feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

2026-04-02 11:19:50 +08:00
parent e59a77bc49
commit dcc1f186f8
298 changed files with 62603 additions and 0 deletions
--- a/internal/auth/providers/weibo.go
+++ b/internal/auth/providers/weibo.go
@@ -0,0 +1,201 @@
+package providers
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+// WeiboProvider 微博OAuth提供者
+type WeiboProvider struct {
+	AppKey      string
+	AppSecret   string
+	RedirectURI string
+}
+
+// WeiboAuthURLResponse 微博授权URL响应
+type WeiboAuthURLResponse struct {
+	URL      string `json:"url"`
+	State    string `json:"state"`
+	Redirect string `json:"redirect,omitempty"`
+}
+
+// WeiboTokenResponse 微博Token响应
+type WeiboTokenResponse struct {
+	AccessToken string `json:"access_token"`
+	ExpiresIn   int    `json:"expires_in"`
+	RemindIn    string `json:"remind_in"`
+	UID         string `json:"uid"`
+}
+
+// WeiboUserInfo 微博用户信息
+type WeiboUserInfo struct {
+	ID              int64  `json:"id"`
+	IDStr           string `json:"idstr"`
+	ScreenName      string `json:"screen_name"`
+	Name            string `json:"name"`
+	Province        string `json:"province"`
+	City            string `json:"city"`
+	Location        string `json:"location"`
+	Description     string `json:"description"`
+	URL             string `json:"url"`
+	ProfileImageURL string `json:"profile_image_url"`
+	Gender          string `json:"gender"` // m:男, f:女, n:未知
+	FollowersCount  int    `json:"followers_count"`
+	FriendsCount    int    `json:"friends_count"`
+	StatusesCount   int    `json:"statuses_count"`
+}
+
+// NewWeiboProvider 创建微博OAuth提供者
+func NewWeiboProvider(appKey, appSecret, redirectURI string) *WeiboProvider {
+	return &WeiboProvider{
+		AppKey:      appKey,
+		AppSecret:   appSecret,
+		RedirectURI: redirectURI,
+	}
+}
+
+// GenerateState 生成随机状态码
+func (w *WeiboProvider) GenerateState() (string, error) {
+	b := make([]byte, 32)
+	_, err := rand.Read(b)
+	if err != nil {
+		return "", err
+	}
+	return base64.URLEncoding.EncodeToString(b), nil
+}
+
+// GetAuthURL 获取微博授权URL
+func (w *WeiboProvider) GetAuthURL(state string) (*WeiboAuthURLResponse, error) {
+	authURL := fmt.Sprintf(
+		"https://api.weibo.com/oauth2/authorize?client_id=%s&redirect_uri=%s&response_type=code&state=%s",
+		w.AppKey,
+		url.QueryEscape(w.RedirectURI),
+		state,
+	)
+
+	return &WeiboAuthURLResponse{
+		URL:      authURL,
+		State:    state,
+		Redirect: w.RedirectURI,
+	}, nil
+}
+
+// ExchangeCode 用授权码换取访问令牌
+func (w *WeiboProvider) ExchangeCode(ctx context.Context, code string) (*WeiboTokenResponse, error) {
+	tokenURL := "https://api.weibo.com/oauth2/access_token"
+
+	data := url.Values{}
+	data.Set("client_id", w.AppKey)
+	data.Set("client_secret", w.AppSecret)
+	data.Set("grant_type", "authorization_code")
+	data.Set("code", code)
+	data.Set("redirect_uri", w.RedirectURI)
+
+	client := &http.Client{Timeout: 10 * time.Second}
+	resp, err := postFormWithContext(ctx, client, tokenURL, data)
+	if err != nil {
+		return nil, fmt.Errorf("request failed: %w", err)
+	}
+	defer resp.Body.Close()
+
+	body, err := readOAuthResponseBody(resp)
+	if err != nil {
+		return nil, fmt.Errorf("read response failed: %w", err)
+	}
+
+	var tokenResp WeiboTokenResponse
+	if err := json.Unmarshal(body, &tokenResp); err != nil {
+		return nil, fmt.Errorf("parse token response failed: %w", err)
+	}
+
+	return &tokenResp, nil
+}
+
+// GetUserInfo 获取微博用户信息
+func (w *WeiboProvider) GetUserInfo(ctx context.Context, accessToken, uid string) (*WeiboUserInfo, error) {
+	userInfoURL := fmt.Sprintf(
+		"https://api.weibo.com/2/users/show.json?access_token=%s&uid=%s",
+		accessToken,
+		uid,
+	)
+
+	req, err := http.NewRequestWithContext(ctx, "GET", userInfoURL, nil)
+	if err != nil {
+		return nil, fmt.Errorf("create request failed: %w", err)
+	}
+
+	client := &http.Client{Timeout: 10 * time.Second}
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("request failed: %w", err)
+	}
+	defer resp.Body.Close()
+
+	body, err := readOAuthResponseBody(resp)
+	if err != nil {
+		return nil, fmt.Errorf("read response failed: %w", err)
+	}
+
+	// 微博错误响应
+	var errResp struct {
+		Error     int    `json:"error"`
+		ErrorCode int    `json:"error_code"`
+		Request   string `json:"request"`
+	}
+	if err := json.Unmarshal(body, &errResp); err == nil && errResp.Error != 0 {
+		return nil, fmt.Errorf("weibo api error: code=%d", errResp.ErrorCode)
+	}
+
+	var userInfo WeiboUserInfo
+	if err := json.Unmarshal(body, &userInfo); err != nil {
+		return nil, fmt.Errorf("parse user info failed: %w", err)
+	}
+
+	return &userInfo, nil
+}
+
+// ValidateToken 验证访问令牌是否有效
+func (w *WeiboProvider) ValidateToken(ctx context.Context, accessToken string) (bool, error) {
+	// 微博没有专门的token验证接口，通过获取API token信息来验证
+	tokenInfoURL := fmt.Sprintf("https://api.weibo.com/oauth2/get_token_info?access_token=%s", accessToken)
+
+	req, err := http.NewRequestWithContext(ctx, "GET", tokenInfoURL, nil)
+	if err != nil {
+		return false, fmt.Errorf("create request failed: %w", err)
+	}
+
+	client := &http.Client{Timeout: 10 * time.Second}
+	resp, err := client.Do(req)
+	if err != nil {
+		return false, fmt.Errorf("request failed: %w", err)
+	}
+	defer resp.Body.Close()
+
+	body, err := readOAuthResponseBody(resp)
+	if err != nil {
+		return false, fmt.Errorf("read response failed: %w", err)
+	}
+
+	var result map[string]interface{}
+	if err := json.Unmarshal(body, &result); err != nil {
+		return false, fmt.Errorf("parse response failed: %w", err)
+	}
+
+	// 如果返回了错误，说明token无效
+	if _, ok := result["error"]; ok {
+		return false, nil
+	}
+
+	// 如果有expire_in字段，说明token有效
+	if _, ok := result["expire_in"]; ok {
+		return true, nil
+	}
+
+	return false, nil
+}