diff --git a/core/chat/oauth.bak/oauth.go b/core/chat/oauth.bak/oauth.go deleted file mode 100644 index 5ef7173e..00000000 --- a/core/chat/oauth.bak/oauth.go +++ /dev/null @@ -1,173 +0,0 @@ -package oauth - -import ( - "net/http" - "path" - "strings" - "time" - - ice "shylinux.com/x/icebergs" - "shylinux.com/x/icebergs/base/aaa" - "shylinux.com/x/icebergs/base/lex" - "shylinux.com/x/icebergs/base/mdb" - "shylinux.com/x/icebergs/base/nfs" - "shylinux.com/x/icebergs/base/ssh" - "shylinux.com/x/icebergs/base/web" - "shylinux.com/x/icebergs/core/chat" - kit "shylinux.com/x/toolkits" -) - -func _merge_url(m *ice.Message, domain, key string, arg ...ice.Any) string { - if domain == "" { - if m.Option(ice.MSG_USERPOD) == "" { - domain = web.MergeLink(m, nfs.PS) - } else { - domain = web.MergeLink(m, "/chat/pod/"+m.Option(ice.MSG_USERPOD)) - } - } - if domain = strings.TrimSuffix(domain, nfs.PS); strings.Contains(domain, "/chat/pod/") { - domain += web.P(strings.TrimPrefix(m.Prefix(web.P(key)), "web.chat.")) - } else { - domain += path.Join(strings.TrimPrefix(strings.Replace(m.Target().Prefix(), nfs.PT, nfs.PS, -1), "web"), path.Join(key)) - } - return kit.MergeURL(domain, arg...) -} - -const ( - CHECK = "check" - APPLY = "apply" - REPLY = "reply" - OFFER = "offer" -) -const ( - ACCESS_TOKEN = "access_token" - TOKEN_TYPE = "token_type" - EXPIRES_IN = "expires_in" - CODE = "code" - STATE = "state" - SCOPE = "scope" - CLIENT_ID = "client_id" - REDIRECT_URI = "redirect_uri" -) -const ( - AUTHORIZE = "authorize" - TOKEN = "token" - ACCESS = "access" - USERINFO = "userinfo" -) -const OAUTH = "oauth" - -var Index = &ice.Context{Name: OAUTH, Help: "认证授权", Commands: ice.Commands{ - OAUTH: {Name: "oauth hash auto prunes", Help: "权限", Actions: ice.MergeActions(ice.Actions{ - CHECK: {Name: "check scope domain", Help: "检查", Hand: func(m *ice.Message, arg ...string) { - m.Echo(_merge_url(m, kit.Select(ice.Info.Make.Domain, m.Option(web.DOMAIN)), APPLY, m.OptionSimple(SCOPE), REDIRECT_URI, _merge_url(m, "", REPLY))) - }}, - APPLY: {Name: "apply scope redirect_uri", Help: "申请", Hand: func(m *ice.Message, arg ...string) { - if aaa.Right(m, m.Option(SCOPE)) { - token := m.Cmdx(OFFER, mdb.CREATE, aaa.USERNAME, m.Option(ice.MSG_USERNAME), m.OptionSimple(SCOPE, REDIRECT_URI)) - m.ProcessReplace(m.Option(REDIRECT_URI), m.OptionSimple(SCOPE), OFFER, _merge_url(m, "", OFFER, ACCESS_TOKEN, token)) - } else { - m.Cmdy(APPLY, mdb.CREATE, aaa.USERNAME, m.Option(ice.MSG_USERNAME), m.OptionSimple(SCOPE, REDIRECT_URI)) - } - }}, - REPLY: {Name: "reply scope offer", Help: "通过", Hand: func(m *ice.Message, arg ...string) { - m.Cmd(REPLY, mdb.CREATE, aaa.USERNAME, m.Option(ice.MSG_USERNAME), m.OptionSimple(SCOPE, OFFER)) - - m.Option(web.SPIDE_HEADER, web.UserAgent, m.PrefixKey()) - m.Cmd(ssh.SOURCE, m.Option(SCOPE), kit.Dict(nfs.CAT_CONTENT, m.Cmdx(web.SPIDE, ice.DEV, http.MethodGet, m.Option(OFFER)))) - m.ProcessHistory() - }}, - })}, - - APPLY: {Name: "apply hash auto create prunes", Help: "申请", Actions: mdb.HashAction(mdb.EXPIRE, mdb.DAYS, mdb.FIELD, "time,hash,username,scope,redirect_uri")}, - REPLY: {Name: "reply hash auto create prunes", Help: "授权", Actions: mdb.HashAction(mdb.EXPIRE, mdb.MONTH, mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,username,scope,offer")}, - OFFER: {Name: "offer hash auto create prunes", Help: "访问", Actions: mdb.HashAction(mdb.EXPIRE, mdb.MONTH, mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,username,scope,redirect_uri")}, - - web.P(APPLY): {Name: "/apply scope redirect_uri", Help: "申请", Hand: func(m *ice.Message, arg ...string) { - if m.Option(REDIRECT_URI) == "" { - m.RenderStatusBadRequest() // 参数错误 - - } else { // 申请 - web.RenderCmd(m, m.Prefix(OAUTH), APPLY) - } - }}, - web.P(REPLY): {Name: "/reply scope offer", Help: "授权", Hand: func(m *ice.Message, arg ...string) { - if m.Option(OFFER) == "" { - m.RenderStatusBadRequest() // 参数错误 - - } else { // 授权 - web.RenderCmd(m, m.Prefix(OAUTH), REPLY) - } - }}, - web.P(OFFER): {Name: "/offer access_token", Help: "访问", Hand: func(m *ice.Message, arg ...string) { - if m.Option(ACCESS_TOKEN) == "" { - m.RenderStatusBadRequest() // 参数错误 - - } else if msg := m.Cmd(OFFER, m.Option(ACCESS_TOKEN), ice.OptionFields("time,scope")); msg.Append(mdb.TIME) < msg.Time() { - m.RenderStatusUnauthorized() // 已过期 - - } else { // 访问 - aaa.UserRoot(m).Cmdy(nfs.CAT, msg.Append(SCOPE)).RenderResult() - } - }}, - - AUTHORIZE: {Name: "authorize hash auto create prunes", Help: "认证", Actions: mdb.HashAction(mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,redirect_uri")}, - TOKEN: {Name: "token hash auto create prunes", Help: "授权", Actions: mdb.HashAction(mdb.EXPIRE, mdb.DAYS, mdb.FIELD, "time,hash,used,state,scope,redirect_uri")}, - ACCESS: {Name: "access hash auto create prunes", Help: "访问", Actions: mdb.HashAction(mdb.EXPIRE, mdb.MONTH, mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,username,scope,redirect_uri")}, - - web.P(AUTHORIZE): {Name: "/authorize state scope client_id redirect_uri", Help: "认证", Hand: func(m *ice.Message, arg ...string) { - if m.Option(CLIENT_ID) == "" || m.Option(REDIRECT_URI) == "" { - m.RenderStatusBadRequest() // 参数错误 - - } else if uri := m.Cmd(AUTHORIZE, m.Option(CLIENT_ID)).Append(REDIRECT_URI); m.Warn(uri == "", ice.ErrNotFound, CLIENT_ID) { - m.RenderStatusNotFound() // 未找到 - - } else if m.Warn(!strings.HasPrefix(m.Option(REDIRECT_URI), uri), ice.ErrNotRight, REDIRECT_URI) { - m.RenderStatusForbidden() // 未匹配 - - } else { // 认证 - m.RenderRedirect(m.Option(REDIRECT_URI), CODE, m.Cmdx(TOKEN, mdb.CREATE, m.OptionSimple(STATE, SCOPE, REDIRECT_URI)), m.OptionSimple(STATE)) - } - }}, - web.P(TOKEN): {Name: "/token code redirect_uri", Help: "授权", Hand: func(m *ice.Message, arg ...string) { - if m.Option(CODE) == "" || m.Option(REDIRECT_URI) == "" { - m.RenderStatusBadRequest() // 参数错误 - return - } - - const USED = "used" - msg := m.Cmd(TOKEN, m.Option(CODE)) - if uri := msg.Append(REDIRECT_URI); m.Warn(uri == "", ice.ErrNotFound, CODE) { - m.RenderStatusNotFound() // 未找到 - - } else if m.Warn(!strings.HasPrefix(m.Option(REDIRECT_URI), uri), ice.ErrNotRight, REDIRECT_URI) { - m.RenderStatusForbidden() // 未匹配 - - } else if m.Warn(msg.Append(USED) == ice.TRUE, ice.ErrNotRight, CODE) { - m.RenderStatusForbidden() // 已使用 - - } else if msg.Append(mdb.TIME) < m.Time() { - m.RenderStatusUnauthorized() // 已过期 - - } else { // 授权 - token := m.Cmdx(ACCESS, mdb.CREATE, aaa.USERNAME, m.Option(ice.MSG_USERNAME), msg.AppendSimple(SCOPE, REDIRECT_URI)) - m.RenderJson(ACCESS_TOKEN, token, TOKEN_TYPE, web.Bearer, EXPIRES_IN, kit.Duration(mdb.Conf(m, ACCESS, kit.Keym(mdb.EXPIRE)))/time.Second) - m.Cmdx(TOKEN, mdb.MODIFY, mdb.HASH, m.Option(CODE), USED, ice.TRUE) - } - }}, - web.P(USERINFO): {Name: "/userinfo Authorization", Help: "信息", Hand: func(m *ice.Message, arg ...string) { - if ls := strings.SplitN(m.R.Header.Get(web.Authorization), lex.SP, 2); m.Warn(len(ls) != 2 || ls[1] == "", ice.ErrNotFound, web.Bearer) { - m.RenderStatusBadRequest() // 参数错误 - - } else if msg := m.Cmd(ACCESS, ls[1]); msg.Append(mdb.TIME) < m.Time() { - m.RenderStatusUnauthorized() // 已过期 - - } else { // 访问 - m.RenderJson(mdb.NAME, msg.Append(aaa.USERNAME), aaa.EMAIL, msg.Append(aaa.USERNAME)) - } - }}, -}} - -func init() { chat.Index.Register(Index, &web.Frame{}) } - -func Prefix(arg ...string) string { return kit.Keys("web.chat.oauth", arg) } diff --git a/core/chat/oauth.bak/oauth.shy b/core/chat/oauth.bak/oauth.shy deleted file mode 100644 index 5e84cb19..00000000 --- a/core/chat/oauth.bak/oauth.shy +++ /dev/null @@ -1,18 +0,0 @@ -section "oauth" -refer ` -官网 https://oauth.net/2/ -标准 http://www.rfcreader.com/#rfc6749 -博客 https://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html -服务 https://developers.google.com/identity/protocols/oauth2 -服务 https://docs.github.com/cn/developers/apps/building-oauth-apps/authorizing-oauth-apps -应用 https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/github/ -` - -field web.chat.oauth.apply -field web.chat.oauth.reply -field web.chat.oauth.offer - -field web.chat.oauth.authorize -field web.chat.oauth.token -field web.chat.oauth.access - diff --git a/core/chat/oauth/server.go b/core/chat/oauth/server.go new file mode 100644 index 00000000..5508ecf3 --- /dev/null +++ b/core/chat/oauth/server.go @@ -0,0 +1,9 @@ +package oauth + +import "shylinux.com/x/ice" + +type Server struct { + ice.Hash +} + +func init() { ice.ChatCtxCmd(Client{}) }