Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
siwei
/
dify
1
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Мод: 22bdfb7e56
Салаанууд Тагууд
dify
/
api
/
libs
/
oauth.py

oauth.py 4.5 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 
  1. import urllib.parse
    2. 

  2. from dataclasses import dataclass
    3. 

  3. from typing import Optional
    4. 

  4. 

  5. import requests
    6. 

  6. 

  7. 

  8. @dataclass
    9. 

  9. class OAuthUserInfo:
    10. 

  10.     id: str
    11. 

  11.     name: str
    12. 

  12.     email: str
    13. 

  13. 

  14. 

  15. class OAuth:
    16. 

  16.     def __init__(self, client_id: str, client_secret: str, redirect_uri: str):
    17. 

  17.         self.client_id = client_id
    18. 

  18.         self.client_secret = client_secret
    19. 

  19.         self.redirect_uri = redirect_uri
    20. 

  20. 

  21.     def get_authorization_url(self):
    22. 

  22.         raise NotImplementedError()
    23. 

  23. 

  24.     def get_access_token(self, code: str):
    25. 

  25.         raise NotImplementedError()
    26. 

  26. 

  27.     def get_raw_user_info(self, token: str):
    28. 

  28.         raise NotImplementedError()
    29. 

  29. 

  30.     def get_user_info(self, token: str) -> OAuthUserInfo:
    31. 

  31.         raw_info = self.get_raw_user_info(token)
    32. 

  32.         return self._transform_user_info(raw_info)
    33. 

  33. 

  34.     def _transform_user_info(self, raw_info: dict) -> OAuthUserInfo:
    35. 

  35.         raise NotImplementedError()
    36. 

  36. 

  37. 

  38. class GitHubOAuth(OAuth):
    39. 

  39.     _AUTH_URL = "https://github.com/login/oauth/authorize"
    40. 

  40.     _TOKEN_URL = "https://github.com/login/oauth/access_token"
    41. 

  41.     _USER_INFO_URL = "https://api.github.com/user"
    42. 

  42.     _EMAIL_INFO_URL = "https://api.github.com/user/emails"
    43. 

  43. 

  44.     def get_authorization_url(self, invite_token: Optional[str] = None):
    45. 

  45.         params = {
    46. 

  46.             "client_id": self.client_id,
    47. 

  47.             "redirect_uri": self.redirect_uri,
    48. 

  48.             "scope": "user:email",  # Request only basic user information
    49. 

  49.         }
    50. 

  50.         if invite_token:
    51. 

  51.             params["state"] = invite_token
    52. 

  52.         return f"{self._AUTH_URL}?{urllib.parse.urlencode(params)}"
    53. 

  53. 

  54.     def get_access_token(self, code: str):
    55. 

  55.         data = {
    56. 

  56.             "client_id": self.client_id,
    57. 

  57.             "client_secret": self.client_secret,
    58. 

  58.             "code": code,
    59. 

  59.             "redirect_uri": self.redirect_uri,
    60. 

  60.         }
    61. 

  61.         headers = {"Accept": "application/json"}
    62. 

  62.         response = requests.post(self._TOKEN_URL, data=data, headers=headers)
    63. 

  63. 

  64.         response_json = response.json()
    65. 

  65.         access_token = response_json.get("access_token")
    66. 

  66. 

  67.         if not access_token:
    68. 

  68.             raise ValueError(f"Error in GitHub OAuth: {response_json}")
    69. 

  69. 

  70.         return access_token
    71. 

  71. 

  72.     def get_raw_user_info(self, token: str):
    73. 

  73.         headers = {"Authorization": f"token {token}"}
    74. 

  74.         response = requests.get(self._USER_INFO_URL, headers=headers)
    75. 

  75.         response.raise_for_status()
    76. 

  76.         user_info = response.json()
    77. 

  77. 

  78.         email_response = requests.get(self._EMAIL_INFO_URL, headers=headers)
    79. 

  79.         email_info = email_response.json()
    80. 

  80.         primary_email = next((email for email in email_info if email["primary"] == True), None)
    81. 

  81. 

  82.         return {**user_info, "email": primary_email["email"]}
    83. 

  83. 

  84.     def _transform_user_info(self, raw_info: dict) -> OAuthUserInfo:
    85. 

  85.         email = raw_info.get("email")
    86. 

  86.         if not email:
    87. 

  87.             email = f"{raw_info['id']}+{raw_info['login']}@users.noreply.github.com"
    88. 

  88.         return OAuthUserInfo(id=str(raw_info["id"]), name=raw_info["name"], email=email)
    89. 

  89. 

  90. 

  91. class GoogleOAuth(OAuth):
    92. 

  92.     _AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth"
    93. 

  93.     _TOKEN_URL = "https://oauth2.googleapis.com/token"
    94. 

  94.     _USER_INFO_URL = "https://www.googleapis.com/oauth2/v3/userinfo"
    95. 

  95. 

  96.     def get_authorization_url(self, invite_token: Optional[str] = None):
    97. 

  97.         params = {
    98. 

  98.             "client_id": self.client_id,
    99. 

  99.             "response_type": "code",
    100. 

  100.             "redirect_uri": self.redirect_uri,
    101. 

  101.             "scope": "openid email",
    102. 

  102.         }
    103. 

  103.         if invite_token:
    104. 

  104.             params["state"] = invite_token
    105. 

  105.         return f"{self._AUTH_URL}?{urllib.parse.urlencode(params)}"
    106. 

  106. 

  107.     def get_access_token(self, code: str):
    108. 

  108.         data = {
    109. 

  109.             "client_id": self.client_id,
    110. 

  110.             "client_secret": self.client_secret,
    111. 

  111.             "code": code,
    112. 

  112.             "grant_type": "authorization_code",
    113. 

  113.             "redirect_uri": self.redirect_uri,
    114. 

  114.         }
    115. 

  115.         headers = {"Accept": "application/json"}
    116. 

  116.         response = requests.post(self._TOKEN_URL, data=data, headers=headers)
    117. 

  117. 

  118.         response_json = response.json()
    119. 

  119.         access_token = response_json.get("access_token")
    120. 

  120. 

  121.         if not access_token:
    122. 

  122.             raise ValueError(f"Error in Google OAuth: {response_json}")
    123. 

  123. 

  124.         return access_token
    125. 

  125. 

  126.     def get_raw_user_info(self, token: str):
    127. 

  127.         headers = {"Authorization": f"Bearer {token}"}
    128. 

  128.         response = requests.get(self._USER_INFO_URL, headers=headers)
    129. 

  129.         response.raise_for_status()
    130. 

  130.         return response.json()
    131. 

  131. 

  132.     def _transform_user_info(self, raw_info: dict) -> OAuthUserInfo:
    133. 

  133.         return OAuthUserInfo(id=str(raw_info["sub"]), name=None, email=raw_info["email"])
    134.