Full Restruct API and Services
Signed-off-by: Asai Neko <sugar@sne.moe>
This commit is contained in:
@@ -0,0 +1,87 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"nixcn-cms/internal/exception"
|
||||
"nixcn-cms/service/service_auth"
|
||||
"nixcn-cms/utils"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
// Exchange handles the authorization code swap process.
|
||||
// @Summary Exchange Auth Code
|
||||
// @Description Exchanges client credentials and user session for a specific redirect authorization code.
|
||||
// @Tags Authentication
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param payload body service_auth.ExchangeData true "Exchange Request Credentials"
|
||||
// @Success 200 {object} service_auth.ExchangeResult
|
||||
// @Failure 400 {string} string "Invalid Input"
|
||||
// @Failure 401 {string} string "Unauthorized"
|
||||
// @Failure 500 {string} string "Internal Server Error"
|
||||
// @Security ApiKeyAuth
|
||||
// @Router /auth/exchange [post]
|
||||
func (self *AuthHandler) Exchange(c *gin.Context) {
|
||||
var exchangeData service_auth.ExchangeData
|
||||
|
||||
if err := c.ShouldBindJSON(&exchangeData); err != nil {
|
||||
errorCode := new(exception.Builder).
|
||||
SetStatus(exception.StatusUser).
|
||||
SetService(exception.ServiceAuth).
|
||||
SetEndpoint(exception.EndpointAuthServiceExchange).
|
||||
SetType(exception.TypeCommon).
|
||||
SetOriginal(exception.CommonErrorInvalidInput).
|
||||
SetError(err).
|
||||
Throw(c).
|
||||
String()
|
||||
|
||||
utils.HttpResponse(c, 400, errorCode)
|
||||
return
|
||||
}
|
||||
|
||||
userIdOrig, ok := c.Get("user_id")
|
||||
if !ok {
|
||||
errorCode := new(exception.Builder).
|
||||
SetStatus(exception.StatusUser).
|
||||
SetService(exception.ServiceAuth).
|
||||
SetEndpoint(exception.EndpointAuthServiceExchange).
|
||||
SetType(exception.TypeCommon).
|
||||
SetOriginal(exception.CommonErrorUnauthorized).
|
||||
SetError(nil).
|
||||
Throw(c).
|
||||
String()
|
||||
|
||||
utils.HttpResponse(c, 401, errorCode)
|
||||
return
|
||||
}
|
||||
|
||||
userId, err := uuid.Parse(userIdOrig.(string))
|
||||
if err != nil {
|
||||
errorCode := new(exception.Builder).
|
||||
SetStatus(exception.StatusServer).
|
||||
SetService(exception.ServiceAuth).
|
||||
SetEndpoint(exception.EndpointAuthServiceExchange).
|
||||
SetType(exception.TypeCommon).
|
||||
SetOriginal(exception.CommonErrorUuidParseFailed).
|
||||
SetError(err).
|
||||
Throw(c).
|
||||
String()
|
||||
|
||||
utils.HttpResponse(c, 500, errorCode)
|
||||
return
|
||||
}
|
||||
|
||||
result := self.svc.Exchange(&service_auth.ExchangePayload{
|
||||
Context: c,
|
||||
UserId: userId,
|
||||
Data: &exchangeData,
|
||||
})
|
||||
|
||||
if result.Common.Exception.Original != exception.CommonSuccess {
|
||||
utils.HttpResponse(c, result.Common.HttpCode, result.Common.Exception.String())
|
||||
return
|
||||
}
|
||||
|
||||
utils.HttpResponse(c, 200, result.Common.Exception.String(), result.Data)
|
||||
}
|
||||
|
||||
@@ -1,8 +1,23 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"nixcn-cms/middleware"
|
||||
"nixcn-cms/service/service_auth"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
func ApiHandler(r *gin.RouterGroup) {
|
||||
type AuthHandler struct {
|
||||
svc service_auth.AuthService
|
||||
}
|
||||
|
||||
func ApiHandler(r *gin.RouterGroup) {
|
||||
authSvc := service_auth.NewAuthService()
|
||||
authHandler := &AuthHandler{authSvc}
|
||||
|
||||
r.GET("/redirect", authHandler.Redirect)
|
||||
r.POST("/magic", middleware.ApiVersionCheck(), authHandler.Magic)
|
||||
r.POST("/token", middleware.ApiVersionCheck(), authHandler.Token)
|
||||
r.POST("/refresh", middleware.ApiVersionCheck(), authHandler.Refresh)
|
||||
r.POST("/exchange", middleware.ApiVersionCheck(), middleware.JWTAuth(), authHandler.Exchange)
|
||||
}
|
||||
|
||||
@@ -0,0 +1,54 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"nixcn-cms/internal/exception"
|
||||
"nixcn-cms/service/service_auth"
|
||||
"nixcn-cms/utils"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
// Magic handles the "Magic Link" authentication request.
|
||||
// @Summary Request Magic Link
|
||||
// @Description Verifies Turnstile token and sends an authentication link via email. Returns the URI directly if debug mode is enabled.
|
||||
// @Tags Authentication
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param payload body service_auth.MagicData true "Magic Link Request Data"
|
||||
// @Success 200 {object} service_auth.MagicResult
|
||||
// @Failure 400 {string} string "Invalid Input"
|
||||
// @Failure 403 {string} string "Turnstile Verification Failed"
|
||||
// @Failure 500 {string} string "Internal Server Error"
|
||||
// @Router /auth/magic [post]
|
||||
func (self *AuthHandler) Magic(c *gin.Context) {
|
||||
var magicData service_auth.MagicData
|
||||
|
||||
if err := c.ShouldBindJSON(&magicData); err != nil {
|
||||
errorCode := new(exception.Builder).
|
||||
SetStatus(exception.StatusUser).
|
||||
SetService(exception.ServiceAuth).
|
||||
SetEndpoint(exception.EndpointAuthServiceMagic).
|
||||
SetType(exception.TypeCommon).
|
||||
SetOriginal(exception.CommonErrorInvalidInput).
|
||||
SetError(err).
|
||||
Throw(c).
|
||||
String()
|
||||
|
||||
utils.HttpResponse(c, 400, errorCode)
|
||||
return
|
||||
}
|
||||
|
||||
magicData.ClientIP = c.ClientIP()
|
||||
|
||||
result := self.svc.Magic(&service_auth.MagicPayload{
|
||||
Context: c,
|
||||
Data: &magicData,
|
||||
})
|
||||
|
||||
if result.Common.Exception.Original != exception.CommonSuccess {
|
||||
utils.HttpResponse(c, result.Common.HttpCode, result.Common.Exception.String())
|
||||
return
|
||||
}
|
||||
|
||||
utils.HttpResponse(c, 200, result.Common.Exception.String(), result.Data)
|
||||
}
|
||||
|
||||
@@ -0,0 +1,59 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"nixcn-cms/internal/exception"
|
||||
"nixcn-cms/service/service_auth"
|
||||
"nixcn-cms/utils"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
// Redirect handles the post-verification callback and redirects the user to the target application.
|
||||
// @Summary Handle Auth Callback and Redirect
|
||||
// @Description Verifies the temporary email code, ensures the user exists (or creates one), validates the client's redirect URI, and finally performs a 302 redirect with a new authorization code.
|
||||
// @Tags Authentication
|
||||
// @Accept x-www-form-urlencoded
|
||||
// @Produce html
|
||||
// @Param client_id query string true "Client Identifier"
|
||||
// @Param redirect_uri query string true "Target Redirect URI"
|
||||
// @Param code query string true "Temporary Verification Code"
|
||||
// @Param state query string false "Opaque state used to maintain state between the request and callback"
|
||||
// @Success 302 {string} string "Redirect to the provided RedirectUri with a new code"
|
||||
// @Failure 400 {string} string "Invalid Input / Client Not Found / URI Mismatch"
|
||||
// @Failure 403 {string} string "Invalid or Expired Verification Code"
|
||||
// @Failure 500 {string} string "Internal Server Error"
|
||||
// @Router /auth/redirect [get]
|
||||
func (self *AuthHandler) Redirect(c *gin.Context) {
|
||||
data := &service_auth.RedirectData{
|
||||
ClientId: c.Query("client_id"),
|
||||
RedirectUri: c.Query("redirect_uri"),
|
||||
State: c.Query("state"),
|
||||
Code: c.Query("code"),
|
||||
}
|
||||
|
||||
if data.ClientId == "" || data.RedirectUri == "" || data.Code == "" {
|
||||
errorCode := new(exception.Builder).
|
||||
SetStatus(exception.StatusUser).
|
||||
SetService(exception.ServiceAuth).
|
||||
SetEndpoint(exception.EndpointAuthServiceRedirect).
|
||||
SetType(exception.TypeCommon).
|
||||
SetOriginal(exception.CommonErrorInvalidInput).
|
||||
SetError(nil).
|
||||
Throw(c).
|
||||
String()
|
||||
utils.HttpResponse(c, 400, errorCode)
|
||||
return
|
||||
}
|
||||
|
||||
result := self.svc.Redirect(&service_auth.RedirectPayload{
|
||||
Context: c,
|
||||
Data: data,
|
||||
})
|
||||
|
||||
if result.Common.Exception.Original != exception.CommonSuccess {
|
||||
utils.HttpResponse(c, result.Common.HttpCode, result.Common.Exception.String())
|
||||
return
|
||||
}
|
||||
|
||||
c.Redirect(302, result.Data)
|
||||
}
|
||||
|
||||
@@ -0,0 +1,52 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"nixcn-cms/internal/exception"
|
||||
"nixcn-cms/service/service_auth"
|
||||
"nixcn-cms/utils"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
// Refresh handles the token rotation process.
|
||||
// @Summary Refresh Access Token
|
||||
// @Description Accepts a valid refresh token to issue a new access token and a rotated refresh token.
|
||||
// @Tags Authentication
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param payload body service_auth.RefreshData true "Refresh Token Body"
|
||||
// @Success 200 {object} service_auth.RefreshResult
|
||||
// @Failure 400 {string} string "Invalid Input"
|
||||
// @Failure 401 {string} string "Invalid Refresh Token"
|
||||
// @Failure 500 {string} string "Internal Server Error"
|
||||
// @Router /auth/refresh [post]
|
||||
func (self *AuthHandler) Refresh(c *gin.Context) {
|
||||
var refreshData service_auth.RefreshData
|
||||
|
||||
if err := c.ShouldBindJSON(&refreshData); err != nil {
|
||||
errorCode := new(exception.Builder).
|
||||
SetStatus(exception.StatusUser).
|
||||
SetService(exception.ServiceAuth).
|
||||
SetEndpoint(exception.EndpointAuthServiceRefresh).
|
||||
SetType(exception.TypeCommon).
|
||||
SetOriginal(exception.CommonErrorInvalidInput).
|
||||
SetError(err).
|
||||
Throw(c).
|
||||
String()
|
||||
|
||||
utils.HttpResponse(c, 400, errorCode)
|
||||
return
|
||||
}
|
||||
|
||||
result := self.svc.Refresh(&service_auth.RefreshPayload{
|
||||
Context: c,
|
||||
Data: &refreshData,
|
||||
})
|
||||
|
||||
if result.Common.Exception.Original != exception.CommonSuccess {
|
||||
utils.HttpResponse(c, result.Common.HttpCode, result.Common.Exception.String())
|
||||
return
|
||||
}
|
||||
|
||||
utils.HttpResponse(c, 200, result.Common.Exception.String(), result.Data)
|
||||
}
|
||||
|
||||
@@ -0,0 +1,52 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"nixcn-cms/internal/exception"
|
||||
"nixcn-cms/service/service_auth"
|
||||
"nixcn-cms/utils"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
// Token exchanges an authorization code for access and refresh tokens.
|
||||
// @Summary Exchange Code for Token
|
||||
// @Description Verifies the provided authorization code and issues a pair of JWT tokens (Access and Refresh).
|
||||
// @Tags Authentication
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param payload body service_auth.TokenData true "Token Request Body"
|
||||
// @Success 200 {object} service_auth.TokenResult
|
||||
// @Failure 400 {string} string "Invalid Input"
|
||||
// @Failure 403 {string} string "Invalid or Expired Code"
|
||||
// @Failure 500 {string} string "Internal Server Error"
|
||||
// @Router /auth/token [post]
|
||||
func (self *AuthHandler) Token(c *gin.Context) {
|
||||
var tokenData service_auth.TokenData
|
||||
|
||||
if err := c.ShouldBindJSON(&tokenData); err != nil {
|
||||
errorCode := new(exception.Builder).
|
||||
SetStatus(exception.StatusUser).
|
||||
SetService(exception.ServiceAuth).
|
||||
SetEndpoint(exception.EndpointAuthServiceToken).
|
||||
SetType(exception.TypeCommon).
|
||||
SetOriginal(exception.CommonErrorInvalidInput).
|
||||
SetError(err).
|
||||
Throw(c).
|
||||
String()
|
||||
|
||||
utils.HttpResponse(c, 400, errorCode)
|
||||
return
|
||||
}
|
||||
|
||||
result := self.svc.Token(&service_auth.TokenPayload{
|
||||
Context: c,
|
||||
Data: &tokenData,
|
||||
})
|
||||
|
||||
if result.Common.Exception.Original != exception.CommonSuccess {
|
||||
utils.HttpResponse(c, result.Common.HttpCode, result.Common.Exception.String())
|
||||
return
|
||||
}
|
||||
|
||||
utils.HttpResponse(c, 200, result.Common.Exception.String(), result.Data)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user