iailab-plat.git

houzhongjian

2024-10-16 7da8f196dee8e3c526c009a4bc7f5983ece6bb97

提交 \| 用户 \| 时间
e7c126	1	package com.iailab.module.system.service.oauth2;
H	2
	3	import cn.hutool.core.lang.Assert;
	4	import cn.hutool.core.util.ObjectUtil;
	5	import cn.hutool.core.util.StrUtil;
	6	import com.iailab.framework.common.enums.UserTypeEnum;
	7	import com.iailab.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
	8	import com.iailab.module.system.dal.dataobject.oauth2.OAuth2CodeDO;
	9	import com.iailab.module.system.dal.dataobject.user.AdminUserDO;
	10	import com.iailab.module.system.enums.ErrorCodeConstants;
	11	import com.iailab.module.system.service.auth.AdminAuthService;
	12	import org.springframework.stereotype.Service;
	13
	14	import javax.annotation.Resource;
	15	import java.util.List;
	16
	17	import static com.iailab.framework.common.exception.util.ServiceExceptionUtil.exception;
	18
	19	/**
	20	* OAuth2 授予 Service 实现类
	21	*
	22	* @author iailab
	23	*/
	24	@Service
	25	public class OAuth2GrantServiceImpl implements OAuth2GrantService {
	26
	27	@Resource
	28	private OAuth2TokenService oauth2TokenService;
	29	@Resource
	30	private OAuth2CodeService oauth2CodeService;
	31	@Resource
	32	private AdminAuthService adminAuthService;
	33
	34	@Override
	35	public OAuth2AccessTokenDO grantImplicit(Long userId, Integer userType,
	36	String clientId, List<String> scopes) {
	37	return oauth2TokenService.createAccessToken(userId, userType, clientId, scopes);
	38	}
	39
	40	@Override
	41	public String grantAuthorizationCodeForCode(Long userId, Integer userType,
	42	String clientId, List<String> scopes,
	43	String redirectUri, String state) {
	44	return oauth2CodeService.createAuthorizationCode(userId, userType, clientId, scopes,
	45	redirectUri, state).getCode();
	46	}
	47
	48	@Override
	49	public OAuth2AccessTokenDO grantAuthorizationCodeForAccessToken(String clientId, String code,
	50	String redirectUri, String state) {
	51	OAuth2CodeDO codeDO = oauth2CodeService.consumeAuthorizationCode(code);
	52	Assert.notNull(codeDO, "授权码不能为空"); // 防御性编程
	53	// 校验 clientId 是否匹配
	54	if (!StrUtil.equals(clientId, codeDO.getClientId())) {
	55	throw exception(ErrorCodeConstants.OAUTH2_GRANT_CLIENT_ID_MISMATCH);
	56	}
	57	// 校验 redirectUri 是否匹配
	58	if (!StrUtil.equals(redirectUri, codeDO.getRedirectUri())) {
	59	throw exception(ErrorCodeConstants.OAUTH2_GRANT_REDIRECT_URI_MISMATCH);
	60	}
	61	// 校验 state 是否匹配
	62	state = StrUtil.nullToDefault(state, ""); // 数据库 state 为 null 时，会设置为 "" 空串
	63	if (!StrUtil.equals(state, codeDO.getState())) {
	64	throw exception(ErrorCodeConstants.OAUTH2_GRANT_STATE_MISMATCH);
	65	}
	66
	67	// 创建访问令牌
	68	return oauth2TokenService.createAccessToken(codeDO.getUserId(), codeDO.getUserType(),
	69	codeDO.getClientId(), codeDO.getScopes());
	70	}
	71
	72	@Override
	73	public OAuth2AccessTokenDO grantPassword(String username, String password, String clientId, List<String> scopes) {
	74	// 使用账号 + 密码进行登录
	75	AdminUserDO user = adminAuthService.authenticate(username, password);
	76	Assert.notNull(user, "用户不能为空！"); // 防御性编程
	77
	78	// 创建访问令牌
	79	return oauth2TokenService.createAccessToken(user.getId(), UserTypeEnum.ADMIN.getValue(), clientId, scopes);
	80	}
	81
	82	@Override
	83	public OAuth2AccessTokenDO grantRefreshToken(String refreshToken, String clientId) {
	84	return oauth2TokenService.refreshAccessToken(refreshToken, clientId);
	85	}
	86
	87	@Override
	88	public OAuth2AccessTokenDO grantClientCredentials(String clientId, List<String> scopes) {
	89	// TODO iailab：项目中使用 OAuth2 解决的是三方应用的授权，内部的 SSO 等问题，所以暂时不考虑 client_credentials 这个场景
	90	throw new UnsupportedOperationException("暂时不支持 client_credentials 授权模式");
	91	}
	92
	93	@Override
	94	public boolean revokeToken(String clientId, String accessToken) {
	95	// 先查询，保证 clientId 时匹配的
	96	OAuth2AccessTokenDO accessTokenDO = oauth2TokenService.getAccessToken(accessToken);
	97	if (accessTokenDO == null \|\| ObjectUtil.notEqual(clientId, accessTokenDO.getClientId())) {
	98	return false;
	99	}
	100	// 再删除
	101	return oauth2TokenService.removeAccessToken(accessToken) != null;
	102	}
	103
	104	}