暂无密钥} />
+
+ );
+}
diff --git a/web/src/components/modals/oauth2/OAuth2QuickStartModal.jsx b/web/src/components/modals/oauth2/OAuth2QuickStartModal.jsx
new file mode 100644
index 000000000..91559c580
--- /dev/null
+++ b/web/src/components/modals/oauth2/OAuth2QuickStartModal.jsx
@@ -0,0 +1,230 @@
+import React, { useEffect, useMemo, useState } from 'react';
+import { Modal, Steps, Form, Input, Select, Switch, Typography, Space, Button, Tag, Toast } from '@douyinfe/semi-ui';
+import { API, showError, showSuccess } from '../../../helpers';
+
+const { Text } = Typography;
+
+export default function OAuth2QuickStartModal({ visible, onClose, onDone }) {
+ const origin = useMemo(() => window.location.origin, []);
+ const [step, setStep] = useState(0);
+ const [loading, setLoading] = useState(false);
+
+ // Step state
+ const [enableOAuth, setEnableOAuth] = useState(true);
+ const [issuer, setIssuer] = useState(origin);
+
+ const [clientType, setClientType] = useState('public');
+ const [redirect1, setRedirect1] = useState(origin + '/oauth/oidc');
+ const [redirect2, setRedirect2] = useState('');
+ const [scopes, setScopes] = useState(['openid', 'profile', 'email', 'api:read']);
+
+ // Results
+ const [createdClient, setCreatedClient] = useState(null);
+
+ useEffect(() => {
+ if (!visible) {
+ setStep(0);
+ setLoading(false);
+ setEnableOAuth(true);
+ setIssuer(origin);
+ setClientType('public');
+ setRedirect1(origin + '/oauth/oidc');
+ setRedirect2('');
+ setScopes(['openid', 'profile', 'email', 'api:read']);
+ setCreatedClient(null);
+ }
+ }, [visible, origin]);
+
+ // 打开时读取现有配置作为默认值
+ useEffect(() => {
+ if (!visible) return;
+ (async () => {
+ try {
+ const res = await API.get('/api/option/');
+ const { success, data } = res.data || {};
+ if (!success || !Array.isArray(data)) return;
+ const map = Object.fromEntries(data.map(i => [i.key, i.value]));
+ if (typeof map['oauth2.enabled'] !== 'undefined') {
+ setEnableOAuth(String(map['oauth2.enabled']).toLowerCase() === 'true');
+ }
+ if (map['oauth2.issuer']) {
+ setIssuer(map['oauth2.issuer']);
+ }
+ } catch (_) {}
+ })();
+ }, [visible]);
+
+ const applyRecommended = async () => {
+ setLoading(true);
+ try {
+ const ops = [
+ { key: 'oauth2.enabled', value: String(enableOAuth) },
+ { key: 'oauth2.issuer', value: issuer || '' },
+ { key: 'oauth2.allowed_grant_types', value: JSON.stringify(['authorization_code', 'refresh_token', 'client_credentials']) },
+ { key: 'oauth2.require_pkce', value: 'true' },
+ { key: 'oauth2.jwt_signing_algorithm', value: 'RS256' },
+ ];
+ for (const op of ops) {
+ await API.put('/api/option/', op);
+ }
+ showSuccess('已应用推荐配置');
+ setStep(1);
+ onDone && onDone();
+ } catch (e) {
+ showError('应用推荐配置失败');
+ } finally {
+ setLoading(false);
+ }
+ };
+
+ const rotateKey = async () => {
+ setLoading(true);
+ try {
+ const res = await API.post('/api/oauth/keys/rotate', {});
+ if (res?.data?.success) {
+ showSuccess('签名密钥已准备:' + res.data.kid);
+ } else {
+ showError(res?.data?.message || '签名密钥操作失败');
+ return;
+ }
+ setStep(2);
+ } catch (e) {
+ showError('签名密钥操作失败');
+ } finally {
+ setLoading(false);
+ }
+ };
+
+ const createClient = async () => {
+ setLoading(true);
+ try {
+ const grant_types = clientType === 'public' ? ['authorization_code', 'refresh_token'] : ['authorization_code', 'refresh_token', 'client_credentials'];
+ const payload = {
+ name: 'Default OIDC Client',
+ client_type: clientType,
+ grant_types,
+ redirect_uris: [redirect1, redirect2].filter(Boolean),
+ scopes,
+ require_pkce: true,
+ };
+ const res = await API.post('/api/oauth_clients/', payload);
+ if (res?.data?.success) {
+ setCreatedClient({ id: res.data.client_id, secret: res.data.client_secret });
+ showSuccess('客户端已创建');
+ setStep(3);
+ } else {
+ showError(res?.data?.message || '创建失败');
+ }
+ onDone && onDone();
+ } catch (e) {
+ showError('创建失败');
+ } finally {
+ setLoading(false);
+ }
+ };
+
+ const steps = [
+ {
+ title: '应用推荐配置',
+ content: (
+
+
+
+
+
+
+
说明
+
+ grant_types: auth_code / refresh_token / client_credentials
+ PKCE: S256
+ 算法: RS256
+
+
+
+
+
+
+
+
若无密钥则初始化;如已存在建议立即轮换以生成新的 kid 并发布到 JWKS。
+
+
+
+
+ {createdClient ? (
+
+
客户端已创建:
+
+ Client ID: {createdClient.id}
+
+ {createdClient.secret && (
+
+ Client Secret(仅此一次展示): {createdClient.secret}
+
+ )}
+
+ ) :
已完成初始化。}
+
+ {steps[step].content}
+
+
+ );
+}
diff --git a/web/src/components/modals/oauth2/OAuth2ToolsModal.jsx b/web/src/components/modals/oauth2/OAuth2ToolsModal.jsx
new file mode 100644
index 000000000..515954bc9
--- /dev/null
+++ b/web/src/components/modals/oauth2/OAuth2ToolsModal.jsx
@@ -0,0 +1,324 @@
+import React, { useEffect, useMemo, useState } from 'react';
+import { Modal, Form, Input, Button, Space, Select, Typography, Divider, Toast, TextArea } from '@douyinfe/semi-ui';
+import { API } from '../../../helpers';
+
+const { Text } = Typography;
+
+async function sha256Base64Url(input) {
+ const enc = new TextEncoder();
+ const data = enc.encode(input);
+ const hash = await crypto.subtle.digest('SHA-256', data);
+ const bytes = new Uint8Array(hash);
+ let binary = '';
+ for (let i = 0; i < bytes.byteLength; i++) binary += String.fromCharCode(bytes[i]);
+ return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+
+function randomString(len = 43) {
+ const charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';
+ let res = '';
+ const array = new Uint32Array(len);
+ crypto.getRandomValues(array);
+ for (let i = 0; i < len; i++) res += charset[array[i] % charset.length];
+ return res;
+}
+
+export default function OAuth2ToolsModal({ visible, onClose }) {
+ const [server, setServer] = useState({});
+ const [authURL, setAuthURL] = useState('');
+ const [issuer, setIssuer] = useState('');
+ const [confJSON, setConfJSON] = useState('');
+ const [userinfoEndpoint, setUserinfoEndpoint] = useState('');
+ const [code, setCode] = useState('');
+ const [accessToken, setAccessToken] = useState('');
+ const [idToken, setIdToken] = useState('');
+ const [refreshToken, setRefreshToken] = useState('');
+ const [tokenRaw, setTokenRaw] = useState('');
+ const [jwtClaims, setJwtClaims] = useState('');
+ const [userinfoOut, setUserinfoOut] = useState('');
+ const [values, setValues] = useState({
+ authorization_endpoint: '',
+ token_endpoint: '',
+ client_id: '',
+ client_secret: '',
+ redirect_uri: window.location.origin + '/oauth/oidc',
+ scope: 'openid profile email',
+ response_type: 'code',
+ code_verifier: '',
+ code_challenge: '',
+ code_challenge_method: 'S256',
+ state: '',
+ nonce: '',
+ });
+
+ useEffect(() => {
+ if (!visible) return;
+ (async () => {
+ try {
+ const res = await API.get('/api/oauth/server-info');
+ if (res?.data) {
+ const d = res.data;
+ setServer(d);
+ setValues((v) => ({
+ ...v,
+ authorization_endpoint: d.authorization_endpoint,
+ token_endpoint: d.token_endpoint,
+ }));
+ setIssuer(d.issuer || '');
+ setUserinfoEndpoint(d.userinfo_endpoint || '');
+ }
+ } catch {}
+ })();
+ }, [visible]);
+
+ const buildAuthorizeURL = () => {
+ const u = new URL(values.authorization_endpoint || (server.issuer + '/api/oauth/authorize'));
+ const rt = values.response_type || 'code';
+ u.searchParams.set('response_type', rt);
+ u.searchParams.set('client_id', values.client_id);
+ u.searchParams.set('redirect_uri', values.redirect_uri);
+ u.searchParams.set('scope', values.scope);
+ if (values.state) u.searchParams.set('state', values.state);
+ if (values.nonce) u.searchParams.set('nonce', values.nonce);
+ if (rt === 'code' && values.code_challenge) {
+ u.searchParams.set('code_challenge', values.code_challenge);
+ u.searchParams.set('code_challenge_method', values.code_challenge_method || 'S256');
+ }
+ return u.toString();
+ };
+
+ const copy = async (text, tip = '已复制') => {
+ try { await navigator.clipboard.writeText(text); Toast.success(tip); } catch {}
+ };
+
+ const genVerifier = async () => {
+ const v = randomString(64);
+ const c = await sha256Base64Url(v);
+ setValues((val) => ({ ...val, code_verifier: v, code_challenge: c }));
+ };
+
+ const discover = async () => {
+ const iss = (issuer || '').trim();
+ if (!iss) { Toast.warning('请填写 Issuer'); return; }
+ try {
+ const url = iss.replace(/\/$/, '') + '/api/.well-known/openid-configuration';
+ const res = await fetch(url);
+ const d = await res.json();
+ setValues((v)=>({
+ ...v,
+ authorization_endpoint: d.authorization_endpoint || v.authorization_endpoint,
+ token_endpoint: d.token_endpoint || v.token_endpoint,
+ }));
+ setUserinfoEndpoint(d.userinfo_endpoint || '');
+ setIssuer(d.issuer || iss);
+ setConfJSON(JSON.stringify(d, null, 2));
+ Toast.success('已从发现文档加载端点');
+ } catch (e) {
+ Toast.error('自动发现失败');
+ }
+ };
+
+ const parseConf = () => {
+ try {
+ const d = JSON.parse(confJSON || '{}');
+ if (d.issuer) setIssuer(d.issuer);
+ if (d.authorization_endpoint) setValues((v)=>({...v, authorization_endpoint: d.authorization_endpoint}));
+ if (d.token_endpoint) setValues((v)=>({...v, token_endpoint: d.token_endpoint}));
+ if (d.userinfo_endpoint) setUserinfoEndpoint(d.userinfo_endpoint);
+ Toast.success('已解析配置并填充端点');
+ } catch (e) {
+ Toast.error('解析失败:' + e.message);
+ }
+ };
+
+ const genConf = () => {
+ const d = {
+ issuer: issuer || undefined,
+ authorization_endpoint: values.authorization_endpoint || undefined,
+ token_endpoint: values.token_endpoint || undefined,
+ userinfo_endpoint: userinfoEndpoint || undefined,
+ };
+ setConfJSON(JSON.stringify(d, null, 2));
+ };
+
+ async function postForm(url, data, basicAuth) {
+ const body = Object.entries(data)
+ .filter(([_, v]) => v !== undefined && v !== null)
+ .map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(String(v))}`)
+ .join('&');
+ const headers = { 'Content-Type': 'application/x-www-form-urlencoded' };
+ if (basicAuth) headers['Authorization'] = 'Basic ' + btoa(`${basicAuth.id}:${basicAuth.secret}`);
+ const res = await fetch(url, { method: 'POST', headers, body });
+ if (!res.ok) {
+ const t = await res.text();
+ throw new Error(`HTTP ${res.status} ${t}`);
+ }
+ return res.json();
+ }
+
+ const exchangeCode = async () => {
+ try {
+ const basic = values.client_secret ? { id: values.client_id, secret: values.client_secret } : undefined;
+ const data = await postForm(values.token_endpoint, {
+ grant_type: 'authorization_code',
+ code: code.trim(),
+ client_id: values.client_id,
+ redirect_uri: values.redirect_uri,
+ code_verifier: values.code_verifier,
+ }, basic);
+ setAccessToken(data.access_token || '');
+ setIdToken(data.id_token || '');
+ setRefreshToken(data.refresh_token || '');
+ setTokenRaw(JSON.stringify(data, null, 2));
+ Toast.success('已获取令牌');
+ } catch (e) {
+ Toast.error('兑换失败:' + e.message);
+ }
+ };
+
+ const decodeIdToken = () => {
+ const t = (idToken || '').trim();
+ if (!t) { setJwtClaims('(空)'); return; }
+ const parts = t.split('.');
+ if (parts.length < 2) { setJwtClaims('格式错误'); return; }
+ try {
+ const json = JSON.parse(atob(parts[1].replace(/-/g,'+').replace(/_/g,'/')));
+ setJwtClaims(JSON.stringify(json, null, 2));
+ } catch (e) {
+ setJwtClaims('解码失败:' + e);
+ }
+ };
+
+ const callUserInfo = async () => {
+ if (!accessToken || !userinfoEndpoint) { Toast.warning('缺少 AccessToken 或 UserInfo 端点'); return; }
+ try {
+ const res = await fetch(userinfoEndpoint, { headers: { Authorization: 'Bearer ' + accessToken } });
+ const data = await res.json();
+ setUserinfoOut(JSON.stringify(data, null, 2));
+ } catch (e) {
+ setUserinfoOut('调用失败:' + e);
+ }
+ };
+
+ const doRefresh = async () => {
+ if (!refreshToken) { Toast.warning('没有刷新令牌'); return; }
+ try {
+ const basic = values.client_secret ? { id: values.client_id, secret: values.client_secret } : undefined;
+ const data = await postForm(values.token_endpoint, {
+ grant_type: 'refresh_token',
+ refresh_token: refreshToken,
+ client_id: values.client_id,
+ }, basic);
+ setAccessToken(data.access_token || '');
+ setIdToken(data.id_token || '');
+ setRefreshToken(data.refresh_token || '');
+ setTokenRaw(JSON.stringify(data, null, 2));
+ Toast.success('刷新成功');
+ } catch (e) {
+ Toast.error('刷新失败:' + e.message);
+ }
+ };
+
+ return (
+ 关闭}
+ width={720}
+ style={{ top: 48 }}
+ >
+ {/* Discovery */}
+ OIDC 发现
+
+
+
+
+
+
+
+
+
+ {/* Authorization URL & PKCE */}
+ 授权参数
+
+
+
+
+
+
+
+
+
+
+
+ 提示:将上述参数粘贴到 oauthdebugger.com,或直接打开授权URL完成授权后回调。
+
+
+
+ {/* Token exchange */}
+ 令牌操作
+
+
+
+ UserInfo
+
+
+ );
+}
diff --git a/web/src/components/settings/OAuth2Setting.jsx b/web/src/components/settings/OAuth2Setting.jsx
index 7b2bac6ae..d03d633b8 100644
--- a/web/src/components/settings/OAuth2Setting.jsx
+++ b/web/src/components/settings/OAuth2Setting.jsx
@@ -18,26 +18,18 @@ For commercial licensing, please contact support@quantumnous.com
*/
import React, { useEffect, useState } from 'react';
-import { Card, Spin } from '@douyinfe/semi-ui';
-import { API, showError, toBoolean } from '../../helpers';
+import { Card, Spin, Space, Button } from '@douyinfe/semi-ui';
+import { API, showError } from '../../helpers';
import OAuth2ServerSettings from '../../pages/Setting/OAuth2/OAuth2ServerSettings';
import OAuth2ClientSettings from '../../pages/Setting/OAuth2/OAuth2ClientSettings';
+// import OAuth2Tools from '../../pages/Setting/OAuth2/OAuth2Tools';
+import OAuth2ToolsModal from '../../components/modals/oauth2/OAuth2ToolsModal';
+import OAuth2QuickStartModal from '../../components/modals/oauth2/OAuth2QuickStartModal';
+import JWKSManagerModal from '../../components/modals/oauth2/JWKSManagerModal';
const OAuth2Setting = () => {
- const [inputs, setInputs] = useState({
- 'oauth2.enabled': false,
- 'oauth2.issuer': '',
- 'oauth2.access_token_ttl': 10,
- 'oauth2.refresh_token_ttl': 720,
- 'oauth2.jwt_signing_algorithm': 'RS256',
- 'oauth2.jwt_key_id': 'oauth2-key-1',
- 'oauth2.jwt_private_key_file': '',
- 'oauth2.allowed_grant_types': ['client_credentials', 'authorization_code'],
- 'oauth2.require_pkce': true,
- 'oauth2.auto_create_user': false,
- 'oauth2.default_user_role': 1,
- 'oauth2.default_user_group': 'default',
- });
+ // 原样保存后端 Option 键值(字符串),避免类型转换造成子组件解析错误
+ const [options, setOptions] = useState({});
const [loading, setLoading] = useState(false);
const getOptions = async () => {
@@ -46,25 +38,11 @@ const OAuth2Setting = () => {
const res = await API.get('/api/option/');
const { success, message, data } = res.data;
if (success) {
- let newInputs = {};
- data.forEach((item) => {
- if (Object.keys(inputs).includes(item.key)) {
- if (item.key === 'oauth2.allowed_grant_types') {
- try {
- newInputs[item.key] = JSON.parse(item.value || '["client_credentials","authorization_code"]');
- } catch {
- newInputs[item.key] = ['client_credentials', 'authorization_code'];
- }
- } else if (typeof inputs[item.key] === 'boolean') {
- newInputs[item.key] = toBoolean(item.value);
- } else if (typeof inputs[item.key] === 'number') {
- newInputs[item.key] = parseInt(item.value) || inputs[item.key];
- } else {
- newInputs[item.key] = item.value;
- }
- }
- });
- setInputs({...inputs, ...newInputs});
+ const map = {};
+ for (const item of data) {
+ map[item.key] = item.value;
+ }
+ setOptions(map);
} else {
showError(message);
}
@@ -83,6 +61,10 @@ const OAuth2Setting = () => {
getOptions();
}, []);
+ const [qsVisible, setQsVisible] = useState(false);
+ const [jwksVisible, setJwksVisible] = useState(false);
+ const [toolsVisible, setToolsVisible] = useState(false);
+
return (
{
marginTop: '10px',
}}
>
-
+
+
+
+
+
+
+
+
+ setQsVisible(false)} onDone={refresh} />
+ setJwksVisible(false)} />
+ setToolsVisible(false)} />
+ setJwksVisible(true)} />
);
};
-export default OAuth2Setting;
\ No newline at end of file
+export default OAuth2Setting;
diff --git a/web/src/pages/OAuth/Consent.jsx b/web/src/pages/OAuth/Consent.jsx
new file mode 100644
index 000000000..e98c525f6
--- /dev/null
+++ b/web/src/pages/OAuth/Consent.jsx
@@ -0,0 +1,199 @@
+import React, { useEffect, useMemo, useState } from 'react';
+import { Card, Button, Typography, Tag, Space, Divider, Spin, Banner, Descriptions, Avatar, Tooltip } from '@douyinfe/semi-ui';
+import { IconShield, IconTickCircle, IconClose } from '@douyinfe/semi-icons';
+import { useLocation } from 'react-router-dom';
+import { API, showError } from '../../helpers';
+
+const { Title, Text, Paragraph } = Typography;
+
+function useQuery() {
+ const { search } = useLocation();
+ return useMemo(() => new URLSearchParams(search), [search]);
+}
+
+export default function OAuthConsent() {
+ const query = useQuery();
+ const [loading, setLoading] = useState(true);
+ const [info, setInfo] = useState(null);
+ const [error, setError] = useState('');
+
+ const params = useMemo(() => {
+ const allowed = [
+ 'response_type',
+ 'client_id',
+ 'redirect_uri',
+ 'scope',
+ 'state',
+ 'code_challenge',
+ 'code_challenge_method',
+ 'nonce',
+ ];
+ const obj = {};
+ allowed.forEach((k) => {
+ const v = query.get(k);
+ if (v) obj[k] = v;
+ });
+ if (!obj.response_type) obj.response_type = 'code';
+ return obj;
+ }, [query]);
+
+ useEffect(() => {
+ (async () => {
+ setLoading(true);
+ try {
+ const res = await API.get('/api/oauth/authorize', {
+ params: { ...params, mode: 'prepare' },
+ // skip error toast, we'll handle gracefully
+ skipErrorHandler: true,
+ });
+ setInfo(res.data);
+ setError('');
+ } catch (e) {
+ // 401 login required or other error
+ setError(e?.response?.data?.error || 'failed');
+ } finally {
+ setLoading(false);
+ }
+ })();
+ }, [params]);
+
+ const onApprove = () => {
+ const u = new URL(window.location.origin + '/api/oauth/authorize');
+ Object.entries(params).forEach(([k, v]) => u.searchParams.set(k, v));
+ u.searchParams.set('approve', '1');
+ window.location.href = u.toString();
+ };
+ const onDeny = () => {
+ const u = new URL(window.location.origin + '/api/oauth/authorize');
+ Object.entries(params).forEach(([k, v]) => u.searchParams.set(k, v));
+ u.searchParams.set('deny', '1');
+ window.location.href = u.toString();
+ };
+
+ const renderScope = () => {
+ if (!info?.scope_info?.length) return (
+
+ {info?.scope_list?.map((s) => (
+ {s}
+ ))}
+
+ );
+ return (
+
+ {info.scope_info.map((s) => (
+
+ {s.Name}
+
+ ))}
+
+ );
+ };
+
+ const displayClient = () => (
+
+
+
+ {String(info?.client?.name || info?.client?.id || 'A').slice(0, 1).toUpperCase()}
+
+ {info?.client?.name || info?.client?.id}
+ {info?.verified && 已验证}
+ {info?.client?.type === 'public' && 公开客户端}
+ {info?.client?.type === 'confidential' && 机密客户端}
+
+ {info?.client?.desc && (
+
{info.client.desc}
+ )}
+
+
+
+
+
+
+
应用请求访问你的账户
+
请确认是否授权下列权限给第三方应用。
+
+
+
+
+ ) : error ? (
+
+ ) : (
+ info && (
+
+
+
+
+ {displayClient()}
+ {displayUser()}
+
+ 请求的权限范围
+ {renderScope()}
+
+
+
回调地址
+
{info?.redirect_uri}
+
+
+
+
+
安全提示
+
+ - 仅在信任的网络环境中授权。
+ - 确认回调域名与申请方一致{info?.verified ? '(已验证)' : '(未验证)'}。
+ - 你可以随时在账户设置中撤销授权。
+
+
+
+
+
+
+
+
+
+
+ } onClick={onDeny} theme='borderless'>
+ 拒绝
+
+ } type='primary' onClick={onApprove}>
+ 授权
+
+
+
+
暂无密钥}
+ />
+
+ );
+}
+
diff --git a/web/src/pages/Setting/OAuth2/OAuth2ClientSettings.jsx b/web/src/pages/Setting/OAuth2/OAuth2ClientSettings.jsx
index 4afc6478e..01dab707d 100644
--- a/web/src/pages/Setting/OAuth2/OAuth2ClientSettings.jsx
+++ b/web/src/pages/Setting/OAuth2/OAuth2ClientSettings.jsx
@@ -193,20 +193,37 @@ export default function OAuth2ClientSettings() {
编辑
{record.client_type === 'confidential' && (
-
+
+
)}
+ 客户端:{record.name}
+ 删除后无法恢复,相关 API 调用将立即失效。
+
+ }
onConfirm={() => handleDelete(record)}
- okText="确定"
+ okText="确定删除"
cancelText="取消"
>
*/}
+ {/* */}
+ {/* */}
+ {/**/}
+
+ )}
);
-}
\ No newline at end of file
+}
diff --git a/web/src/pages/Setting/OAuth2/OAuth2Tools.jsx b/web/src/pages/Setting/OAuth2/OAuth2Tools.jsx
new file mode 100644
index 000000000..353d029b8
--- /dev/null
+++ b/web/src/pages/Setting/OAuth2/OAuth2Tools.jsx
@@ -0,0 +1,129 @@
+import React, { useEffect, useMemo, useState } from 'react';
+import { Card, Form, Input, Button, Space, Typography, Divider, Toast, Select } from '@douyinfe/semi-ui';
+import { API } from '../../../helpers';
+
+const { Text } = Typography;
+
+async function sha256Base64Url(input) {
+ const enc = new TextEncoder();
+ const data = enc.encode(input);
+ const hash = await crypto.subtle.digest('SHA-256', data);
+ const bytes = new Uint8Array(hash);
+ let binary = '';
+ for (let i = 0; i < bytes.byteLength; i++) binary += String.fromCharCode(bytes[i]);
+ return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+
+function randomString(len = 43) {
+ const charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';
+ let res = '';
+ const array = new Uint32Array(len);
+ crypto.getRandomValues(array);
+ for (let i = 0; i < len; i++) res += charset[array[i] % charset.length];
+ return res;
+}
+
+export default function OAuth2Tools() {
+ const [loading, setLoading] = useState(false);
+ const [server, setServer] = useState({});
+ const [values, setValues] = useState({
+ authorization_endpoint: '',
+ token_endpoint: '',
+ client_id: '',
+ redirect_uri: window.location.origin + '/oauth/oidc',
+ scope: 'openid profile email',
+ response_type: 'code',
+ code_verifier: '',
+ code_challenge: '',
+ code_challenge_method: 'S256',
+ state: '',
+ nonce: '',
+ });
+
+ useEffect(() => {
+ (async () => {
+ try {
+ const res = await API.get('/api/oauth/server-info');
+ if (res?.data) {
+ const d = res.data;
+ setServer(d);
+ setValues((v) => ({
+ ...v,
+ authorization_endpoint: d.authorization_endpoint,
+ token_endpoint: d.token_endpoint,
+ }));
+ }
+ } catch {}
+ })();
+ }, []);
+
+ const buildAuthorizeURL = () => {
+ const u = new URL(values.authorization_endpoint || (server.issuer + '/oauth/authorize'));
+ u.searchParams.set('response_type', values.response_type || 'code');
+ u.searchParams.set('client_id', values.client_id);
+ u.searchParams.set('redirect_uri', values.redirect_uri);
+ u.searchParams.set('scope', values.scope);
+ if (values.state) u.searchParams.set('state', values.state);
+ if (values.nonce) u.searchParams.set('nonce', values.nonce);
+ if (values.code_challenge) {
+ u.searchParams.set('code_challenge', values.code_challenge);
+ u.searchParams.set('code_challenge_method', values.code_challenge_method || 'S256');
+ }
+ return u.toString();
+ };
+
+ const copy = async (text, tip = '已复制') => {
+ try {
+ await navigator.clipboard.writeText(text);
+ Toast.success(tip);
+ } catch {}
+ };
+
+ const genVerifier = async () => {
+ const v = randomString(64);
+ const c = await sha256Base64Url(v);
+ setValues((val) => ({ ...val, code_verifier: v, code_challenge: c }));
+ };
+
+ return (
+
+
+
+
+
+
+
+
+
+ 提示:将上述参数粘贴到 oauthdebugger.com,或直接打开授权URL完成授权后回调。
+
+
+ );
+}
+