authService = $authService; $this->openApiService = $openApiService; $this->authValidator = $authValidator; } /** * 获取访问令牌 * * @param Request $request * @return JsonResponse */ public function token(Request $request): JsonResponse { try { // 验证请求参数 $validation = $this->authValidator->validateTokenRequest($request->all()); if (!$validation['success']) { return $this->errorResponse('参数验证失败', $validation['errors'], 400); } $grantType = $request->input('grant_type'); switch ($grantType) { case 'client_credentials': return $this->handleClientCredentials($request); case 'authorization_code': return $this->handleAuthorizationCode($request); case 'refresh_token': return $this->handleRefreshToken($request); default: return $this->errorResponse('不支持的授权类型', [], 400); } } catch (\Exception $e) { return $this->errorResponse('获取令牌失败', ['message' => $e->getMessage()], 500); } } /** * 处理客户端凭证授权 * * @param Request $request * @return JsonResponse */ protected function handleClientCredentials(Request $request): JsonResponse { $appId = $request->input('client_id'); $appSecret = $request->input('client_secret'); $scopes = explode(' ', $request->input('scope', '')); // 验证应用 $app = $this->openApiService->validateApp($appId, $appSecret); if (!$app) { return $this->errorResponse('应用认证失败', [], 401); } // 检查权限范围 foreach ($scopes as $scope) { if (!$this->openApiService->checkScope($app, $scope)) { return $this->errorResponse('权限不足', ['scope' => $scope], 403); } } // 生成访问令牌 $tokenData = $this->authService->generateAccessToken($app, 0, $scopes); return $this->successResponse('令牌获取成功', $tokenData); } /** * 处理授权码授权 * * @param Request $request * @return JsonResponse */ protected function handleAuthorizationCode(Request $request): JsonResponse { $appId = $request->input('client_id'); $appSecret = $request->input('client_secret'); $code = $request->input('code'); // 验证应用 $app = $this->openApiService->validateApp($appId, $appSecret); if (!$app) { return $this->errorResponse('应用认证失败', [], 401); } // 验证授权码 $codeData = $this->authService->validateAuthCode($code, $appId); if (!$codeData) { return $this->errorResponse('授权码无效', [], 400); } // 生成访问令牌 $tokenData = $this->authService->generateAccessToken( $app, $codeData['user_id'], $codeData['scopes'] ); return $this->successResponse('令牌获取成功', $tokenData); } /** * 处理刷新令牌 * * @param Request $request * @return JsonResponse */ protected function handleRefreshToken(Request $request): JsonResponse { $refreshToken = $request->input('refresh_token'); // 刷新访问令牌 $tokenData = $this->authService->refreshAccessToken($refreshToken); if (!$tokenData) { return $this->errorResponse('刷新令牌无效', [], 400); } return $this->successResponse('令牌刷新成功', $tokenData); } /** * 刷新令牌 * * @param Request $request * @return JsonResponse */ public function refresh(Request $request): JsonResponse { try { $refreshToken = $request->input('refresh_token'); if (!$refreshToken) { return $this->errorResponse('缺少刷新令牌', [], 400); } $tokenData = $this->authService->refreshAccessToken($refreshToken); if (!$tokenData) { return $this->errorResponse('刷新令牌无效', [], 400); } return $this->successResponse('令牌刷新成功', $tokenData); } catch (\Exception $e) { return $this->errorResponse('刷新令牌失败', ['message' => $e->getMessage()], 500); } } /** * 撤销令牌 * * @param Request $request * @return JsonResponse */ public function revoke(Request $request): JsonResponse { try { $token = $request->input('token'); $tokenTypeHint = $request->input('token_type_hint', 'access_token'); if (!$token) { return $this->errorResponse('缺少令牌', [], 400); } // 这里可以实现令牌撤销逻辑 // 暂时返回成功响应 return $this->successResponse('令牌已撤销'); } catch (\Exception $e) { return $this->errorResponse('撤销令牌失败', ['message' => $e->getMessage()], 500); } } /** * 生成JWT令牌 * * @param Request $request * @return JsonResponse */ public function jwt(Request $request): JsonResponse { try { $appId = $request->input('app_id'); $appSecret = $request->input('app_secret'); // 验证应用 $app = $this->openApiService->validateApp($appId, $appSecret); if (!$app) { return $this->errorResponse('应用认证失败', [], 401); } // 生成JWT令牌 $payload = [ 'user_id' => $request->input('user_id', 0), 'scopes' => $app->scopes, ]; $token = $this->authService->generateJwtToken($app, $payload); return $this->successResponse('JWT令牌生成成功', [ 'token' => $token, 'token_type' => 'Bearer', 'expires_in' => config('openapi.auth.jwt.expire', 3600), ]); } catch (\Exception $e) { return $this->errorResponse('生成JWT令牌失败', ['message' => $e->getMessage()], 500); } } /** * 验证JWT令牌 * * @param Request $request * @return JsonResponse */ public function verifyJwt(Request $request): JsonResponse { try { $token = $request->input('token'); if (!$token) { return $this->errorResponse('缺少令牌', [], 400); } $payload = $this->authService->validateJwtToken($token); if (!$payload) { return $this->errorResponse('令牌无效', [], 401); } return $this->successResponse('令牌验证成功', $payload); } catch (\Exception $e) { return $this->errorResponse('验证令牌失败', ['message' => $e->getMessage()], 500); } } /** * 返回成功响应 * * @param string $message * @param array $data * @return JsonResponse */ protected function successResponse(string $message, array $data = []): JsonResponse { return response()->json([ 'success' => true, 'message' => $message, 'data' => $data, 'timestamp' => time(), ]); } /** * 返回错误响应 * * @param string $message * @param array $errors * @param int $code * @return JsonResponse */ protected function errorResponse(string $message, array $errors = [], int $code = 400): JsonResponse { return response()->json([ 'success' => false, 'message' => $message, 'errors' => $errors, 'timestamp' => time(), ], $code); } }