Accueil Explorer Aide
S'inscrire Connexion
siwei
/
dify
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: 24af4b9313
Branches Tags
dify
/
api
/
libs
/
oauth.py

oauth.py 4.3 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128 
  1. import urllib.parse
    2. 

  2. from dataclasses import dataclass
    3. 

  3. 

  4. import requests
    5. 

  5. 

  6. 

  7. @dataclass
    8. 

  8. class OAuthUserInfo:
    9. 

  9.     id: str
    10. 

  10.     name: str
    11. 

  11.     email: str
    12. 

  12. 

  13. 

  14. class OAuth:
    15. 

  15.     def __init__(self, client_id: str, client_secret: str, redirect_uri: str):
    16. 

  16.         self.client_id = client_id
    17. 

  17.         self.client_secret = client_secret
    18. 

  18.         self.redirect_uri = redirect_uri
    19. 

  19. 

  20.     def get_authorization_url(self):
    21. 

  21.         raise NotImplementedError()
    22. 

  22. 

  23.     def get_access_token(self, code: str):
    24. 

  24.         raise NotImplementedError()
    25. 

  25. 

  26.     def get_raw_user_info(self, token: str):
    27. 

  27.         raise NotImplementedError()
    28. 

  28. 

  29.     def get_user_info(self, token: str) -> OAuthUserInfo:
    30. 

  30.         raw_info = self.get_raw_user_info(token)
    31. 

  31.         return self._transform_user_info(raw_info)
    32. 

  32. 

  33.     def _transform_user_info(self, raw_info: dict) -> OAuthUserInfo:
    34. 

  34.         raise NotImplementedError()
    35. 

  35. 

  36. 

  37. class GitHubOAuth(OAuth):
    38. 

  38.     _AUTH_URL = "https://github.com/login/oauth/authorize"
    39. 

  39.     _TOKEN_URL = "https://github.com/login/oauth/access_token"
    40. 

  40.     _USER_INFO_URL = "https://api.github.com/user"
    41. 

  41.     _EMAIL_INFO_URL = "https://api.github.com/user/emails"
    42. 

  42. 

  43.     def get_authorization_url(self):
    44. 

  44.         params = {
    45. 

  45.             "client_id": self.client_id,
    46. 

  46.             "redirect_uri": self.redirect_uri,
    47. 

  47.             "scope": "user:email",  # Request only basic user information
    48. 

  48.         }
    49. 

  49.         return f"{self._AUTH_URL}?{urllib.parse.urlencode(params)}"
    50. 

  50. 

  51.     def get_access_token(self, code: str):
    52. 

  52.         data = {
    53. 

  53.             "client_id": self.client_id,
    54. 

  54.             "client_secret": self.client_secret,
    55. 

  55.             "code": code,
    56. 

  56.             "redirect_uri": self.redirect_uri,
    57. 

  57.         }
    58. 

  58.         headers = {"Accept": "application/json"}
    59. 

  59.         response = requests.post(self._TOKEN_URL, data=data, headers=headers)
    60. 

  60. 

  61.         response_json = response.json()
    62. 

  62.         access_token = response_json.get("access_token")
    63. 

  63. 

  64.         if not access_token:
    65. 

  65.             raise ValueError(f"Error in GitHub OAuth: {response_json}")
    66. 

  66. 

  67.         return access_token
    68. 

  68. 

  69.     def get_raw_user_info(self, token: str):
    70. 

  70.         headers = {"Authorization": f"token {token}"}
    71. 

  71.         response = requests.get(self._USER_INFO_URL, headers=headers)
    72. 

  72.         response.raise_for_status()
    73. 

  73.         user_info = response.json()
    74. 

  74. 

  75.         email_response = requests.get(self._EMAIL_INFO_URL, headers=headers)
    76. 

  76.         email_info = email_response.json()
    77. 

  77.         primary_email = next((email for email in email_info if email["primary"] == True), None)
    78. 

  78. 

  79.         return {**user_info, "email": primary_email["email"]}
    80. 

  80. 

  81.     def _transform_user_info(self, raw_info: dict) -> OAuthUserInfo:
    82. 

  82.         email = raw_info.get("email")
    83. 

  83.         if not email:
    84. 

  84.             email = f"{raw_info['id']}+{raw_info['login']}@users.noreply.github.com"
    85. 

  85.         return OAuthUserInfo(id=str(raw_info["id"]), name=raw_info["name"], email=email)
    86. 

  86. 

  87. 

  88. class GoogleOAuth(OAuth):
    89. 

  89.     _AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth"
    90. 

  90.     _TOKEN_URL = "https://oauth2.googleapis.com/token"
    91. 

  91.     _USER_INFO_URL = "https://www.googleapis.com/oauth2/v3/userinfo"
    92. 

  92. 

  93.     def get_authorization_url(self):
    94. 

  94.         params = {
    95. 

  95.             "client_id": self.client_id,
    96. 

  96.             "response_type": "code",
    97. 

  97.             "redirect_uri": self.redirect_uri,
    98. 

  98.             "scope": "openid email",
    99. 

  99.         }
    100. 

  100.         return f"{self._AUTH_URL}?{urllib.parse.urlencode(params)}"
    101. 

  101. 

  102.     def get_access_token(self, code: str):
    103. 

  103.         data = {
    104. 

  104.             "client_id": self.client_id,
    105. 

  105.             "client_secret": self.client_secret,
    106. 

  106.             "code": code,
    107. 

  107.             "grant_type": "authorization_code",
    108. 

  108.             "redirect_uri": self.redirect_uri,
    109. 

  109.         }
    110. 

  110.         headers = {"Accept": "application/json"}
    111. 

  111.         response = requests.post(self._TOKEN_URL, data=data, headers=headers)
    112. 

  112. 

  113.         response_json = response.json()
    114. 

  114.         access_token = response_json.get("access_token")
    115. 

  115. 

  116.         if not access_token:
    117. 

  117.             raise ValueError(f"Error in Google OAuth: {response_json}")
    118. 

  118. 

  119.         return access_token
    120. 

  120. 

  121.     def get_raw_user_info(self, token: str):
    122. 

  122.         headers = {"Authorization": f"Bearer {token}"}
    123. 

  123.         response = requests.get(self._USER_INFO_URL, headers=headers)
    124. 

  124.         response.raise_for_status()
    125. 

  125.         return response.json()
    126. 

  126. 

  127.     def _transform_user_info(self, raw_info: dict) -> OAuthUserInfo:
    128. 

  128.         return OAuthUserInfo(id=str(raw_info["sub"]), name=None, email=raw_info["email"])
    129.