package org.dromara.common.social.topiam; import cn.hutool.core.codec.Base64; import cn.hutool.core.lang.Dict; import cn.hutool.core.util.StrUtil; import cn.hutool.http.HttpRequest; import cn.hutool.http.HttpResponse; import com.xkcoding.http.support.HttpHeader; import lombok.extern.slf4j.Slf4j; import me.zhyd.oauth.cache.AuthStateCache; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.request.AuthDefaultRequest; import me.zhyd.oauth.utils.HttpUtils; import me.zhyd.oauth.utils.UrlBuilder; import org.dromara.common.core.utils.SpringUtils; import org.dromara.common.json.utils.JsonUtils; import static org.dromara.common.social.topiam.AuthTopIamSource.TOPIAM; /** * TopIAM 认证请求 * * @author xlsea * @since 2024-01-06 */ @Slf4j public class AuthTopIamRequest extends AuthDefaultRequest { public static final String SERVER_URL = SpringUtils.getProperty("justauth.type.topiam.server-url"); /** * 设定归属域 */ public AuthTopIamRequest(AuthConfig config) { super(config, TOPIAM); } public AuthTopIamRequest(AuthConfig config, AuthStateCache authStateCache) { super(config, TOPIAM, authStateCache); } @Override public AuthToken getAccessToken(AuthCallback authCallback) { String body = doPostAuthorizationCode(authCallback.getCode()); Dict object = JsonUtils.parseMap(body); checkResponse(object); return AuthToken.builder() .accessToken(object.getStr("access_token")) .refreshToken(object.getStr("refresh_token")) .idToken(object.getStr("id_token")) .tokenType(object.getStr("token_type")) .scope(object.getStr("scope")) .build(); } @Override public AuthUser getUserInfo(AuthToken authToken) { String body = doGetUserInfo(authToken); Dict object = JsonUtils.parseMap(body); checkResponse(object); return AuthUser.builder() .uuid(object.getStr("sub")) .username(object.getStr("preferred_username")) .nickname(object.getStr("nickname")) .avatar(object.getStr("picture")) .email(object.getStr("email")) .token(authToken) .source(source.toString()) .build(); } @Override protected String doPostAuthorizationCode(String code) { HttpRequest request = HttpRequest.post(source.accessToken()) .header("Authorization", "Basic " + Base64.encode("%s:%s".formatted(config.getClientId(), config.getClientSecret()))) .form("grant_type", "authorization_code") .form("code", code) .form("redirect_uri", config.getRedirectUri()); HttpResponse response = request.execute(); return response.body(); } @Override protected String doGetUserInfo(AuthToken authToken) { return new HttpUtils(config.getHttpConfig()).get(source.userInfo(), null, new HttpHeader() .add("Content-Type", "application/json") .add("Authorization", "Bearer " + authToken.getAccessToken()), false).getBody(); } @Override public String authorize(String state) { return UrlBuilder.fromBaseUrl(super.authorize(state)) .queryParam("scope", StrUtil.join("%20", config.getScopes())) .build(); } private static void checkResponse(Dict object) { // oauth/token 验证异常 if (object.containsKey("error")) { throw new AuthException(object.getStr("error_description")); } // user 验证异常 if (object.containsKey("message")) { throw new AuthException(object.getStr("message")); } } }