clientID, clientSecret string, err error) {
+	clientID = r.Form.Get("client_id")
+	clientSecret = r.Form.Get("client_secret")
+	return
+}
+
+// ClientBasicHandler 客户端基础认证信息
+func ClientBasicHandler(r *http.Request) (clientID, clientSecret string, err error) {
+	s := strings.SplitN(r.Header.Get("Authorization"), " ", 2)
+	if len(s) != 2 || s[0] != "Basic" {
+		err = ErrAuthorizationHeaderInvalid
+		return
+	}
+	b, err := base64.StdEncoding.DecodeString(s[1])
+	if err != nil {
+		return
+	}
+	pair := strings.SplitN(string(b), ":", 2)
+	if len(pair) != 2 {
+		err = ErrAuthorizationHeaderInvalid
+		return
+	}
+	clientID = pair[0]
+	clientSecret = pair[1]
+	return
+}

server/authorize.go

@@ -0,0 +1,22 @@
+package server
+
+import "gopkg.in/oauth2.v2"
+
+// Config 配置参数
+type Config struct {
+	// TokenType 令牌类型（默认为Bearer）
+	TokenType string
+	// AllowedResponseType 允许的授权类型（默认code）
+	AllowedResponseType []oauth2.ResponseType
+	// AllowedGrantType 允许的授权模式（默认authorization_code）
+	AllowedGrantType []oauth2.GrantType
+}
+
+// NewConfig 创建默认的配置参数
+func NewConfig() *Config {
+	return &Config{
+		TokenType:           "Bearer",
+		AllowedResponseType: []oauth2.ResponseType{oauth2.Code},
+		AllowedGrantType:    []oauth2.GrantType{oauth2.AuthorizationCodeCredentials},
+	}
+}

server/config.go

@@ -0,0 +1,23 @@
+package server
+
+import "errors"
+
+var (
+	// ErrRequestMethodInvalid Request method invalid
+	ErrRequestMethodInvalid = errors.New("request method invalid")
+
+	// ErrResponseTypeInvalid Response type invalid
+	ErrResponseTypeInvalid = errors.New("response type invalid")
+
+	// ErrGrantTypeInvalid Grant type invalid
+	ErrGrantTypeInvalid = errors.New("grant type invalid")
+
+	// ErrClientInvalid Client invalid
+	ErrClientInvalid = errors.New("client invalid")
+
+	// ErrUserInvalid User invalid
+	ErrUserInvalid = errors.New("user invalid")
+
+	// ErrAuthorizationHeaderInvalid Authorization header invalid
+	ErrAuthorizationHeaderInvalid = errors.New("authorization header invalid")
+)