Documentation ¶
Index ¶
Constants ¶
View Source
const ( CHECK = "check" APPLY = "apply" REPLY = "reply" OFFER = "offer" )
View Source
const ( ACCESS_TOKEN = "access_token" TOKEN_TYPE = "token_type" EXPIRES_IN = "expires_in" CODE = "code" STATE = "state" SCOPE = "scope" CLIENT_ID = "client_id" REDIRECT_URI = "redirect_uri" )
View Source
const ( AUTHORIZE = "authorize" TOKEN = "token" ACCESS = "access" USERINFO = "userinfo" )
View Source
const OAUTH = "oauth"
Variables ¶
View Source
var Index = &ice.Context{Name: OAUTH, Help: "认证授权", Commands: ice.Commands{ OAUTH: {Name: "oauth hash auto prunes", Help: "权限", Actions: ice.MergeActions(ice.Actions{ CHECK: {Name: "check scope domain", Help: "检查", Hand: func(m *ice.Message, arg ...string) { m.Echo(_merge_url(m, kit.Select(ice.Info.Make.Domain, m.Option(web.DOMAIN)), APPLY, m.OptionSimple(SCOPE), REDIRECT_URI, _merge_url(m, "", REPLY))) }}, APPLY: {Name: "apply scope redirect_uri", Help: "申请", Hand: func(m *ice.Message, arg ...string) { if aaa.Right(m, m.Option(SCOPE)) { token := m.Cmdx(OFFER, mdb.CREATE, aaa.USERNAME, m.Option(ice.MSG_USERNAME), m.OptionSimple(SCOPE, REDIRECT_URI)) m.ProcessReplace(m.Option(REDIRECT_URI), m.OptionSimple(SCOPE), OFFER, _merge_url(m, "", OFFER, ACCESS_TOKEN, token)) } else { m.Cmdy(APPLY, mdb.CREATE, aaa.USERNAME, m.Option(ice.MSG_USERNAME), m.OptionSimple(SCOPE, REDIRECT_URI)) } }}, REPLY: {Name: "reply scope offer", Help: "通过", Hand: func(m *ice.Message, arg ...string) { m.Cmd(REPLY, mdb.CREATE, aaa.USERNAME, m.Option(ice.MSG_USERNAME), m.OptionSimple(SCOPE, OFFER)) m.Option(web.SPIDE_HEADER, web.UserAgent, m.PrefixKey()) m.Cmd(ssh.SOURCE, m.Option(SCOPE), kit.Dict(nfs.CAT_CONTENT, m.Cmdx(web.SPIDE, ice.DEV, web.SPIDE_GET, m.Option(OFFER)))) m.ProcessHistory() }}, })}, APPLY: {Name: "apply hash auto create prunes", Help: "申请", Actions: mdb.HashAction(mdb.EXPIRE, "72h", mdb.FIELD, "time,hash,username,scope,redirect_uri")}, REPLY: {Name: "reply hash auto create prunes", Help: "授权", Actions: mdb.HashAction(mdb.EXPIRE, "720h", mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,username,scope,offer")}, OFFER: {Name: "offer hash auto create prunes", Help: "访问", Actions: mdb.HashAction(mdb.EXPIRE, "720h", mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,username,scope,redirect_uri")}, web.P(APPLY): {Name: "/apply scope redirect_uri", Help: "申请", Actions: ctx.CmdAction(), Hand: func(m *ice.Message, arg ...string) { if m.Option(REDIRECT_URI) == "" { m.RenderStatusBadRequest() } else { web.RenderCmd(m, m.Prefix(OAUTH), APPLY) } }}, web.P(REPLY): {Name: "/reply scope offer", Help: "授权", Actions: ctx.CmdAction(), Hand: func(m *ice.Message, arg ...string) { if m.Option(OFFER) == "" { m.RenderStatusBadRequest() } else { web.RenderCmd(m, m.Prefix(OAUTH), REPLY) } }}, web.P(OFFER): {Name: "/offer access_token", Help: "访问", Hand: func(m *ice.Message, arg ...string) { if m.Option(ACCESS_TOKEN) == "" { m.RenderStatusBadRequest() } else if msg := m.Cmd(OFFER, m.Option(ACCESS_TOKEN), ice.OptionFields("time,scope")); kit.Time(msg.Append(mdb.TIME)) < kit.Time(msg.Time()) { m.RenderStatusUnauthorized() } else { aaa.UserRoot(m).Cmdy(nfs.CAT, msg.Append(SCOPE)).RenderResult() } }}, AUTHORIZE: {Name: "authorize hash auto create prunes", Help: "认证", Actions: mdb.HashAction(mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,redirect_uri")}, TOKEN: {Name: "token hash auto create prunes", Help: "授权", Actions: mdb.HashAction(mdb.EXPIRE, "72h", mdb.FIELD, "time,hash,used,state,scope,redirect_uri")}, ACCESS: {Name: "access hash auto create prunes", Help: "访问", Actions: mdb.HashAction(mdb.EXPIRE, "720h", mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,username,scope,redirect_uri")}, web.P(AUTHORIZE): {Name: "/authorize state scope client_id redirect_uri", Help: "认证", Hand: func(m *ice.Message, arg ...string) { if m.Option(CLIENT_ID) == "" || m.Option(REDIRECT_URI) == "" { m.RenderStatusBadRequest() } else if uri := m.Cmd(AUTHORIZE, m.Option(CLIENT_ID)).Append(REDIRECT_URI); m.Warn(uri == "", ice.ErrNotFound, CLIENT_ID) { m.RenderStatusNotFound() } else if m.Warn(!strings.HasPrefix(m.Option(REDIRECT_URI), uri), ice.ErrNotRight, REDIRECT_URI) { m.RenderStatusForbidden() } else { m.RenderRedirect(m.Option(REDIRECT_URI), CODE, m.Cmdx(TOKEN, mdb.CREATE, m.OptionSimple(STATE, SCOPE, REDIRECT_URI)), m.OptionSimple(STATE)) } }}, web.P(TOKEN): {Name: "/token code redirect_uri", Help: "授权", Hand: func(m *ice.Message, arg ...string) { if m.Option(CODE) == "" || m.Option(REDIRECT_URI) == "" { m.RenderStatusBadRequest() return } const USED = "used" msg := m.Cmd(TOKEN, m.Option(CODE)) if uri := msg.Append(REDIRECT_URI); m.Warn(uri == "", ice.ErrNotFound, CODE) { m.RenderStatusNotFound() } else if m.Warn(!strings.HasPrefix(m.Option(REDIRECT_URI), uri), ice.ErrNotRight, REDIRECT_URI) { m.RenderStatusForbidden() } else if m.Warn(msg.Append(USED) == ice.TRUE, ice.ErrNotRight, CODE) { m.RenderStatusForbidden() } else if kit.Time(msg.Append(mdb.TIME)) < kit.Time(m.Time()) { m.RenderStatusUnauthorized() } else { token := m.Cmdx(ACCESS, mdb.CREATE, aaa.USERNAME, m.Option(ice.MSG_USERNAME), msg.AppendSimple(SCOPE, REDIRECT_URI)) m.RenderJson(ACCESS_TOKEN, token, TOKEN_TYPE, web.Bearer, EXPIRES_IN, kit.Duration(m.Conf(ACCESS, kit.Keym(mdb.EXPIRE)))/time.Second) m.Cmdx(TOKEN, mdb.MODIFY, mdb.HASH, m.Option(CODE), USED, ice.TRUE) } }}, web.P(USERINFO): {Name: "/userinfo Authorization", Help: "信息", Hand: func(m *ice.Message, arg ...string) { if ls := strings.SplitN(m.R.Header.Get(web.Authorization), ice.SP, 2); m.Warn(len(ls) != 2 || ls[1] == "", ice.ErrNotFound, web.Bearer) { m.RenderStatusBadRequest() } else if msg := m.Cmd(ACCESS, ls[1]); kit.Time(msg.Append(mdb.TIME)) < kit.Time(m.Time()) { m.RenderStatusUnauthorized() } else { m.RenderJson(mdb.NAME, msg.Append(aaa.USERNAME), aaa.EMAIL, msg.Append(aaa.USERNAME)) } }}, }}
Functions ¶
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.