/
wechat.go
188 lines (170 loc) · 4.03 KB
/
wechat.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
package web
import (
"errors"
"fmt"
"github.com/gevinzone/basic-go/week9/webook/internal/service"
"github.com/gevinzone/basic-go/week9/webook/internal/service/oauth2/wechat"
ijwt "github.com/gevinzone/basic-go/week9/webook/internal/web/jwt"
"github.com/gin-gonic/gin"
"github.com/golang-jwt/jwt/v5"
uuid "github.com/lithammer/shortuuid/v4"
"net/http"
"time"
)
type OAuth2WechatHandler struct {
svc wechat.Service
userSvc service.UserService
ijwt.Handler
stateKey []byte
//cfg WechatHandlerConfig
}
//type WechatHandlerConfig struct {
// Secure bool
// //StateKey
//}
func NewOAuth2WechatHandler(svc wechat.Service,
userSvc service.UserService,
jwtHdl ijwt.Handler) *OAuth2WechatHandler {
return &OAuth2WechatHandler{
svc: svc,
userSvc: userSvc,
Handler: jwtHdl,
stateKey: []byte("95osj3fUD7foxmlYdDbncXz4VD2igvf1"),
//cfg: cfg,
}
}
func (h *OAuth2WechatHandler) RegisterRoutes(server *gin.Engine) {
g := server.Group("/oauth2/wechat")
g.GET("/authurl", h.AuthURL)
g.Any("/callback", h.Callback)
}
func (h *OAuth2WechatHandler) AuthURL(ctx *gin.Context) {
state := uuid.New()
url, err := h.svc.AuthURL(ctx, state)
// 要把我的 state 存好
if err != nil {
ctx.JSON(http.StatusOK, Result{
Code: 5,
Msg: "构造扫码登录URL失败",
})
return
}
if err = h.setStateCookie(ctx, state); err != nil {
ctx.JSON(http.StatusOK, Result{
Code: 5,
Msg: "系统异常",
})
return
}
ctx.JSON(http.StatusOK, Result{
Data: url,
})
}
func (h *OAuth2WechatHandler) setStateCookie(ctx *gin.Context, state string) error {
token := jwt.NewWithClaims(jwt.SigningMethodHS256, StateClaims{
State: state,
RegisteredClaims: jwt.RegisteredClaims{
// 过期时间,你预期中一个用户完成登录的时间
ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Minute * 10)),
},
})
tokenStr, err := token.SignedString(h.stateKey)
if err != nil {
return err
}
ctx.SetCookie("jwt-state", tokenStr,
600, "/oauth2/wechat/callback",
// 线上把 secure 做成 true
"", false, true)
return nil
}
func (h *OAuth2WechatHandler) Callback(ctx *gin.Context) {
code := ctx.Query("code")
err := h.verifyState(ctx)
if err != nil {
ctx.JSON(http.StatusOK, Result{
Code: 5,
Msg: "登录失败",
})
return
}
info, err := h.svc.VerifyCode(ctx, code)
if err != nil {
ctx.JSON(http.StatusOK, Result{
Code: 5,
Msg: "系统错误",
})
return
}
// 这里怎么办?
// 从 userService 里面拿 uid
u, err := h.userSvc.FindOrCreateByWechat(ctx, info)
if err != nil {
ctx.JSON(http.StatusOK, Result{
Code: 5,
Msg: "系统错误",
})
return
}
err = h.SetLoginToken(ctx, u.Id)
if err != nil {
ctx.JSON(http.StatusOK, Result{
Code: 5,
Msg: "系统错误",
})
return
}
ctx.JSON(http.StatusOK, Result{
Msg: "OK",
})
// 验证微信的 code
}
func (h *OAuth2WechatHandler) verifyState(ctx *gin.Context) error {
state := ctx.Query("state")
// 校验一下我的 state
ck, err := ctx.Cookie("jwt-state")
if err != nil {
return fmt.Errorf("拿不到 state 的 cookie, %w", err)
}
var sc StateClaims
token, err := jwt.ParseWithClaims(ck, &sc, func(token *jwt.Token) (interface{}, error) {
return h.stateKey, nil
})
if err != nil || !token.Valid {
return fmt.Errorf("token 已经过期了, %w", err)
}
if sc.State != state {
return errors.New("state 不相等")
}
return nil
}
type StateClaims struct {
State string
jwt.RegisteredClaims
}
//type OAuth2Handler struct {
// wechatService
// dingdingService
// feishuService
//
// svcs map[string]OAuth2Service
//}
//func (h *OAuth2Handler) RegisterRoutes(server *gin.Engine) {
// // 统一处理所有的 OAuth2 的
// g := server.Group("/oauth2")
// g.GET("/:platform/authurl", h.AuthURL)
// g.Any("/:platform/callback", h.Callback)
//}
//func (h *OAuth2Handler) AuthURL(ctx *gin.Context) {
// platform := ctx.Param("platform")
// switch platform {
// case "wechat":
// h.wechatService.AuthURL
// }
//
// svc := h.svcs[platform]
// svc.
//}
//func (h *OAuth2Handler) Callback(ctx *gin.Context) {
//
//}