package auth
|
|
import (
|
"github.com/go-oauth2/oauth2/v4/errors"
|
"github.com/go-oauth2/oauth2/v4/manage"
|
"github.com/go-oauth2/oauth2/v4/models"
|
"github.com/go-oauth2/oauth2/v4/server"
|
"github.com/go-oauth2/oauth2/v4/store"
|
"math/rand"
|
oauth2gorm "src.techknowlogick.com/oauth2-gorm"
|
"basic.com/valib/logger.git"
|
"net/http"
|
"time"
|
vamicroModel "vamicro/api-gateway/models"
|
"vamicro/extend/util"
|
)
|
|
var (
|
Oauth2Serv *server.Server
|
ClientStore *store.ClientStore
|
AclList = make(map[string]bool, 0)
|
// store = oauth2gorm.NewStore(oauth2gorm.NewConfig("../config/oauth2.db", oauth2gorm.SQLite, ""), 1)
|
)
|
|
func Oauth2Init() {
|
manager := manage.NewDefaultManager()
|
//manager.SetAuthorizeCodeTokenCfg(manage.DefaultAuthorizeCodeTokenCfg)
|
tokenStore := oauth2gorm.NewStore(oauth2gorm.NewConfig("../oauth2.db", oauth2gorm.SQLite, "tokens"), 6000)
|
// token store
|
manager.MustTokenStorage(tokenStore, nil)
|
// generate jwt access token
|
// manager.MapAccessGenerate(generates.NewJWTAccessGenerate("", []byte("00000000"), jwt.SigningMethodHS512))
|
//manager.MapAccessGenerate(generates.NewAccessGenerate())
|
|
ClientStore = store.NewClientStore()
|
var oauth2Model vamicroModel.Oauth2Client
|
clients, err := oauth2Model.FindAll()
|
if err == nil {
|
for _, client := range clients {
|
ClientStore.Set(client.ID, &models.Client{
|
ID: client.ID,
|
Secret: client.Secret,
|
Domain: client.Domain,
|
})
|
}
|
}
|
|
manager.MapClientStorage(ClientStore)
|
|
Oauth2Serv = server.NewServer(server.NewConfig(), manager)
|
|
//Oauth2Serv = server.NewDefaultServer(manager)
|
Oauth2Serv.SetAllowGetAccessRequest(true)
|
/**
|
Oauth2Serv.SetPasswordAuthorizationHandler(func(username, password string) (userID string, err error) {
|
if username == "test" && password == "test" {
|
userID = "test"
|
}
|
return
|
})**/
|
Oauth2Serv.SetClientInfoHandler(server.ClientFormHandler)
|
Oauth2Serv.SetUserAuthorizationHandler(userAuthorizeHandler)
|
|
Oauth2Serv.SetInternalErrorHandler(func(err error) (re *errors.Response) {
|
logger.Error("Internal Error:", err.Error())
|
return
|
})
|
|
Oauth2Serv.SetResponseErrorHandler(func(re *errors.Response) {
|
logger.Error("Response Error:", re.Error.Error())
|
})
|
|
logger.Debug("Oauth2Serv init down")
|
}
|
|
func userAuthorizeHandler(w http.ResponseWriter, r *http.Request) (userID string, err error) {
|
userID = r.Header.Get("Login_user_id")
|
return
|
}
|
|
func NewClient(domain string, intro string) error {
|
r := rand.New(rand.NewSource(time.Now().Unix()))
|
bytes := make([]byte, 32)
|
for i := 0; i < 32; i++ {
|
b := r.Intn(26) + 65
|
bytes[i] = byte(b)
|
}
|
secret := string(bytes)
|
clent := vamicroModel.Oauth2Client{ID: util.PseudoUuid(), Domain: domain, Secret: secret, Intro: intro}
|
ClientStore.Set(clent.ID, &models.Client{
|
ID: clent.ID,
|
Secret: clent.Secret,
|
Domain: clent.Domain,
|
})
|
return clent.Insert()
|
}
|
|
func DelClient(id string) error {
|
var oauth2c vamicroModel.Oauth2Client
|
return oauth2c.DeleteById(id)
|
}
|
|
func AclInit(operations []vamicroModel.Operations) {
|
for _, item := range operations {
|
AclList[item.Path] = item.ApiEnable
|
}
|
}
|
|
func CheckAcl(path string) bool {
|
pass, ok := AclList[path]
|
return ok && pass
|
}
|
