From a1ceb9bc7ee37396fcba7f16b6aba300d88c5de6 Mon Sep 17 00:00:00 2001 From: "yadong.zhang" Date: Fri, 3 Jul 2020 15:45:33 +0800 Subject: [PATCH] =?UTF-8?q?:art:=20=E5=AE=8C=E6=88=90=20gitlab=20=E7=9A=84?= =?UTF-8?q?=E8=87=AA=E5=AE=9A=E4=B9=89=20scope?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../oauth/enums/scope/AuthGitlabScope.java | 56 +++++++++++++++++++ .../zhyd/oauth/request/AuthGitlabRequest.java | 3 +- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 src/main/java/me/zhyd/oauth/enums/scope/AuthGitlabScope.java diff --git a/src/main/java/me/zhyd/oauth/enums/scope/AuthGitlabScope.java b/src/main/java/me/zhyd/oauth/enums/scope/AuthGitlabScope.java new file mode 100644 index 0000000..f071156 --- /dev/null +++ b/src/main/java/me/zhyd/oauth/enums/scope/AuthGitlabScope.java @@ -0,0 +1,56 @@ +package me.zhyd.oauth.enums.scope; + +import lombok.AllArgsConstructor; +import lombok.Getter; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.stream.Collectors; + +/** + * Gitlab 平台 OAuth 授权范围 + * + * @author yadong.zhang (yadong.zhang0415(a)gmail.com) + * @version 1.0.0 + * @since 1.0.0 + */ +@Getter +@AllArgsConstructor +public enum AuthGitlabScope implements AuthScope { + + /** + * {@code scope} 含义,以{@code description} 为准 + */ + READ_USER("read_user", "Grants read-only access to the authenticated user's profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users.", true), + OPENID("openid", "Grants permission to authenticate with GitLab using OpenID Connect. Also gives read-only access to the user's profile and group memberships.", true), + PROFILE("profile", "Grants read-only access to the user's profile data using OpenID Connect.", true), + EMAIL("email", "Grants read-only access to the user's primary email address using OpenID Connect.", true), + READ_API("read_api", "Grants read access to the API, including all groups and projects, the container registry, and the package registry.", false), + READ_REPOSITORY("read_repository", "Grants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API.", false), + WRITE_REPOSITORY("write_repository", "Grants read-write access to repositories on private projects using Git-over-HTTP (not using the API).", false), + READ_REGISTRY("read_registry", "Grants read-only access to container registry images on private projects.", false), + WRITE_REGISTRY("write_registry", "Write Registry", false), + SUDO("sudo", "Grants permission to perform API actions as any user in the system, when authenticated as an admin user.", false), + API("api", "Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry.", false), + ; + + private String scope; + private String description; + private boolean isDefault; + + public static List getDefaultScopes() { + AuthGitlabScope[] scopes = AuthGitlabScope.values(); + List defaultScopes = new ArrayList<>(); + for (AuthGitlabScope scope : scopes) { + if (scope.isDefault()) { + defaultScopes.add(scope); + } + } + return defaultScopes; + } + + public static List listScope() { + return Arrays.stream(AuthGitlabScope.values()).map(AuthGitlabScope::getScope).collect(Collectors.toList()); + } +} diff --git a/src/main/java/me/zhyd/oauth/request/AuthGitlabRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGitlabRequest.java index f27e645..57e754e 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGitlabRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGitlabRequest.java @@ -5,6 +5,7 @@ import me.zhyd.oauth.cache.AuthStateCache; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthDefaultSource; import me.zhyd.oauth.enums.AuthUserGender; +import me.zhyd.oauth.enums.scope.AuthGitlabScope; import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; @@ -88,7 +89,7 @@ public class AuthGitlabRequest extends AuthDefaultRequest { @Override public String authorize(String state) { return UrlBuilder.fromBaseUrl(super.authorize(state)) - .queryParam("scope", "read_user+openid+profile+email") + .queryParam("scope", this.getScopes("+", false, AuthGitlabScope.getDefaultScopes())) .build(); } -- GitLab