package storage import ( "context" "time" "git.zhouxhere.com/zhouxhere/syz/oauth" "github.com/go-jose/go-jose" "github.com/google/uuid" "github.com/zitadel/oidc/v3/pkg/oidc" "github.com/zitadel/oidc/v3/pkg/op" ) type AuthStorage struct { op.AuthStorage } func (s *Storage) CreateAuthRequest(ctx context.Context, authRequest *oidc.AuthRequest, userID string) (op.AuthRequest, error) { s.lock.Lock() defer s.lock.Unlock() request := oauth.AuthRequestFromOIDC(authRequest, userID) result := s.store.DB.Create(request) return request, result.Error } func (s *Storage) AuthRequestByID(ctx context.Context, id string) (op.AuthRequest, error) { s.lock.Lock() defer s.lock.Unlock() var request oauth.AuthRequest result := s.store.DB.First(&request, id) return &request, result.Error } func (s *Storage) AuthRequestByCode(ctx context.Context, code string) (op.AuthRequest, error) { s.lock.Lock() defer s.lock.Unlock() var authCode oauth.AuthCode err := s.store.DB.Where("code = ?", code).First(&authCode).Error if err != nil { return nil, err } var request oauth.AuthRequest err = s.store.DB.Where("id = ?", authCode.RequestId).First(&request).Error return &request, err } func (s *Storage) SaveAuthCode(ctx context.Context, requestID string, code string) error { s.lock.Lock() defer s.lock.Unlock() requestUUID, err := uuid.Parse(requestID) if err != nil { return err } authCode := oauth.AuthCode{ RequestId: requestUUID, Code: code, } result := s.store.DB.Create(&authCode) return result.Error } func (s *Storage) DeleteAuthRequest(ctx context.Context, id string) error { s.lock.Lock() defer s.lock.Unlock() result := s.store.DB.Delete(&oauth.AuthCode{}, "request_id = ?", id) if result.Error != nil { return result.Error } result = s.store.DB.Delete(&oauth.AuthRequest{}, id) return result.Error } // The TokenRequest parameter of CreateAccessToken can be any of: // // * TokenRequest as returned by ClientCredentialsStorage.ClientCredentialsTokenRequest, // // * AuthRequest as returned by AuthRequestByID or AuthRequestByCode (above) // // - *oidc.JWTTokenRequest from a JWT that is the assertion value of a JWT Profile // Grant: https://datatracker.ietf.org/doc/html/rfc7523#section-2.1 // // * TokenExchangeRequest as returned by ValidateTokenExchangeRequest func (s *Storage) CreateAccessToken(ctx context.Context, tokenRequest op.TokenRequest) (accessTokenID string, expiration time.Time, err error) { panic("not implemented") // TODO: Implement } // The TokenRequest parameter of CreateAccessAndRefreshTokens can be any of: // // * TokenRequest as returned by ClientCredentialsStorage.ClientCredentialsTokenRequest // // * RefreshTokenRequest as returned by AuthStorage.TokenRequestByRefreshToken // // - AuthRequest as by returned by the AuthRequestByID or AuthRequestByCode (above). // Used for the authorization code flow which requested offline_access scope and // registered the refresh_token grant type in advance // // * TokenExchangeRequest as returned by ValidateTokenExchangeRequest func (s *Storage) CreateAccessAndRefreshTokens(ctx context.Context, request op.TokenRequest, currentRefreshToken string) (accessTokenID string, newRefreshTokenID string, expiration time.Time, err error) { panic("not implemented") // TODO: Implement } func (s *Storage) TokenRequestByRefreshToken(ctx context.Context, refreshTokenID string) (op.RefreshTokenRequest, error) { panic("not implemented") // TODO: Implement } func (s *Storage) TerminateSession(ctx context.Context, userID string, clientID string) error { panic("not implemented") // TODO: Implement } // RevokeToken should revoke a token. In the situation that the original request was to // revoke an access token, then tokenOrTokenID will be a tokenID and userID will be set // but if the original request was for a refresh token, then userID will be empty and // tokenOrTokenID will be the refresh token, not its ID. RevokeToken depends upon GetRefreshTokenInfo // to get information from refresh tokens that are not either ":" strings // nor JWTs. func (s *Storage) RevokeToken(ctx context.Context, tokenOrTokenID string, userID string, clientID string) *oidc.Error { panic("not implemented") // TODO: Implement } // GetRefreshTokenInfo must return ErrInvalidRefreshToken when presented // with a token that is not a refresh token. func (s *Storage) GetRefreshTokenInfo(ctx context.Context, clientID string, token string) (userID string, tokenID string, err error) { panic("not implemented") // TODO: Implement } func (s *Storage) SigningKey(_ context.Context) (op.SigningKey, error) { panic("not implemented") // TODO: Implement } func (s *Storage) SignatureAlgorithms(_ context.Context) ([]jose.SignatureAlgorithm, error) { panic("not implemented") // TODO: Implement } func (s *Storage) KeySet(_ context.Context) ([]op.Key, error) { panic("not implemented") // TODO: Implement }