/** * OAUTH2 授权 * 登录，用户授权 *

 * 作者:hugh zhuang
 * 邮箱:3378340995@qq.com
 * 日期:2018-10-08-下午3:29:34
 * 版权:广州流辰信息技术有限公司
 *

*/ import { OAUTH2_URL } from '@/api/baseUrl' import request from '@/utils/request' import requestState from '@/constants/state' import { Message } from 'element-ui' import qs from 'qs' var AccessToken = function(data) { if (!(this instanceof AccessToken)) { return new AccessToken(data) } this.data = data } /** * 对返回结果的一层封装，如果遇见IBPS平台返回的错误，将返回一个错误 * 参见：IBPS返回码说明 */ var wrapper = function(callback) { return function(err, data, res) { callback = callback || function() {} if (err) { err.name = 'IBPSAPI' + err.name return callback(err, data, res) } callback(null, data, res) } } /*! * 检查AccessToken是否有效，检查规则为当前时间和过期时间进行对比 * * Examples: * ``` * token.isValid(); * ``` */ AccessToken.prototype.isValid = function() { return !!this.data.access_token && (new Date().getTime()) < (this.data.create_at + this.data.expires_in * 1000) } /*! * 处理token，更新过期时间 */ var processToken = function(that, callback) { var createAt = new Date().getTime() return function(err, data, res) { if (err) { return callback(err, data, res) } data.create_at = createAt if (res.variables && res.variables.licJson) { data.licJson = JSON.parse(res.variables.licJson) } // 存储token that.saveToken(data.uid, data, function(err) { callback(err, new AccessToken(data)) }) } } /** * 根据clientId和clientSecret创建OAuth接口的构造函数 * 如需跨进程跨机器进行操作，access token需要进行全局维护 * 使用token的优先级是： * * 1. 使用当前缓存的token对象 * 2. 调用开发传入的获取token的异步方法，获得token之后使用（并缓存它）。 * Examples: * ``` * import IbpsOAuth from '@/utils/oauth2' * var oauthApi = new OAuth('clientId', 'clientSecret'); * ``` * @param {String} clientId 在平台上申请得到的clientId(或appid) * @param {String} clientSecret 在平台上申请得到的client secret(或app secret) * @param {Function} getToken 用于获取token的方法 * @param {Function} saveToken 用于保存token的方法 */ var OAuth = function(clientId, clientSecret, getToken, saveToken) { this.clientId = clientId this.clientSecret = clientSecret this.statistic ='' this.username = '' // token的获取和存储 this.store = {} this.getToken = getToken || function(uid, callback) { callback(null, this.store[uid]) } if (!saveToken && process.env.NODE_ENV === 'production') { console.warn('Please dont save oauth token into memory under production') } this.saveToken = saveToken || function(uid, token, callback) { this.store[uid] = token callback(null) } this.defaults = {} } /*! * request的封装 * * @param {String} url 路径 * @param {Object} opts urllib选项 * @param {Function} callback 回调函数 */ OAuth.prototype.request = function(opts, callback) { const options = {} Object.assign(options, this.defaults) if (typeof opts === 'function') { callback = opts opts = {} } for (const key in opts) { if (key !== 'headers') { options[key] = opts[key] } else { if (opts.headers) { options.headers = options.headers || {} Object.assign(options.headers, opts.headers) } } } request(options).then(response => { const { state } = response if (state === requestState.UNSUPORT || state === requestState.WARNING) { const err = new Error(response.message) err.state = state err.cause = response.cause callback(err) } else { callback(null, response.data, response) } }).catch(error => { callback(error) }) } /** * 获取授权页面的URL地址 * @param {String} redirect 授权后要跳转的地址 * @param {String} state 开发者可提供的数据 * @param {String} scope 作用范围，值为snsapi_userinfo和snsapi_base，前者用于弹出，后者用于跳转 */ OAuth.prototype.getAuthorizeURL = function(redirect, state, scope) { const url = OAUTH2_URL() + '' const info = { clientId: this.clientId, redirect_uri: redirect, response_type: 'code', scope: scope || 'snsapi_base', state: state || '' } return url + '?' + qs.stringify(info) + '#ibps_redirect' } /** * 获取授权页面的URL地址 * @param {String} redirect 授权后要跳转的地址 * @param {String} state 开发者可提供的数据 * @param {String} scope 作用范围，值为snsapi_login，前者用于弹出，后者用于跳转 */ OAuth.prototype.getAuthorizeURLForWebsite = function(redirect, state, scope) { const url = OAUTH2_URL() + '/qrconnect' const info = { clientId: this.clientId, redirect_uri: redirect, response_type: 'code', scope: scope || 'snsapi_login', state: state || '' } return url + '?' + qs.stringify(info) + '#ibps_redirect' } /** * 根据授权获取到的code，换取access_token和uid * 获取uid之后，可以调用`IBPS.API`来获取更多用户信息 * Examples: * ``` * api.getAccessTokenByCode(code, callback); * ``` * Callback: * * - `error`, 获取access token出现异常时的异常对象 * - `result`, 成功时得到的响应结果 * * Result: * ``` * { * data: { * "access_token": "ACCESS_TOKEN", * "refresh_token": "REFRESH_TOKEN", * "uid": "uid", * "expires_in": 7200, * "scope": "SCOPE" * } * } * ``` * @param {String} code 授权获取到的code * @param {Function} callback 回调函数 */ OAuth.prototype.getAccessTokenByCode = function(code, callback) { localStorage.setItem('username', this.username) const args = { url: OAUTH2_URL() + '/authentication/apply', data: { client_id: this.clientId, client_secret: this.clientSecret, authorize_code: code, username: this.username, grant_type: 'authorization_code' }, method: 'post' } this.request(args, wrapper(processToken(this, callback))) } /** * 密码授权模式 * 根据用户名和密码，换取access token和uid * 获取uid之后，可以调用`IBPS.API`来获取更多用户信息 * Examples: * ``` * api.getAccessTokenByPassword(code, callback); * ``` * Callback: * * - `error`, 获取access token出现异常时的异常对象 * - `result`, 成功时得到的响应结果 * * Result: * ``` * { * data: { * "access_token": "ACCESS_TOKEN", * "refresh_token": "REFRESH_TOKEN", * "uid": "uid", * "expires_in": 7200, * "scope": "SCOPE" * } * } * ``` * ``` * @param {String} username 用户名 * @param {String} password 密码 * @param {Function} callback 回调函数 */ OAuth.prototype.getAccessTokenByPassword = function({ username, password }, callback) { const args = { url: OAUTH2_URL() + '/authentication/apply', data: { client_id: this.clientId, client_secret: this.clientSecret, username: username, password: password, grant_type: 'password_credentials' }, method: 'post' } this.request(args, wrapper(processToken(this, callback))) } /** * 根据refresh token，刷新access token，调用getAccessTokenByCode后才有效 * Examples: * ``` * api.refreshAccessToken(refreshToken, callback); * ``` * Callback: * * - `err`, 刷新access token出现异常时的异常对象 * - `result`, 成功时得到的响应结果 * * Result: * ``` * { * data: { * "access_token": "ACCESS_TOKEN", * "expires_in": 7200, * "refresh_token": "REFRESH_TOKEN", * "uid": "uid", * "remind_in": 7 * } * } * ``` * @param {String} refreshToken 刷新tonken * @param {Function} callback 回调函数 */ OAuth.prototype.refreshAccessToken = function(refreshToken, callback) { const username = localStorage.getItem('username') const args = { url: OAUTH2_URL() + '/authentication/apply', data: { client_id: this.clientId, client_secret: this.clientSecret, grant_type: 'refresh_token', username, refresh_token: refreshToken }, method: 'post' } this.request(args, wrapper(processToken(this, callback))) } /** * 获取用户信息【私有方法】 * @param {*} options * @param {*} accessToken * @param {*} callback */ OAuth.prototype._getUser = function(options, accessToken, callback) { const args = { url: OAUTH2_URL() + '/user/context', data: { access_token: accessToken, uid: options.uid, lang: options.lang || 'zh_CN' } } this.request(args, wrapper(callback)) } /** * 根据uid，获取用户信息。 * 当access token无效时，自动通过refresh token获取新的access token。然后再获取用户信息 * Examples: * ``` * api.getUser(uid, callback); * api.getUser(options, callback); * ``` * * Options: * ``` * // 或 * { * "uid": "the user Id", // 必须 * "lang": "the lang code" // zh_CN 简体，zh_TW 繁体，en 英语 * } * ``` * Callback: * * - `err`, 获取用户信息出现异常时的异常对象 * - `result`, 成功时得到的响应结果 * * Result: * ``` * { * "uid": "uid", * "nickname": "NICKNAME", * "sex": "1", * "province": "PROVINCE" * "city": "CITY", * "country": "COUNTRY", * "headimgurl": "http://xxxxx.cn/mmopen/g3MonUZtNHkdmzicIlibx6iaFqAc56vxLSUfpb6n5WKSYVY0ChQKkiaJSgQ1dZuTOgvLLrhJbERQQ4eMsv84eavHiaiceqxibJxCfHe/46", * "privilege": [ * "PRIVILEGE1" * "PRIVILEGE2" * ] * } * ``` * @param {Object|String} options 传入uid或者参见Options * @param {Function} callback 回调函数 */ OAuth.prototype.getUser = function(options, callback) { if (typeof options !== 'object') { options = { uid: options } } const that = this this.getToken(options.uid, function(err, data) { if (err) { return callback(err) } // 没有token数据 if (!data) { const message = 'No token for ' + options.uid + ', please authorize first.' Message({ message: `${message}`, type: 'error', showClose: true, dangerouslyUseHTMLString: true, duration: 5 * 1000 }) const error = new Error(message) err.state = 'NoOAuthTokenError' return callback(error) } const token = new AccessToken(data) if (token.isValid()) { that._getUser(options, token.data.access_token, callback) } else { that.refreshAccessToken(token.data.refresh_token, function(err, token) { if (err) { return callback(err) } that._getUser(options, token.data.access_token, callback) }) } }) } /** * 检验授权凭证（access_token）是否有效。 * Examples: * ``` * api.verifyToken(uid, accessToken, callback); * ``` * @param {String} uid 传入uid * @param {String} accessToken 待校验的access token * @param {Function} callback 回调函数 */ OAuth.prototype.verifyToken = function(uid, accessToken, callback) { const args = { url: OAUTH2_URL() + '/authentication/verify', params: { access_token: accessToken, uid: uid }, method: 'post' } this.request(args, wrapper(callback)) } /** * 用户名、密码方式登录。 * Examples: * ``` * api.userLogin(data, callback); * ``` * @param {Objcct} data * username : 用户名 * password : 密码 * @param {Function} callback 回调函数 */ OAuth.prototype.userLogin = function(data, callback) { const args = { url: OAUTH2_URL() + '/user/login/apply', data: data, method: 'post' } this.request(args, wrapper(callback)) } /** * *申请授权 * Examples: * ``` * api.authorize(login, callback); * ``` * @param {Objcct} options * @param {Function} callback 回调函数 */ OAuth.prototype.authorize = function(data, callback) { const url = OAUTH2_URL() + '/authorize/apply' if (typeof data !== 'object') { data = { login_state: data } } data.client_id = this.clientId const args = { url, data: data, method: 'post' } this.request(args, wrapper(callback)) } /** * 根据code，获取用户信息。 * Examples: * ``` * api.getUserByCode(code, callback); * ``` * Callback: * * - `err`, 获取用户信息出现异常时的异常对象 * - `result`, 成功时得到的响应结果 * * Result: * ``` * { * "uid": "uid", * "nickname": "NICKNAME", * "sex": "1", * "province": "PROVINCE" * "city": "CITY", * "country": "COUNTRY", * "headimgurl": "http://wx.qlogo.cn/mmopen/g3MonUZtNHkdmzicIlibx6iaFqAc56vxLSUfpb6n5WKSYVY0ChQKkiaJSgQ1dZuTOgvLLrhJbERQQ4eMsv84eavHiaiceqxibJxCfHe/46", * "privilege": [ * "PRIVILEGE1" * "PRIVILEGE2" * ] * } * ``` * @param {Object|String} options 授权获取到的code * @param {Function} callback 回调函数 */ OAuth.prototype.getUserByCode = function(options, callback) { const that = this let lang let code if (typeof options === 'string') { code = options } else { lang = options.lang code = options.code } this.getAccessTokenByCode(code, function(err, result) { if (err) { return callback(err) } const uid = result.data.uid that.getUser({ uid: uid, lang: lang }, callback) }) } /** * 通过登录获取access_token * @param {*} options * @param {*} callback */ OAuth.prototype.getLoginCode = function(options, callback) { this.username = options.username const that = this /** * 用户登录 */ this.userLogin(options, function(err, data,res) { if (err) { return callback(err) } that.statistic = res.variables.statistic //判斷是否有统计权限 // 没有token数据 if (!data) { const message = '没有传回用户信息' Message({ message: `${message}`, type: 'error', showClose: true, dangerouslyUseHTMLString: true, duration: 5 * 1000 }) const error = new Error(message) err.state = 'NoOAuthTokenError' return callback(error) } that.authorize(data, function(err1, data1) { if (err1) { return callback(err1) } that.getAccessTokenByCode(data1, callback) }) }) } export default OAuth