Improve code comments

Author: DeyiXu

README.md

@@ -84,9 +84,9 @@ func main() {
 			err = oauth2.ErrInvalidClient
 			return
 		}
-		basic = &oauth2.ClientBasic{
-			ID:     basic.ID,
-			Secret: pwd,
+		if basic.Secret != pwd {
+			err = oauth2.ErrInvalidClient
+			return
 		}
 		return
 	}
@@ -156,7 +156,9 @@ func main() {
 		return
 	}
 
-	srv.Init()
+	if err := srv.InitWithError(); err != nil {
+		panic(err)
+	}
 
 	// =============Http Default=============
 	// http.HandleFunc("/authorize", srv.HandleAuthorize)

client.go

@@ -4,27 +4,29 @@ import (
 	"context"
 	"encoding/json"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strings"
 )
 
-// Client oauth2 client
+// Client OAuth2客户端 / OAuth2 client for making authorization requests
 type Client struct {
-	Log                         Logger
-	httpClient                  *http.Client
-	ServerBaseURL               string
-	AuthorizationEndpoint       string
-	TokenEndpoint               string
-	IntrospectEndpoint          string
-	DeviceAuthorizationEndpoint string
-	TokenRevocationEndpoint     string
-	ID                          string
-	Secret                      string
+	Log                         Logger       // 日志记录器 / Logger instance
+	httpClient                  *http.Client // HTTP客户端 / HTTP client for requests
+	ServerBaseURL               string       // 服务器基础URL / OAuth2 server base URL
+	AuthorizationEndpoint       string       // 授权端点 / Authorization endpoint path
+	TokenEndpoint               string       // 令牌端点 / Token endpoint path
+	IntrospectEndpoint          string       // 内省端点 / Introspection endpoint path
+	DeviceAuthorizationEndpoint string       // 设备授权端点 / Device authorization endpoint path
+	TokenRevocationEndpoint     string       // 令牌撤销端点 / Token revocation endpoint path
+	ID                          string       // 客户端ID / Client identifier
+	Secret                      string       // 客户端密钥 / Client secret
 }
 
-// NewClient new oauth2 client
+// NewClient 创建OAuth2客户端 / Create a new OAuth2 client
+// serverBaseURL: 服务器基础URL / OAuth2 server base URL
+// id: 客户端ID / Client identifier
+// secret: 客户端密钥 / Client secret
 func NewClient(serverBaseURL, id, secret string) *Client {
 	httpclient := &http.Client{}
 	httpclient.CheckRedirect = func(req *http.Request, via []*http.Request) error {
@@ -73,13 +75,18 @@ func (c *Client) authorize(ctx context.Context, w http.ResponseWriter, responseT
 	return
 }
 
-// AuthorizeAuthorizationCode ...
+// AuthorizeAuthorizationCode 授权码模式授权请求 / Authorization code grant authorization request
+// redirectURI: 重定向URI / Redirect URI after authorization
+// scope: 授权范围 / Requested scope
+// state: 状态码，用于防止CSRF攻击 / State parameter for CSRF protection
 func (c *Client) AuthorizeAuthorizationCode(ctx context.Context, w http.ResponseWriter, redirectURI, scope, state string) (err error) {
 	return c.authorize(ctx, w, CodeKey, redirectURI, scope, state)
 }
 
-// TokenAuthorizationCode ...
-// TokenAuthorizationCode(code, redirectURI, state string)
+// TokenAuthorizationCode 授权码模式获取令牌 / Exchange authorization code for access token
+// code: 授权码 / Authorization code received from authorization server
+// redirectURI: 重定向URI / Redirect URI used in authorization request
+// clientID: 客户端ID / Client identifier
 func (c *Client) TokenAuthorizationCode(ctx context.Context, code, redirectURI, clientID string) (token *TokenResponse, err error) {
 	values := url.Values{
 		CodeKey:        []string{code},
@@ -89,12 +96,16 @@ func (c *Client) TokenAuthorizationCode(ctx context.Context, code, redirectURI,
 	return c.token(ctx, AuthorizationCodeKey, values)
 }
 
-// AuthorizeImplicit ...
+// AuthorizeImplicit 隐式授权模式授权请求 / Implicit grant authorization request
+// redirectURI: 重定向URI / Redirect URI after authorization
+// scope: 授权范围 / Requested scope
+// state: 状态码，用于防止CSRF攻击 / State parameter for CSRF protection
 func (c *Client) AuthorizeImplicit(ctx context.Context, w http.ResponseWriter, redirectURI, scope, state string) (err error) {
 	return c.authorize(ctx, w, TokenKey, redirectURI, scope, state)
 }
 
-// DeviceAuthorization ...
+// DeviceAuthorization 设备授权请求 / Device authorization request (RFC 8628)
+// scope: 授权范围 / Requested scope
 func (c *Client) DeviceAuthorization(ctx context.Context, w http.ResponseWriter, scope string) (err error) {
 	var uri *url.URL
 	uri, err = url.Parse(c.ServerBaseURL + c.DeviceAuthorizationEndpoint)
@@ -175,7 +186,9 @@ func (c *Client) token(ctx context.Context, grantType string, values url.Values)
 	return
 }
 
-// TokenResourceOwnerPasswordCredentials ...
+// TokenResourceOwnerPasswordCredentials 密码模式获取令牌 / Resource owner password credentials grant
+// username: 用户名 / Resource owner username
+// password: 密码 / Resource owner password
 func (c *Client) TokenResourceOwnerPasswordCredentials(ctx context.Context, username, password string) (model *TokenResponse, err error) {
 	values := url.Values{
 		UsernameKey: []string{username},
@@ -184,7 +197,8 @@ func (c *Client) TokenResourceOwnerPasswordCredentials(ctx context.Context, user
 	return c.token(ctx, PasswordKey, values)
 }
 
-// TokenClientCredentials ...
+// TokenClientCredentials 客户端凭证模式获取令牌 / Client credentials grant
+// scope: 授权范围（可选） / Requested scope (optional)
 func (c *Client) TokenClientCredentials(ctx context.Context, scope ...string) (model *TokenResponse, err error) {
 	values := url.Values{}
 	if len(scope) > 0 {
@@ -193,15 +207,17 @@ func (c *Client) TokenClientCredentials(ctx context.Context, scope ...string) (m
 	return c.token(ctx, ClientCredentialsKey, values)
 }
 
-// RefreshToken ...
+// RefreshToken 刷新访问令牌 / Refresh access token using refresh token
+// refreshToken: 刷新令牌 / Refresh token
 func (c *Client) RefreshToken(ctx context.Context, refreshToken string) (model *TokenResponse, err error) {
 	values := url.Values{
 		RefreshTokenKey: []string{refreshToken},
 	}
 	return c.token(ctx, RefreshTokenKey, values)
 }
 
-// TokenDeviceCode ...
+// TokenDeviceCode 设备码模式获取令牌 / Exchange device code for access token (RFC 8628)
+// deviceCode: 设备码 / Device code received from device authorization
 func (c *Client) TokenDeviceCode(ctx context.Context, deviceCode string) (model *TokenResponse, err error) {
 	values := url.Values{
 		ClientIDKey:   []string{c.ID},
@@ -210,7 +226,9 @@ func (c *Client) TokenDeviceCode(ctx context.Context, deviceCode string) (model
 	return c.token(ctx, DeviceCodeKey, values)
 }
 
-// TokenIntrospect ...
+// TokenIntrospect 令牌内省 / Token introspection (RFC 7662)
+// token: 要检查的令牌 / Token to introspect
+// tokenTypeHint: 令牌类型提示（可选） / Token type hint (optional): access_token or refresh_token
 func (c *Client) TokenIntrospect(ctx context.Context, token string, tokenTypeHint ...string) (introspection *IntrospectionResponse, err error) {
 	values := url.Values{
 		TokenKey: []string{token},
@@ -227,7 +245,9 @@ func (c *Client) TokenIntrospect(ctx context.Context, token string, tokenTypeHin
 	return
 }
 
-// TokenRevocation token撤销
+// TokenRevocation 令牌撤销 / Token revocation (RFC 7009)
+// token: 要撤销的令牌 / Token to revoke
+// tokenTypeHint: 令牌类型提示（可选） / Token type hint (optional): access_token or refresh_token
 func (c *Client) TokenRevocation(ctx context.Context, token string, tokenTypeHint ...string) (introspection *IntrospectionResponse, err error) {
 	values := url.Values{
 		TokenKey: []string{token},
@@ -263,7 +283,7 @@ func (c *Client) do(ctx context.Context, path string, values url.Values, v inter
 	}
 	defer resp.Body.Close()
 	var body []byte
-	body, err = ioutil.ReadAll(resp.Body)
+	body, err = io.ReadAll(resp.Body)
 	if err != nil {
 		return
 	}

constant.go

@@ -3,15 +3,16 @@ package oauth2
 import "time"
 
 const (
+	// contentTypeJSON JSON内容类型 / JSON content type for HTTP responses
 	contentTypeJSON = "application/json"
-	// AccessTokenExpire ...
+	// AccessTokenExpire 访问令牌过期时间（1小时） / Access token expiration time (1 hour)
 	AccessTokenExpire = time.Second * 3600
-	// RefreshTokenExpire ...
+	// RefreshTokenExpire 刷新令牌过期时间（30分钟） / Refresh token expiration time (30 minutes)
 	RefreshTokenExpire = AccessTokenExpire / 2
-	// TokenTypeBearer ...
+	// TokenTypeBearer Bearer令牌类型 / Bearer token type
 	TokenTypeBearer = "Bearer"
-	// ScopeRefreshToken ...
+	// ScopeRefreshToken 刷新令牌的scope / Scope for refresh token
 	ScopeRefreshToken = "refresh_token"
-	// DefaultJwtIssuer ...
+	// DefaultJwtIssuer 默认JWT颁发者 / Default JWT issuer
 	DefaultJwtIssuer = "github.com/nilorg/oauth2"
 )

context.go

@@ -5,14 +5,15 @@ import (
 	"errors"
 )
 
+// openIDKey OpenID上下文键类型 / Context key type for OpenID
 type openIDKey struct{}
 
 var (
-	// ErrContextNotFoundOpenID 上下文不存在OpenID
-	ErrContextNotFoundOpenID = errors.New("OAuth2上下文不存在OpenID")
+	// ErrContextNotFoundOpenID 上下文不存在OpenID / OpenID not found in context
+	ErrContextNotFoundOpenID = errors.New("openid not found in context")
 )
 
-// OpenIDFromContext ...
+// OpenIDFromContext 从上下文中获取OpenID / Get OpenID from context
 func OpenIDFromContext(ctx context.Context) (string, error) {
 	openID, ok := ctx.Value(openIDKey{}).(string)
 	if !ok {
@@ -21,7 +22,7 @@ func OpenIDFromContext(ctx context.Context) (string, error) {
 	return openID, nil
 }
 
-// NewOpenIDContext 创建OpenID上下文
+// NewOpenIDContext 创建包含OpenID的上下文 / Create context with OpenID
 func NewOpenIDContext(ctx context.Context, openID string) context.Context {
 	return context.WithValue(ctx, openIDKey{}, openID)
 }

errors.go

@@ -40,50 +40,50 @@ var (
 )
 
 var (
-	// ErrVerifyClientFuncNil ...
+	// ErrVerifyClientFuncNil VerifyClient函数未设置 / VerifyClient function is not set
 	ErrVerifyClientFuncNil = errors.New("OAuth2 Server VerifyClient Is Nil")
-	// ErrVerifyClientIDFuncNil ...
+	// ErrVerifyClientIDFuncNil VerifyClientID函数未设置 / VerifyClientID function is not set
 	ErrVerifyClientIDFuncNil = errors.New("OAuth2 Server VerifyClientID Is Nil")
-	// ErrVerifyPasswordFuncNil ...
+	// ErrVerifyPasswordFuncNil VerifyPassword函数未设置 / VerifyPassword function is not set
 	ErrVerifyPasswordFuncNil = errors.New("OAuth2 Server VerifyPassword Is Nil")
-	// ErrVerifyRedirectURIFuncNil ...
+	// ErrVerifyRedirectURIFuncNil VerifyRedirectURI函数未设置 / VerifyRedirectURI function is not set
 	ErrVerifyRedirectURIFuncNil = errors.New("OAuth2 Server VerifyRedirectURI Is Nil")
-	// ErrGenerateCodeFuncNil ...
+	// ErrGenerateCodeFuncNil GenerateCode函数未设置 / GenerateCode function is not set
 	ErrGenerateCodeFuncNil = errors.New("OAuth2 Server GenerateCode Is Nil")
-	// ErrVerifyCodeFuncNil ...
+	// ErrVerifyCodeFuncNil VerifyCode函数未设置 / VerifyCode function is not set
 	ErrVerifyCodeFuncNil = errors.New("OAuth2 Server VerifyCode Is Nil")
-	// ErrVerifyScopeFuncNil ...
+	// ErrVerifyScopeFuncNil VerifyScope函数未设置 / VerifyScope function is not set
 	ErrVerifyScopeFuncNil = errors.New("OAuth2 Server VerifyScope Is Nil")
-	// ErrGenerateAccessTokenFuncNil ...
+	// ErrGenerateAccessTokenFuncNil GenerateAccessToken函数未设置 / GenerateAccessToken function is not set
 	ErrGenerateAccessTokenFuncNil = errors.New("OAuth2 Server GenerateAccessTokenFunc Is Nil")
-	// ErrGenerateDeviceAuthorizationFuncNil ...
+	// ErrGenerateDeviceAuthorizationFuncNil GenerateDeviceAuthorization函数未设置 / GenerateDeviceAuthorization function is not set
 	ErrGenerateDeviceAuthorizationFuncNil = errors.New("OAuth2 Server GenerateDeviceAuthorizationFunc Is Nil")
-	// ErrVerifyDeviceCodeFuncNil ...
+	// ErrVerifyDeviceCodeFuncNil VerifyDeviceCode函数未设置 / VerifyDeviceCode function is not set
 	ErrVerifyDeviceCodeFuncNil = errors.New("OAuth2 Server ErrVerifyDeviceCodeFunc Is Nil")
-	// ErrRefreshAccessTokenFuncNil ...
+	// ErrRefreshAccessTokenFuncNil RefreshAccessToken函数未设置 / RefreshAccessToken function is not set
 	ErrRefreshAccessTokenFuncNil = errors.New("OAuth2 Server ErrRefreshAccessTokenFuncNil Is Nil")
-	// ErrParseAccessTokenFuncNil ...
+	// ErrParseAccessTokenFuncNil ParseAccessToken函数未设置 / ParseAccessToken function is not set
 	ErrParseAccessTokenFuncNil = errors.New("OAuth2 Server ParseAccessTokenFunc Is Nil")
-	// ErrVerifyIntrospectionTokenFuncNil ...
+	// ErrVerifyIntrospectionTokenFuncNil VerifyIntrospectionToken函数未设置 / VerifyIntrospectionToken function is not set
 	ErrVerifyIntrospectionTokenFuncNil = errors.New("OAuth2 Server VerifyIntrospectionToken Is Nil")
-	// ErrTokenRevocationFuncNil ...
+	// ErrTokenRevocationFuncNil TokenRevocation函数未设置 / TokenRevocation function is not set
 	ErrTokenRevocationFuncNil = errors.New("OAuth2 Server TokenRevocation Is Nil")
-	// ErrVerifyGrantTypeFuncNil ...
+	// ErrVerifyGrantTypeFuncNil VerifyGrantType函数未设置 / VerifyGrantType function is not set
 	ErrVerifyGrantTypeFuncNil = errors.New("OAuth2 Server VerifyGrantType Is Nil")
 	// ErrInvalidAccessToken 无效的访问令牌
 	ErrInvalidAccessToken = errors.New("invalid_access_token")
 	// ErrInvalidRedirectURI 无效的RedirectURI
 	ErrInvalidRedirectURI = errors.New("invalid_redirect_uri")
-	// ErrStateValueDidNotMatch ...
+	// ErrStateValueDidNotMatch state值不匹配 / State value did not match
 	ErrStateValueDidNotMatch = errors.New("state value did not match")
-	// ErrMissingAccessToken ...
+	// ErrMissingAccessToken 缺少访问令牌 / Missing access token in request
 	ErrMissingAccessToken = errors.New("missing access token")
-	// ErrAccessToken ...
+	// ErrAccessToken AccessToken接口未设置 / AccessToken interface is not set
 	ErrAccessToken = errors.New("OAuth2 Server AccessToken Is Nil")
 )
 
 var (
-	// Errors ...
+	// Errors 错误映射表，用于从错误字符串查找错误对象 / Error map for looking up error objects from error strings
 	Errors = map[string]error{
 		ErrVerifyClientFuncNil.Error():   ErrVerifyClientFuncNil,
 		ErrInvalidAccessToken.Error():    ErrInvalidAccessToken,
@@ -105,7 +105,7 @@ var (
 		ErrSlowDown.Error():                ErrSlowDown,
 		ErrUnsupportedTokenType.Error():    ErrUnsupportedTokenType,
 	}
-	// ErrStatusCodes ...
+	// ErrStatusCodes 错误对应的HTTP状态码映射表 / HTTP status codes mapping for errors
 	ErrStatusCodes = map[error]int{
 		ErrInvalidRequest:          http.StatusBadRequest,           // 400
 		ErrUnauthorizedClient:      http.StatusUnauthorized,         // 401

examples/server/main.go

@@ -95,7 +95,9 @@ func main() {
 		return
 	}
 
-	srv.Init()
+	if err := srv.InitWithError(); err != nil {
+		panic(err)
+	}
 
 	// =============Http Default=============
 	// http.HandleFunc("/authorize", srv.HandleAuthorize)

keys.go

@@ -1,46 +1,46 @@
 package oauth2
 
 const (
-	// ResponseTypeKey ...
+	// ResponseTypeKey 响应类型 / Response type parameter key
 	ResponseTypeKey = "response_type"
-	// ClientIDKey ...
+	// ClientIDKey 客户端ID / Client identifier parameter key
 	ClientIDKey = "client_id"
-	// ClientSecretKey ...
+	// ClientSecretKey 客户端密钥 / Client secret parameter key
 	ClientSecretKey = "client_secret"
-	// RedirectURIKey ...
+	// RedirectURIKey 重定向URI / Redirect URI parameter key
 	RedirectURIKey = "redirect_uri"
-	// ScopeKey ...
+	// ScopeKey 授权范围 / Scope parameter key
 	ScopeKey = "scope"
-	// StateKey ...
+	// StateKey 状态码，用于防止CSRF攻击 / State parameter key for CSRF protection
 	StateKey = "state"
-	// GrantTypeKey ...
+	// GrantTypeKey 授权类型 / Grant type parameter key
 	GrantTypeKey = "grant_type"
-	// CodeKey ...
+	// CodeKey 授权码 / Authorization code parameter key
 	CodeKey = "code"
-	// TokenKey ...
+	// TokenKey 令牌 / Token parameter key
 	TokenKey = "token"
-	// ErrorKey ...
+	// ErrorKey 错误信息 / Error parameter key
 	ErrorKey = "error"
-	// AccessTokenKey ...
+	// AccessTokenKey 访问令牌 / Access token parameter key
 	AccessTokenKey = "access_token"
-	// TokenTypeKey ...
+	// TokenTypeKey 令牌类型 / Token type parameter key
 	TokenTypeKey = "token_type"
-	// ClientCredentialsKey ...
+	// ClientCredentialsKey 客户端凭证模式 / Client credentials grant type
 	ClientCredentialsKey = "client_credentials"
-	// PasswordKey ...
+	// PasswordKey 密码模式 / Resource owner password credentials grant type
 	PasswordKey = "password"
-	// UsernameKey ...
+	// UsernameKey 用户名 / Username parameter key
 	UsernameKey = "username"
-	// RefreshTokenKey ...
+	// RefreshTokenKey 刷新令牌 / Refresh token parameter key
 	RefreshTokenKey = "refresh_token"
-	// AuthorizationCodeKey ...
+	// AuthorizationCodeKey 授权码模式 / Authorization code grant type
 	AuthorizationCodeKey = "authorization_code"
-	// DeviceCodeKey ...
+	// DeviceCodeKey 设备码模式 / Device code grant type
 	DeviceCodeKey = "device_code"
-	// UrnIetfParamsOAuthGrantTypeDeviceCodeKey ...
+	// UrnIetfParamsOAuthGrantTypeDeviceCodeKey 设备码模式URN格式 / Device code grant type in URN format (RFC 8628)
 	UrnIetfParamsOAuthGrantTypeDeviceCodeKey = "urn:ietf:params:oauth:grant-type:device_code"
-	// TokenTypeHintKey ...
+	// TokenTypeHintKey 令牌类型提示 / Token type hint parameter key
 	TokenTypeHintKey = "token_type_hint"
-	// ImplicitKey ...
+	// ImplicitKey 隐式授权模式 / Implicit grant type
 	ImplicitKey = "implicit"
 )