add some

core/chat/oauth.bak/oauth.go

@@ -1,173 +0,0 @@
-package oauth
-
-import (
-	"net/http"
-	"path"
-	"strings"
-	"time"
-
-	ice "shylinux.com/x/icebergs"
-	"shylinux.com/x/icebergs/base/aaa"
-	"shylinux.com/x/icebergs/base/lex"
-	"shylinux.com/x/icebergs/base/mdb"
-	"shylinux.com/x/icebergs/base/nfs"
-	"shylinux.com/x/icebergs/base/ssh"
-	"shylinux.com/x/icebergs/base/web"
-	"shylinux.com/x/icebergs/core/chat"
-	kit "shylinux.com/x/toolkits"
-)
-
-func _merge_url(m *ice.Message, domain, key string, arg ...ice.Any) string {
-	if domain == "" {
-		if m.Option(ice.MSG_USERPOD) == "" {
-			domain = web.MergeLink(m, nfs.PS)
-		} else {
-			domain = web.MergeLink(m, "/chat/pod/"+m.Option(ice.MSG_USERPOD))
-		}
-	}
-	if domain = strings.TrimSuffix(domain, nfs.PS); strings.Contains(domain, "/chat/pod/") {
-		domain += web.P(strings.TrimPrefix(m.Prefix(web.P(key)), "web.chat."))
-	} else {
-		domain += path.Join(strings.TrimPrefix(strings.Replace(m.Target().Prefix(), nfs.PT, nfs.PS, -1), "web"), path.Join(key))
-	}
-	return kit.MergeURL(domain, arg...)
-}
-
-const (
-	CHECK = "check"
-	APPLY = "apply"
-	REPLY = "reply"
-	OFFER = "offer"
-)
-const (
-	ACCESS_TOKEN = "access_token"
-	TOKEN_TYPE   = "token_type"
-	EXPIRES_IN   = "expires_in"
-	CODE         = "code"
-	STATE        = "state"
-	SCOPE        = "scope"
-	CLIENT_ID    = "client_id"
-	REDIRECT_URI = "redirect_uri"
-)
-const (
-	AUTHORIZE = "authorize"
-	TOKEN     = "token"
-	ACCESS    = "access"
-	USERINFO  = "userinfo"
-)
-const OAUTH = "oauth"
-
-var Index = &ice.Context{Name: OAUTH, Help: "认证授权", Commands: ice.Commands{
-	OAUTH: {Name: "oauth hash auto prunes", Help: "权限", Actions: ice.MergeActions(ice.Actions{
-		CHECK: {Name: "check scope domain", Help: "检查", Hand: func(m *ice.Message, arg ...string) {
-			m.Echo(_merge_url(m, kit.Select(ice.Info.Make.Domain, m.Option(web.DOMAIN)), APPLY, m.OptionSimple(SCOPE), REDIRECT_URI, _merge_url(m, "", REPLY)))
-		}},
-		APPLY: {Name: "apply scope redirect_uri", Help: "申请", Hand: func(m *ice.Message, arg ...string) {
-			if aaa.Right(m, m.Option(SCOPE)) {
-				token := m.Cmdx(OFFER, mdb.CREATE, aaa.USERNAME, m.Option(ice.MSG_USERNAME), m.OptionSimple(SCOPE, REDIRECT_URI))
-				m.ProcessReplace(m.Option(REDIRECT_URI), m.OptionSimple(SCOPE), OFFER, _merge_url(m, "", OFFER, ACCESS_TOKEN, token))
-			} else {
-				m.Cmdy(APPLY, mdb.CREATE, aaa.USERNAME, m.Option(ice.MSG_USERNAME), m.OptionSimple(SCOPE, REDIRECT_URI))
-			}
-		}},
-		REPLY: {Name: "reply scope offer", Help: "通过", Hand: func(m *ice.Message, arg ...string) {
-			m.Cmd(REPLY, mdb.CREATE, aaa.USERNAME, m.Option(ice.MSG_USERNAME), m.OptionSimple(SCOPE, OFFER))
-
-			m.Option(web.SPIDE_HEADER, web.UserAgent, m.PrefixKey())
-			m.Cmd(ssh.SOURCE, m.Option(SCOPE), kit.Dict(nfs.CAT_CONTENT, m.Cmdx(web.SPIDE, ice.DEV, http.MethodGet, m.Option(OFFER))))
-			m.ProcessHistory()
-		}},
-	})},
-
-	APPLY: {Name: "apply hash auto create prunes", Help: "申请", Actions: mdb.HashAction(mdb.EXPIRE, mdb.DAYS, mdb.FIELD, "time,hash,username,scope,redirect_uri")},
-	REPLY: {Name: "reply hash auto create prunes", Help: "授权", Actions: mdb.HashAction(mdb.EXPIRE, mdb.MONTH, mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,username,scope,offer")},
-	OFFER: {Name: "offer hash auto create prunes", Help: "访问", Actions: mdb.HashAction(mdb.EXPIRE, mdb.MONTH, mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,username,scope,redirect_uri")},
-
-	web.P(APPLY): {Name: "/apply scope redirect_uri", Help: "申请", Hand: func(m *ice.Message, arg ...string) {
-		if m.Option(REDIRECT_URI) == "" {
-			m.RenderStatusBadRequest() // 参数错误
-
-		} else { // 申请
-			web.RenderCmd(m, m.Prefix(OAUTH), APPLY)
-		}
-	}},
-	web.P(REPLY): {Name: "/reply scope offer", Help: "授权", Hand: func(m *ice.Message, arg ...string) {
-		if m.Option(OFFER) == "" {
-			m.RenderStatusBadRequest() // 参数错误
-
-		} else { // 授权
-			web.RenderCmd(m, m.Prefix(OAUTH), REPLY)
-		}
-	}},
-	web.P(OFFER): {Name: "/offer access_token", Help: "访问", Hand: func(m *ice.Message, arg ...string) {
-		if m.Option(ACCESS_TOKEN) == "" {
-			m.RenderStatusBadRequest() // 参数错误
-
-		} else if msg := m.Cmd(OFFER, m.Option(ACCESS_TOKEN), ice.OptionFields("time,scope")); msg.Append(mdb.TIME) < msg.Time() {
-			m.RenderStatusUnauthorized() // 已过期
-
-		} else { // 访问
-			aaa.UserRoot(m).Cmdy(nfs.CAT, msg.Append(SCOPE)).RenderResult()
-		}
-	}},
-
-	AUTHORIZE: {Name: "authorize hash auto create prunes", Help: "认证", Actions: mdb.HashAction(mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,redirect_uri")},
-	TOKEN:     {Name: "token hash auto create prunes", Help: "授权", Actions: mdb.HashAction(mdb.EXPIRE, mdb.DAYS, mdb.FIELD, "time,hash,used,state,scope,redirect_uri")},
-	ACCESS:    {Name: "access hash auto create prunes", Help: "访问", Actions: mdb.HashAction(mdb.EXPIRE, mdb.MONTH, mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,username,scope,redirect_uri")},
-
-	web.P(AUTHORIZE): {Name: "/authorize state scope client_id redirect_uri", Help: "认证", Hand: func(m *ice.Message, arg ...string) {
-		if m.Option(CLIENT_ID) == "" || m.Option(REDIRECT_URI) == "" {
-			m.RenderStatusBadRequest() // 参数错误
-
-		} else if uri := m.Cmd(AUTHORIZE, m.Option(CLIENT_ID)).Append(REDIRECT_URI); m.Warn(uri == "", ice.ErrNotFound, CLIENT_ID) {
-			m.RenderStatusNotFound() // 未找到
-
-		} else if m.Warn(!strings.HasPrefix(m.Option(REDIRECT_URI), uri), ice.ErrNotRight, REDIRECT_URI) {
-			m.RenderStatusForbidden() // 未匹配
-
-		} else { // 认证
-			m.RenderRedirect(m.Option(REDIRECT_URI), CODE, m.Cmdx(TOKEN, mdb.CREATE, m.OptionSimple(STATE, SCOPE, REDIRECT_URI)), m.OptionSimple(STATE))
-		}
-	}},
-	web.P(TOKEN): {Name: "/token code redirect_uri", Help: "授权", Hand: func(m *ice.Message, arg ...string) {
-		if m.Option(CODE) == "" || m.Option(REDIRECT_URI) == "" {
-			m.RenderStatusBadRequest() // 参数错误
-			return
-		}
-
-		const USED = "used"
-		msg := m.Cmd(TOKEN, m.Option(CODE))
-		if uri := msg.Append(REDIRECT_URI); m.Warn(uri == "", ice.ErrNotFound, CODE) {
-			m.RenderStatusNotFound() // 未找到
-
-		} else if m.Warn(!strings.HasPrefix(m.Option(REDIRECT_URI), uri), ice.ErrNotRight, REDIRECT_URI) {
-			m.RenderStatusForbidden() // 未匹配
-
-		} else if m.Warn(msg.Append(USED) == ice.TRUE, ice.ErrNotRight, CODE) {
-			m.RenderStatusForbidden() // 已使用
-
-		} else if msg.Append(mdb.TIME) < m.Time() {
-			m.RenderStatusUnauthorized() // 已过期
-
-		} else { // 授权
-			token := m.Cmdx(ACCESS, mdb.CREATE, aaa.USERNAME, m.Option(ice.MSG_USERNAME), msg.AppendSimple(SCOPE, REDIRECT_URI))
-			m.RenderJson(ACCESS_TOKEN, token, TOKEN_TYPE, web.Bearer, EXPIRES_IN, kit.Duration(mdb.Conf(m, ACCESS, kit.Keym(mdb.EXPIRE)))/time.Second)
-			m.Cmdx(TOKEN, mdb.MODIFY, mdb.HASH, m.Option(CODE), USED, ice.TRUE)
-		}
-	}},
-	web.P(USERINFO): {Name: "/userinfo Authorization", Help: "信息", Hand: func(m *ice.Message, arg ...string) {
-		if ls := strings.SplitN(m.R.Header.Get(web.Authorization), lex.SP, 2); m.Warn(len(ls) != 2 || ls[1] == "", ice.ErrNotFound, web.Bearer) {
-			m.RenderStatusBadRequest() // 参数错误
-
-		} else if msg := m.Cmd(ACCESS, ls[1]); msg.Append(mdb.TIME) < m.Time() {
-			m.RenderStatusUnauthorized() // 已过期
-
-		} else { // 访问
-			m.RenderJson(mdb.NAME, msg.Append(aaa.USERNAME), aaa.EMAIL, msg.Append(aaa.USERNAME))
-		}
-	}},
-}}
-
-func init() { chat.Index.Register(Index, &web.Frame{}) }
-
-func Prefix(arg ...string) string { return kit.Keys("web.chat.oauth", arg) }

core/chat/oauth.bak/oauth.shy

@@ -1,18 +0,0 @@
-section "oauth"
-refer `
-官网 https://oauth.net/2/
-标准 http://www.rfcreader.com/#rfc6749
-博客 https://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html
-服务 https://developers.google.com/identity/protocols/oauth2
-服务 https://docs.github.com/cn/developers/apps/building-oauth-apps/authorizing-oauth-apps
-应用 https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/github/
-`
-
-field web.chat.oauth.apply
-field web.chat.oauth.reply
-field web.chat.oauth.offer
-
-field web.chat.oauth.authorize
-field web.chat.oauth.token
-field web.chat.oauth.access
-

core/chat/oauth/server.go

@@ -0,0 +1,9 @@
+package oauth
+
+import "shylinux.com/x/ice"
+
+type Server struct {
+	ice.Hash
+}
+
+func init() { ice.ChatCtxCmd(Client{}) }