90513e8278
- 后端:基于 node-oidc-provider 实现 OIDC Provider - 支持 authorization_code、refresh_token、client_credentials 授权类型 - Redis adapter 存储会话数据,Prisma adapter 存储持久化数据 - 客户端管理 CRUD API(创建、更新、删除、重新生成密钥) - 交互 API(登录、授权确认、中止) - 第一方应用自动跳过授权确认页面 - 使用 cuid2 生成客户端 ID - 前端:OIDC 客户端管理界面 - 客户端列表表格(支持分页、排序) - 创建/编辑弹窗(支持所有 OIDC 配置字段) - OIDC 交互页面(登录表单、授权确认表单) - 共享类型:添加 OIDC 相关 TypeScript 类型定义 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
98 lines
3.0 KiB
TypeScript
98 lines
3.0 KiB
TypeScript
import {
|
|
Body,
|
|
Controller,
|
|
Delete,
|
|
Get,
|
|
HttpCode,
|
|
HttpStatus,
|
|
Param,
|
|
Patch,
|
|
Post,
|
|
Query,
|
|
UseGuards,
|
|
} from '@nestjs/common';
|
|
import {
|
|
ApiBearerAuth,
|
|
ApiCreatedResponse,
|
|
ApiNoContentResponse,
|
|
ApiOkResponse,
|
|
ApiOperation,
|
|
ApiTags,
|
|
} from '@nestjs/swagger';
|
|
|
|
import {
|
|
CreateOidcClientDto,
|
|
CreateOidcClientResponseDto,
|
|
OidcClientResponseDto,
|
|
RegenerateSecretResponseDto,
|
|
UpdateOidcClientDto,
|
|
} from './dto/client.dto';
|
|
import { OidcClientService } from './services/client.service';
|
|
|
|
import { JwtAuthGuard } from '@/auth/guards/jwt-auth.guard';
|
|
import { createPaginatedResponseDto } from '@/common/crud/dto/paginated-response.dto';
|
|
import { PaginationQueryDto } from '@/common/crud/dto/pagination.dto';
|
|
import { RequirePermission } from '@/permission/decorators/require-permission.decorator';
|
|
import { PermissionGuard } from '@/permission/guards/permission.guard';
|
|
|
|
|
|
// 分页响应 DTO
|
|
class PaginatedOidcClientResponseDto extends createPaginatedResponseDto(OidcClientResponseDto) {}
|
|
|
|
@ApiTags('OIDC 客户端管理')
|
|
@ApiBearerAuth()
|
|
@UseGuards(JwtAuthGuard, PermissionGuard)
|
|
@Controller('oidc-clients')
|
|
export class OidcClientController {
|
|
constructor(private readonly clientService: OidcClientService) {}
|
|
|
|
@Get()
|
|
@RequirePermission('oidc-client:read')
|
|
@ApiOperation({ summary: '获取客户端列表' })
|
|
@ApiOkResponse({ type: PaginatedOidcClientResponseDto, description: '客户端列表' })
|
|
findAll(@Query() query: PaginationQueryDto) {
|
|
return this.clientService.findAll(query);
|
|
}
|
|
|
|
@Get(':id')
|
|
@RequirePermission('oidc-client:read')
|
|
@ApiOperation({ summary: '获取客户端详情' })
|
|
@ApiOkResponse({ type: OidcClientResponseDto, description: '客户端详情' })
|
|
findOne(@Param('id') id: string) {
|
|
return this.clientService.findById(id);
|
|
}
|
|
|
|
@Post()
|
|
@RequirePermission('oidc-client:create')
|
|
@ApiOperation({ summary: '创建客户端' })
|
|
@ApiCreatedResponse({ type: CreateOidcClientResponseDto, description: '创建成功,返回客户端信息和密钥' })
|
|
create(@Body() dto: CreateOidcClientDto) {
|
|
return this.clientService.createClient(dto);
|
|
}
|
|
|
|
@Patch(':id')
|
|
@RequirePermission('oidc-client:update')
|
|
@ApiOperation({ summary: '更新客户端' })
|
|
@ApiOkResponse({ type: OidcClientResponseDto, description: '更新成功' })
|
|
update(@Param('id') id: string, @Body() dto: UpdateOidcClientDto) {
|
|
return this.clientService.updateClient(id, dto);
|
|
}
|
|
|
|
@Delete(':id')
|
|
@RequirePermission('oidc-client:delete')
|
|
@HttpCode(HttpStatus.NO_CONTENT)
|
|
@ApiOperation({ summary: '删除客户端' })
|
|
@ApiNoContentResponse({ description: '删除成功' })
|
|
remove(@Param('id') id: string) {
|
|
return this.clientService.delete(id);
|
|
}
|
|
|
|
@Post(':id/regenerate-secret')
|
|
@RequirePermission('oidc-client:update')
|
|
@ApiOperation({ summary: '重新生成客户端密钥' })
|
|
@ApiOkResponse({ type: RegenerateSecretResponseDto, description: '新的客户端密钥' })
|
|
regenerateSecret(@Param('id') id: string) {
|
|
return this.clientService.regenerateSecret(id);
|
|
}
|
|
}
|