Skip to main content

wae_authentication/oauth2/
config.rs

1//! OAuth2 配置模块
2
3use std::collections::HashSet;
4
5/// OAuth2 提供者配置
6#[derive(Debug, Clone)]
7pub struct OAuth2ProviderConfig {
8    /// 提供者名称
9    pub name: String,
10
11    /// 客户端 ID
12    pub client_id: String,
13
14    /// 客户端密钥
15    pub client_secret: String,
16
17    /// 授权端点 URL
18    pub authorization_url: String,
19
20    /// 令牌端点 URL
21    pub token_url: String,
22
23    /// 用户信息端点 URL
24    pub userinfo_url: Option<String>,
25
26    /// 撤销端点 URL
27    pub revocation_url: Option<String>,
28
29    /// 重定向 URI
30    pub redirect_uri: String,
31
32    /// 授权范围
33    pub scopes: Vec<String>,
34
35    /// 额外参数
36    pub extra_params: Vec<(String, String)>,
37}
38
39impl OAuth2ProviderConfig {
40    /// 创建新的提供者配置
41    pub fn new(
42        name: impl Into<String>,
43        client_id: impl Into<String>,
44        client_secret: impl Into<String>,
45        redirect_uri: impl Into<String>,
46    ) -> Self {
47        Self {
48            name: name.into(),
49            client_id: client_id.into(),
50            client_secret: client_secret.into(),
51            authorization_url: String::new(),
52            token_url: String::new(),
53            userinfo_url: None,
54            revocation_url: None,
55            redirect_uri: redirect_uri.into(),
56            scopes: Vec::new(),
57            extra_params: Vec::new(),
58        }
59    }
60
61    /// 设置授权端点 URL
62    pub fn with_authorization_url(mut self, url: impl Into<String>) -> Self {
63        self.authorization_url = url.into();
64        self
65    }
66
67    /// 设置令牌端点 URL
68    pub fn with_token_url(mut self, url: impl Into<String>) -> Self {
69        self.token_url = url.into();
70        self
71    }
72
73    /// 设置用户信息端点 URL
74    pub fn with_userinfo_url(mut self, url: impl Into<String>) -> Self {
75        self.userinfo_url = Some(url.into());
76        self
77    }
78
79    /// 设置撤销端点 URL
80    pub fn with_revocation_url(mut self, url: impl Into<String>) -> Self {
81        self.revocation_url = Some(url.into());
82        self
83    }
84
85    /// 设置授权范围
86    pub fn with_scopes(mut self, scopes: Vec<String>) -> Self {
87        self.scopes = scopes;
88        self
89    }
90
91    /// 添加授权范围
92    pub fn add_scope(mut self, scope: impl Into<String>) -> Self {
93        self.scopes.push(scope.into());
94        self
95    }
96
97    /// 添加额外参数
98    pub fn add_extra_param(mut self, key: impl Into<String>, value: impl Into<String>) -> Self {
99        self.extra_params.push((key.into(), value.into()));
100        self
101    }
102}
103
104/// OAuth2 客户端配置
105#[derive(Debug, Clone)]
106pub struct OAuth2ClientConfig {
107    /// 提供者配置
108    pub provider: OAuth2ProviderConfig,
109
110    /// 是否启用 PKCE
111    pub use_pkce: bool,
112
113    /// 是否启用状态验证
114    pub use_state: bool,
115
116    /// 是否验证 scope
117    pub validate_scope: bool,
118
119    /// 允许的 scope 集合
120    pub allowed_scopes: HashSet<String>,
121
122    /// 请求超时(毫秒)
123    pub timeout_ms: u64,
124}
125
126impl OAuth2ClientConfig {
127    /// 创建新的客户端配置
128    pub fn new(provider: OAuth2ProviderConfig) -> Self {
129        Self {
130            provider,
131            use_pkce: true,
132            use_state: true,
133            validate_scope: false,
134            allowed_scopes: HashSet::new(),
135            timeout_ms: 30000,
136        }
137    }
138
139    /// 设置是否启用 PKCE
140    pub fn with_pkce(mut self, use_pkce: bool) -> Self {
141        self.use_pkce = use_pkce;
142        self
143    }
144
145    /// 设置是否启用状态验证
146    pub fn with_state_validation(mut self, use_state: bool) -> Self {
147        self.use_state = use_state;
148        self
149    }
150
151    /// 设置是否验证 scope
152    pub fn with_scope_validation(mut self, validate: bool) -> Self {
153        self.validate_scope = validate;
154        self
155    }
156
157    /// 设置允许的 scope
158    pub fn with_allowed_scopes(mut self, scopes: HashSet<String>) -> Self {
159        self.allowed_scopes = scopes;
160        self
161    }
162
163    /// 设置请求超时
164    pub fn with_timeout(mut self, timeout_ms: u64) -> Self {
165        self.timeout_ms = timeout_ms;
166        self
167    }
168}
169
170/// OAuth2 授权请求配置
171#[derive(Debug, Clone)]
172pub struct AuthorizationRequest {
173    /// 重定向 URI
174    pub redirect_uri: String,
175
176    /// 授权范围
177    pub scopes: Vec<String>,
178
179    /// 状态参数
180    pub state: Option<String>,
181
182    /// PKCE code challenge
183    pub code_challenge: Option<String>,
184
185    /// PKCE code challenge method
186    pub code_challenge_method: Option<String>,
187
188    /// 额外参数
189    pub extra_params: Vec<(String, String)>,
190}
191
192impl AuthorizationRequest {
193    /// 创建新的授权请求
194    pub fn new(redirect_uri: impl Into<String>) -> Self {
195        Self {
196            redirect_uri: redirect_uri.into(),
197            scopes: Vec::new(),
198            state: None,
199            code_challenge: None,
200            code_challenge_method: None,
201            extra_params: Vec::new(),
202        }
203    }
204
205    /// 设置授权范围
206    pub fn with_scopes(mut self, scopes: Vec<String>) -> Self {
207        self.scopes = scopes;
208        self
209    }
210
211    /// 设置状态参数
212    pub fn with_state(mut self, state: impl Into<String>) -> Self {
213        self.state = Some(state.into());
214        self
215    }
216
217    /// 设置 PKCE challenge
218    pub fn with_pkce(mut self, challenge: impl Into<String>, method: impl Into<String>) -> Self {
219        self.code_challenge = Some(challenge.into());
220        self.code_challenge_method = Some(method.into());
221        self
222    }
223
224    /// 添加额外参数
225    pub fn add_extra_param(mut self, key: impl Into<String>, value: impl Into<String>) -> Self {
226        self.extra_params.push((key.into(), value.into()));
227        self
228    }
229}