github.com/cloudreve/Cloudreve/v3@v3.0.0-20240224133659-3edb00a6484c/pkg/filesystem/driver/onedrive/oauth.go

package onedrive

import (
	"context"
	"encoding/json"
	"io/ioutil"
	"net/http"
	"net/url"
	"strings"
	"time"

	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/oauth"
	"github.com/cloudreve/Cloudreve/v3/pkg/request"
	"github.com/cloudreve/Cloudreve/v3/pkg/util"
)

// Error 实现error接口
func (err OAuthError) Error() string {
	return err.ErrorDescription
}

// OAuthURL 获取OAuth认证页面URL
func (client *Client) OAuthURL(ctx context.Context, scope []string) string {
	query := url.Values{
		"client_id":     {client.ClientID},
		"scope":         {strings.Join(scope, " ")},
		"response_type": {"code"},
		"redirect_uri":  {client.Redirect},
	}
	client.Endpoints.OAuthEndpoints.authorize.RawQuery = query.Encode()
	return client.Endpoints.OAuthEndpoints.authorize.String()
}

// getOAuthEndpoint 根据指定的AuthURL获取详细的认证接口地址
func (client *Client) getOAuthEndpoint() *oauthEndpoint {
	base, err := url.Parse(client.Endpoints.OAuthURL)
	if err != nil {
		return nil
	}
	var (
		token     *url.URL
		authorize *url.URL
	)
	switch base.Host {
	case "login.live.com":
		token, _ = url.Parse("https://login.live.com/oauth20_token.srf")
		authorize, _ = url.Parse("https://login.live.com/oauth20_authorize.srf")
	case "login.chinacloudapi.cn":
		client.Endpoints.isInChina = true
		token, _ = url.Parse("https://login.chinacloudapi.cn/common/oauth2/v2.0/token")
		authorize, _ = url.Parse("https://login.chinacloudapi.cn/common/oauth2/v2.0/authorize")
	default:
		token, _ = url.Parse("https://login.microsoftonline.com/common/oauth2/v2.0/token")
		authorize, _ = url.Parse("https://login.microsoftonline.com/common/oauth2/v2.0/authorize")
	}

	return &oauthEndpoint{
		token:     *token,
		authorize: *authorize,
	}
}

// ObtainToken 通过code或refresh_token兑换token
func (client *Client) ObtainToken(ctx context.Context, opts ...Option) (*Credential, error) {
	options := newDefaultOption()
	for _, o := range opts {
		o.apply(options)
	}

	body := url.Values{
		"client_id":     {client.ClientID},
		"redirect_uri":  {client.Redirect},
		"client_secret": {client.ClientSecret},
	}
	if options.code != "" {
		body.Add("grant_type", "authorization_code")
		body.Add("code", options.code)
	} else {
		body.Add("grant_type", "refresh_token")
		body.Add("refresh_token", options.refreshToken)
	}
	strBody := body.Encode()

	res := client.Request.Request(
		"POST",
		client.Endpoints.OAuthEndpoints.token.String(),
		ioutil.NopCloser(strings.NewReader(strBody)),
		request.WithHeader(http.Header{
			"Content-Type": {"application/x-www-form-urlencoded"}},
		),
		request.WithContentLength(int64(len(strBody))),
	)
	if res.Err != nil {
		return nil, res.Err
	}

	respBody, err := res.GetResponse()
	if err != nil {
		return nil, err
	}

	var (
		errResp    OAuthError
		credential Credential
		decodeErr  error
	)

	if res.Response.StatusCode != 200 {
		decodeErr = json.Unmarshal([]byte(respBody), &errResp)
	} else {
		decodeErr = json.Unmarshal([]byte(respBody), &credential)
	}
	if decodeErr != nil {
		return nil, decodeErr
	}

	if errResp.ErrorType != "" {
		return nil, errResp
	}

	return &credential, nil

}

// UpdateCredential 更新凭证，并检查有效期
func (client *Client) UpdateCredential(ctx context.Context, isSlave bool) error {
	if isSlave {
		return client.fetchCredentialFromMaster(ctx)
	}

	oauth.GlobalMutex.Lock(client.Policy.ID)
	defer oauth.GlobalMutex.Unlock(client.Policy.ID)

	// 如果已存在凭证
	if client.Credential != nil && client.Credential.AccessToken != "" {
		// 检查已有凭证是否过期
		if client.Credential.ExpiresIn > time.Now().Unix() {
			// 未过期，不要更新
			return nil
		}
	}

	// 尝试从缓存中获取凭证
	if cacheCredential, ok := cache.Get("onedrive_" + client.ClientID); ok {
		credential := cacheCredential.(Credential)
		if credential.ExpiresIn > time.Now().Unix() {
			client.Credential = &credential
			return nil
		}
	}

	// 获取新的凭证
	if client.Credential == nil || client.Credential.RefreshToken == "" {
		// 无有效的RefreshToken
		util.Log().Error("Failed to refresh credential for policy %q, please login your Microsoft account again.", client.Policy.Name)
		return ErrInvalidRefreshToken
	}

	credential, err := client.ObtainToken(ctx, WithRefreshToken(client.Credential.RefreshToken))
	if err != nil {
		return err
	}

	// 更新有效期为绝对时间戳
	expires := credential.ExpiresIn - 60
	credential.ExpiresIn = time.Now().Add(time.Duration(expires) * time.Second).Unix()
	client.Credential = credential

	// 更新存储策略的 RefreshToken
	client.Policy.UpdateAccessKeyAndClearCache(credential.RefreshToken)

	// 更新缓存
	cache.Set("onedrive_"+client.ClientID, *credential, int(expires))

	return nil
}

func (client *Client) AccessToken() string {
	return client.Credential.AccessToken
}

// UpdateCredential 更新凭证，并检查有效期
func (client *Client) fetchCredentialFromMaster(ctx context.Context) error {
	res, err := client.ClusterController.GetPolicyOauthToken(client.Policy.MasterID, client.Policy.ID)
	if err != nil {
		return err
	}

	client.Credential = &Credential{AccessToken: res}
	return nil
}