@cloudbase/oauth 1.2.1-beta → 2.0.0-beta.0

package/src/auth/models.ts

@@ -0,0 +1,444 @@
+interface BaseRequest {
+  client_id?: string;
+}
+
+export type GetCustomSignTicketFn = () => Promise<string>;
+
+export interface SignInRequest extends BaseRequest {
+  username?: string;
+  password?: string;
+  verification_token?: string;
+}
+
+export interface SignInWithProviderRequest extends BaseRequest {
+  provider_token: string;
+}
+
+export interface SignUpRequest extends BaseRequest {
+  phone_number?: string;
+  email?: string;
+
+  verification_code?: string;
+  verification_token?: string;
+  provider_token?: string;
+
+  password?: string;
+  name?: string;
+  gender?: string;
+  picture?: string;
+  locale?: string;
+}
+
+export interface GetVerificationRequest extends BaseRequest {
+  phone_number?: string;
+  email?: string;
+  target?: string | 'ANY';
+  usage?: string;
+}
+
+export interface GetVerificationResponse {
+  verification_id?: string;
+  is_user?: boolean | false;
+}
+
+export interface VerifyResponse {
+  verification_token?: string;
+}
+
+export interface VerifyRequest extends BaseRequest {
+  verification_code: string;
+  verification_id?: string;
+}
+
+export interface ProviderBindRequest {
+  provider_token: string;
+}
+
+export interface GrantProviderTokenRequest extends BaseRequest {
+  provider_id: string;
+  provider_redirect_uri?: string;
+  provider_code?: string;
+  provider_access_token?: string;
+  provider_id_token?: string;
+}
+
+export interface GrantProviderTokenResponse {
+  provider_token: string;
+  expires_in: number;
+}
+
+export interface PatchProviderTokenRequest extends BaseRequest {
+  provider_token: string;
+  provider_params: {
+    encryptedData: string;
+    iv: string;
+  };
+}
+
+export interface PatchProviderTokenResponse {
+  provider_token: string;
+  expires_in: number;
+  provider_profile: ProviderProfile;
+}
+
+// export interface GenProviderRedirectUriRequest {
+//   provider_id: string;
+//   provider_redirect_uri: string;
+//   state: string;
+//   other_params?: {
+//     sign_out_uri?: string;
+//   };
+// }
+
+export interface GenProviderRedirectUriResponse {
+  uri: string;
+  signout_uri?: string;
+}
+
+export interface BindWithProviderRequest extends BaseRequest {
+  provider_token: string;
+}
+
+export interface BindWithProviderRequest {
+  provider_token: string;
+}
+
+export interface UserProfileProvider {
+  id?: string;
+  provider_user_id?: string;
+  name?: string;
+}
+
+export interface UserProfile {
+  name?: string;
+  picture?: string;
+  username?: string;
+  email?: string;
+  email_verified?: boolean;
+  phone_number?: string;
+  providers?: [UserProfileProvider];
+  gender?: string;
+  birthdate?: string;
+  zoneinfo?: string;
+  locale?: string;
+  created_from?: string;
+  sub?: string
+  uid?: string
+  address?: {
+    formatted?: string,
+    street_address?: string,
+    locality?: string,
+    region?: string,
+    postal_code?: string,
+    country?: string
+  }
+  nickName?: string // TODO:
+  province?: string // TODO:
+  country?: string // TODO:
+  city?: string // TODO:
+}
+
+export type UserInfo = UserProfile;
+
+export interface ProviderProfile {
+  provider_id: string;
+  phone_number?: string;
+}
+
+export interface TransByProviderRequest {
+  provider_token: string;
+}
+
+export interface GrantTokenRequest extends BaseRequest {
+  client_secret?: string;
+  code?: string;
+  grant_type?: string;
+  redirect_uri?: string;
+  nonce?: string;
+  refresh_token?: string;
+  scope?: string;
+}
+
+export interface UnbindProviderRequest extends BaseRequest {
+  provider_id: string;
+}
+
+export interface CheckPasswordrRequest extends BaseRequest {
+  password: string;
+}
+
+export interface BindPhoneRequest extends BaseRequest {
+  phone_number: string;
+  sudo_token: string;
+  verification_token: string;
+}
+
+export interface SetPasswordRequest extends BaseRequest {
+  new_password: string;
+  sudo_token: string;
+}
+
+export interface ChangeBindedProviderRequest extends BaseRequest {
+  trans_token: string;
+  provider_id: string;
+}
+
+export type ChangeBindedProviderResponse = BaseRequest
+
+export interface QueryUserProfileReq extends BaseRequest {
+  appended_params: string;
+}
+
+export interface SignInWithProviderRequest {
+  provider_token: string;
+  provider_id?: string;
+}
+
+export interface SignUpRequest {
+  phone_number?: string;
+  email?: string;
+
+  verification_code?: string;
+  verification_token?: string;
+  provider_token?: string;
+
+  password?: string;
+  name?: string;
+  gender?: string;
+  picture?: string;
+  locale?: string;
+}
+
+export interface GetVerificationRequest {
+  phone_number?: string;
+  email?: string;
+  // 可选 ANY，USER，NOT_USER, CUR_USER;
+  target?: string | 'ANY';
+  usage?: string;
+}
+
+export interface GetVerificationResponse {
+  verification_id?: string;
+  is_user?: boolean | false;
+}
+
+export interface VerifyResponse {
+  verification_token?: string;
+}
+
+export interface VerifyRequest {
+  verification_code: string;
+  verification_id?: string;
+}
+
+export interface ProviderBindRequest {
+  provider_token: string;
+}
+
+export interface GrantProviderTokenRequest {
+  provider_id: string;
+  provider_redirect_uri?: string;
+  provider_code?: string;
+  provider_access_token?: string;
+  provider_id_token?: string;
+}
+
+export interface GrantProviderTokenResponse {
+  provider_token: string;
+  expires_in: number;
+}
+
+export interface PatchProviderTokenRequest {
+  provider_token: string;
+  provider_params: {
+    encryptedData: string;
+    iv: string;
+  };
+}
+
+export interface PatchProviderTokenResponse {
+  provider_token: string;
+  expires_in: number;
+  provider_profile: ProviderProfile;
+}
+
+export interface GenProviderRedirectUriRequest {
+  provider_id: string;
+  provider_redirect_uri: string;
+  state: string;
+  other_params?: {
+    [key: string]: string
+  };
+}
+
+export interface GenProviderRedirectUriResponse {
+  uri: string;
+  signout_uri?: string;
+}
+
+export interface BindWithProviderRequest {
+  provider_token: string;
+}
+
+export interface BindWithProviderRequest {
+  provider_token: string;
+}
+
+export interface UserProfileProvider {
+  id?: string;
+  provider_user_id?: string;
+  name?: string;
+}
+
+export interface UserProfile {
+  name?: string;
+  picture?: string;
+  username?: string;
+  email?: string;
+  email_verified?: boolean;
+  phone_number?: string;
+  providers?: [UserProfileProvider];
+  gender?: string;
+  birthdate?: string;
+  zoneinfo?: string;
+  locale?: string;
+  created_from?: string;
+}
+
+export interface ProviderProfile {
+  provider_id: string;
+  phone_number?: string;
+}
+
+export interface TransByProviderRequest {
+  provider_token: string;
+}
+
+export interface GrantTokenRequest {
+  client_secret?: string;
+  code?: string;
+  grant_type?: string;
+  redirect_uri?: string;
+  nonce?: string;
+  refresh_token?: string;
+  scope?: string;
+}
+
+export interface UnbindProviderRequest {
+  provider_id: string;
+}
+
+export interface CheckPasswordrRequest {
+  password: string;
+}
+
+export interface BindPhoneRequest {
+  phone_number: string;
+  sudo_token: string;
+  verification_token: string;
+  conflict_resolution: string
+  // 1. DEFAULT 0, 默认提示用户手机号已被绑定
+  // 2. DELETE_ACCOUNT_TRANSFER 1, 标记原账号已被注销，并将手机换绑给自己
+  // 3. TRANSFER 2, 仅换绑手机号，不注销原有账号（换绑后原账号无法登录时，则自动注销原账号）
+}
+
+export interface BindEmailRequest {
+  email: string;
+  sudo_token: string;
+  verification_token: string;
+}
+
+export interface SetPasswordRequest {
+  new_password: string;
+  sudo_token: string;
+}
+
+
+export interface SetPasswordRequest {
+  new_password: string;
+  sudo_token: string;
+}
+
+export interface UpdatePasswordRequest {
+  old_password: string;
+  new_password: string;
+}
+
+// password 和 verification_token 而选一，如果绑定了手机号，则必须使用verification_token 进行sudo
+export interface SudoRequest {
+  password?: string;
+  verification_token?: string
+}
+
+export interface SudoResponse {
+  sudo_token?: string
+}
+
+export interface WithSudoRequest {
+  sudo_token: string
+}
+
+
+export interface ChangeBoundProviderRequest {
+  trans_token: string;
+  provider_id: string;
+}
+
+export interface ChangeBoundProviderResponse {
+  client_id: string;
+}
+
+export interface QueryUserProfileRequest {
+  id?: [string];
+  username?: string;
+  email?: string;
+  phone_number?: string;
+}
+
+export interface QueryUserProfileResponse {
+  total: string;
+  data: SimpleUserProfile[]
+}
+
+export interface ResetPasswordRequest extends BaseRequest {
+  email: string
+  phone_number: string
+  new_password: string
+  verification_token: string
+}
+
+export interface DeviceAuthorizeRequest extends BaseRequest {
+  scope?: string
+}
+
+export interface DeviceAuthorizeResponse {
+  device_code: string
+  user_code: string
+  expires_in: number
+  interval: number
+  verification_url: string
+  verification_uri_complete: string
+}
+
+// 简化版用户信息
+export interface SimpleUserProfile {
+  sub: string;
+  name: string;
+  picture?: string;
+  gender?: string;
+  locale?: string;
+  email?: string;
+  phone_number?: string;
+}
+
+export interface CheckUsernameRequest {
+  username: string
+}
+
+export interface CheckIfUserExistRequest {
+  username: string;
+}
+
+export interface CheckIfUserExistResponse {
+  exist: boolean;
+}

package/src/captcha/captcha.ts

@@ -0,0 +1,222 @@
+import { SimpleStorage, RequestFunction } from '../oauth2client/interface';
+import { AuthClientRequestOptions } from "../oauth2client/models";
+import { defaultStorage } from "../oauth2client/oauth2client";
+
+export interface CaptchaOptions {
+  clientId: string
+  request: RequestFunction;
+  storage: SimpleStorage;
+  // 打开网页并通过URL回调获取 CaptchaToken，针对不通的平台，该函数可以自定义实现, 默认集成浏览器端认证
+  openURIWithCallback?: OpenURIWithCallbackFuction;
+}
+
+type OpenURIWithCallbackFuction = (url: string) => Promise<CaptchaToken>;
+
+export interface CaptchaToken {
+  captcha_token: string
+  expires_in: number
+  expires_at?: Date | null;
+}
+
+export interface CaptchaRequestOptions extends AuthClientRequestOptions {
+  withCaptcha?: boolean;
+}
+
+export interface GetCaptchaResponse {
+  captcha_token?: string
+  expires_in?: number
+  url?: string
+}
+
+const GET_CAPTCHA_URL = '/auth/v1/captcha/init'
+
+export class Captcha {
+  private _config: CaptchaOptions;
+  private _tokenSectionName: string;
+
+  /**
+   * constructor
+   * @param {CaptchaOptions} opts
+   */
+  constructor(opts: CaptchaOptions) {
+    if (!opts.openURIWithCallback) {
+      opts.openURIWithCallback = this._getDefaultOpenURIWithCallback()
+    }
+    if (!opts.storage) {
+      opts.storage = defaultStorage
+    }
+    this._config = opts
+    this._tokenSectionName = 'captcha_' + opts.clientId
+  }
+
+  /**
+   * request http like simple fetch api, exp:request('/v1/user/me', {withCredentials:true})
+   * @param {string} url
+   * @param {AuthClientRequestOptions} options
+   */
+  public async request<T>(
+    url: string,
+    options?: CaptchaRequestOptions,
+  ): Promise<T> {
+    if (!options) {
+      options = {};
+    }
+    if (!options.method) {
+      options.method = 'GET'
+    }
+    const state = options.method + ":" + url
+    let reqURL = url;
+    if (options.withCaptcha) {
+      reqURL = await this._appendCaptchaTokenToURL(url, state, false);
+    }
+
+    let resp: T;
+    try {
+      resp = await this._config.request<T>(reqURL, options)
+    } catch (err) {
+      if (err.error === 'captcha_required' || err.error === 'captcha_invalid') {
+        url = await this._appendCaptchaTokenToURL(url, state, err.error === 'captcha_invalid')
+        return this._config.request<T>(url, options)
+      } else {
+        return Promise.reject(err)
+      }
+    }
+    return resp
+  }
+
+  private _getDefaultOpenURIWithCallback(): OpenURIWithCallbackFuction {
+    if (window.location.search.indexOf('__captcha') > 0) {
+      document.body.style.display = 'none';
+    }
+    if (document.getElementById('captcha_panel_wrap') === null) {
+      var elementDiv = document.createElement('div');
+      elementDiv.style.cssText =
+        'background-color: rgba(0, 0, 0, 0.7);position: fixed;left: 0px;right: 0px;top: 0px;bottom: 0px;padding: 9vw 0 0 0;display: none;z-index:100;';
+      elementDiv.setAttribute('id', 'captcha_panel_wrap');
+      setTimeout(() => {
+        document.body.appendChild(elementDiv);
+      }, 0)
+    }
+    return this._defaultOpenURIWithCallback
+  }
+
+  /**
+   * 默认通过浏览器打开网页并获取回调
+   */
+  private async _defaultOpenURIWithCallback(url: string): Promise<CaptchaToken> {
+    const target = document.getElementById('captcha_panel_wrap'),
+      iframe = document.createElement('iframe')
+    target.innerHTML = '';
+    iframe.setAttribute('src', url)
+    iframe.setAttribute('id', 'review-panel-iframe')
+    iframe.style.cssText = 'min-width:355px;display:block;height:355px;margin:0 auto;background-color: rgb(255, 255, 255);border: none;';
+    target.appendChild(iframe);
+    target.style.display = 'block';
+    return new Promise<CaptchaToken>((resolve, reject) => {
+      iframe.onload = function () {
+        try {
+          var windowLocation = window.location;
+          var iframeLocation = iframe.contentWindow.location;
+          if (
+            iframeLocation.host +
+            iframeLocation.pathname ===
+            windowLocation.host +
+            windowLocation.pathname
+          ) {
+            target.style.display = 'none';
+            const iframeUrlParams = new URLSearchParams(iframeLocation.search);
+            const captchToken = iframeUrlParams.get('captcha_token');
+            if (captchToken) {
+              return resolve({
+                captcha_token: captchToken,
+                expires_in: Number(iframeUrlParams.get('expires_in'))
+              })
+            }
+            return reject({
+              error: iframeUrlParams.get('error'),
+              error_description: iframeUrlParams.get('error_description')
+            })
+          } else {
+            target.style.display = 'block';
+          }
+        } catch (error) {
+          target.style.display = 'block';
+        }
+      };
+    })
+  }
+  /**
+   * _getCaptchaToken 获取captchaToken
+   */
+  private async _getCaptchaToken(forceNewToken: boolean, state: string): Promise<string> {
+    if (!forceNewToken) {
+      // 如果本地存在，则直接返回
+      const captchaToken = await this._findCaptchaToken()
+      if (captchaToken) {
+        return captchaToken
+      }
+    }
+    const redirectURL = window.location.origin + window.location.pathname + "?__captcha=on"
+    const captchaTokenResp = await this._config.request<GetCaptchaResponse>(GET_CAPTCHA_URL, {
+      method: 'POST',
+      body: {
+        client_id: this._config.clientId,
+        redirect_uri: redirectURL,
+        state: state
+      },
+      withCredentials: false,
+    })
+    if (captchaTokenResp.captcha_token) {
+      const captchaToken = {
+        captcha_token: captchaTokenResp.captcha_token,
+        expires_in: captchaTokenResp.expires_in,
+      }
+      this._saveCaptchaToken(captchaToken)
+      return captchaTokenResp.captcha_token
+    }
+    const captchaToken = await this._config.openURIWithCallback(captchaTokenResp.url)
+    this._saveCaptchaToken(captchaToken)
+    return captchaToken.captcha_token
+  }
+
+  private async _appendCaptchaTokenToURL(url: string, state: string, forceNewToken: boolean): Promise<string> {
+    const captchaToken = await this._getCaptchaToken(forceNewToken, state);
+    if (url.indexOf("?") > 0) {
+      url += "&captcha_token=" + captchaToken
+    } else {
+      url += "?captcha_token=" + captchaToken
+    }
+    return url
+  }
+
+  private async _saveCaptchaToken(token: CaptchaToken) {
+    token.expires_at = new Date(
+      Date.now() + (token.expires_in - 10) * 1000,
+    );
+    const tokenStr: string = JSON.stringify(token);
+    await this._config.storage.setItem(this._tokenSectionName, tokenStr);
+  }
+
+  private async _findCaptchaToken(): Promise<string> {
+    const tokenStr: string = await this._config.storage.getItem(
+      this._tokenSectionName,
+    );
+    if (tokenStr !== undefined && tokenStr !== null) {
+      try {
+        const captchaToken = JSON.parse(tokenStr);
+        if (captchaToken?.expires_at) {
+          captchaToken.expires_at = new Date(captchaToken.expires_at);
+        }
+        const isExpired = captchaToken.expires_at < new Date();
+        if (isExpired) {
+          return null
+        }
+        return captchaToken.captcha_token
+      } catch (error) {
+        await this._config.storage.removeItem(this._tokenSectionName);
+        return null
+      }
+    }
+    return null
+  }
+}

package/src/index.ts

@@ -0,0 +1,49 @@
+export { Syntax, ErrorType } from './oauth2client/consts';
+
+import { OAuth2Client } from './oauth2client/oauth2client'
+
+export {
+  defaultStorage,
+  defaultRequest,
+  ToResponseErrorOptions,
+  toResponseError,
+  generateRequestId,
+  OAuth2Client,
+} from './oauth2client/oauth2client';
+
+export { AuthClient, SimpleStorage } from './oauth2client/interface';
+
+// import { Credentials } from './oauth2client/models'
+export {
+  Credentials,
+  ResponseError,
+  OAuth2ClientOptions,
+  AuthClientRequestOptions,
+} from './oauth2client/models';
+
+import { AuthOptions, Auth } from './auth/apis'
+
+export { AuthOptions, Auth } from './auth/apis';
+
+import * as authModels from './auth/models';
+export { authModels };
+
+
+export class CloudbaseOAuth {
+  public oauth2client: OAuth2Client
+  public authApi: Auth
+
+  constructor(authOptions: AuthOptions) {
+    const { apiOrigin, clientId } = authOptions
+    this.oauth2client = new OAuth2Client({
+      apiOrigin,
+      clientId
+    })
+
+    this.authApi = new Auth({
+      credentialsClient: this.oauth2client,
+      ...authOptions
+    })
+  }
+}
+