| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159 |
- <?php
- namespace App\Module\OAuth\Controllers;
- use App\Http\Controllers\Controller;
- use App\Module\OAuth\Services\OAuth;
- use App\Module\OAuth\Services\AuthService;
- use Illuminate\Http\Request;
- use Illuminate\Http\JsonResponse;
- use Illuminate\View\View;
- class AuthorizeController extends Controller
- {
- protected $auth;
- public function __construct(AuthService $auth)
- {
- $this->auth = $auth;
- }
- /**
- * 显示授权页面
- */
- public function authorize(Request $request)
- {
- // 验证请求参数
- $request->validate([
- 'response_type' => 'required|in:code,token',
- 'client_id' => 'required|string',
- 'redirect_uri' => 'required|url',
- 'scope' => 'nullable|string',
- 'state' => 'nullable|string',
- ]);
- // 获取客户端信息
- $client = OAuth::getClient($request->client_id);
- if (!$client) {
- return response()->json([
- 'error' => 'invalid_client',
- 'error_description' => '无效的客户端'
- ], 400);
- }
- // 验证回调地址
- // dd($request->redirect_uri);
- if ($client->redirect_uri !== $request->redirect_uri) {
- return response()->json([
- 'error' => 'invalid_redirect_uri',
- 'error_description' => '无效的回调地址'
- ], 400);
- }
- // 如果用户未登录,保存授权请求参数并重定向到登录页面
- if (!$this->auth->check()) {
- // 保存授权请求参数到session
- session(['oauth_authorize_params' => $request->all()]);
- return redirect()->route('login');
- }
- $user = $this->auth->user();
- // 显示授权页面
- return view('oauth::authorize', [
- 'client' => $client,
- 'scopes' => $request->scope ? explode(' ', $request->scope) : [],
- 'redirect_uri' => $request->redirect_uri,
- 'response_type' => $request->response_type,
- 'state' => $request->state,
- 'scope' => $request->scope,
- ]);
- }
- /**
- * 处理授权请求
- */
- public function approve(Request $request)
- {
- // 验证请求
- $request->validate([
- 'client_id' => 'required|string',
- 'redirect_uri' => 'required|url',
- 'response_type' => 'required|in:code,token',
- 'scope' => 'nullable|string',
- 'state' => 'nullable|string',
- 'approve' => 'required|boolean',
- ]);
- // 如果用户未登录,保存授权请求参数并重定向到登录页面
- if (!$this->auth->check()) {
- session(['oauth_authorize_params' => $request->all()]);
- return redirect()->route('login');
- }
- $user = $this->auth->user();
- // 如果用户拒绝授权
- if (!$request->approve) {
- $params = [
- 'error' => 'access_denied',
- 'error_description' => '用户拒绝授权'
- ];
- if ($request->state) {
- $params['state'] = $request->state;
- }
- $url= $request->redirect_uri . '?' . http_build_query($params);
- }else{
- // 根据响应类型处理
- if ($request->response_type === 'token') {
- // 简化模式,直接返回访问令牌
- $token = OAuth::createAccessToken(
- $request->client_id,
- $user['id'],
- $request->scope ? explode(' ', $request->scope) : []
- );
- $params = [
- 'access_token' => $token->access_token,
- 'token_type' => 'Bearer',
- 'expires_in' => $token->expires_at->diffInSeconds(now()),
- 'scope' => implode(' ', $token->scope ?? []),
- ];
- if ($request->state) {
- $params['state'] = $request->state;
- }
- $url =$request->redirect_uri . '#' . http_build_query($params);
- } else {
- // 授权码模式,生成授权码
- $code = bin2hex(random_bytes(32));
- // 存储授权码信息
- cache()->put('oauth_auth_code:' . $code, [
- 'client_id' => $request->client_id,
- 'user_id' => $user['id'],
- 'scope' => $request->scope,
- 'redirect_uri' => $request->redirect_uri,
- ], 600); // 10分钟有效期
- $params = ['code' => $code];
- if ($request->state) {
- $params['state'] = $request->state;
- }
- $url = $request->redirect_uri . '?' . http_build_query($params);
- }
- }
- return response()->redirectTo($url);
- }
- }
|
