新增 ClientToken 与自定义权限的对接

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/generate/SaOAuth2DataGenerateDefaultImpl.java

@@ -82,10 +82,10 @@ public class SaOAuth2DataGenerateDefaultImpl implements SaOAuth2DataGenerate {
 
         // 3、生成token
         AccessTokenModel at = dataConverter.convertCodeToAccessToken(cm);
-        SaOAuth2Strategy.instance.workAccessTokenByScope.accept(at);
         RefreshTokenModel rt = dataConverter.convertAccessTokenToRefreshToken(at);
         at.refreshToken = rt.refreshToken;
         at.refreshExpiresTime = rt.expiresTime;
+        SaOAuth2Strategy.instance.workAccessTokenByScope.accept(at);
 
         // 4、保存token
         dao.saveAccessToken(at);
@@ -205,10 +205,11 @@ public class SaOAuth2DataGenerateDefaultImpl implements SaOAuth2DataGenerate {
             dao.saveClientToken(oldCt);
         }
 
-        // 3、生成新Client-Token
+        // 3、生成新 Client-Token
         String clientTokenValue = SaOAuth2Strategy.instance.createClientToken.execute(clientId, scopes);
         ClientTokenModel ct = new ClientTokenModel(clientTokenValue, clientId, scopes);
         ct.expiresTime = System.currentTimeMillis() + (cm.getClientTokenTimeout() * 1000);
+        SaOAuth2Strategy.instance.workClientTokenByScope.accept(ct);
 
         // 3、保存新Client-Token
         dao.saveClientToken(ct);

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/function/strategy/SaOAuth2ScopeWorkAccessTokenFunction.java

@@ -26,9 +26,9 @@ import java.util.function.Consumer;
  * <p>  返回：无  </p>
  *
  * @author click33
- * @since 1.35.0
+ * @since 1.39.0
  */
 @FunctionalInterface
-public interface SaScopeWorkFunction extends Consumer<AccessTokenModel> {
+public interface SaOAuth2ScopeWorkAccessTokenFunction extends Consumer<AccessTokenModel> {
 
 }

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/function/strategy/SaOAuth2ScopeWorkClientTokenFunction.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright 2020-2099 sa-token.cc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package cn.dev33.satoken.oauth2.function.strategy;
+
+import cn.dev33.satoken.oauth2.data.model.ClientTokenModel;
+
+import java.util.function.Consumer;
+
+/**
+ * 函数式接口：ClientTokenModel 加工
+ *
+ * <p>  参数：ClientTokenModel </p>
+ * <p>  返回：无  </p>
+ *
+ * @author click33
+ * @since 1.39.0
+ */
+@FunctionalInterface
+public interface SaOAuth2ScopeWorkClientTokenFunction extends Consumer<ClientTokenModel> {
+
+}

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/scope/handler/OpenIdScopeHandler.java

@@ -17,10 +17,11 @@ package cn.dev33.satoken.oauth2.scope.handler;
 
 import cn.dev33.satoken.oauth2.SaOAuth2Manager;
 import cn.dev33.satoken.oauth2.data.model.AccessTokenModel;
+import cn.dev33.satoken.oauth2.data.model.ClientTokenModel;
 import cn.dev33.satoken.oauth2.scope.CommonScope;
 
 /**
- * 所有OAuth2 权限处理器的父接口
+ * OpenId 权限处理器
  *
  * @author click33
  * @since 1.39.0
@@ -34,12 +35,15 @@ public class OpenIdScopeHandler implements SaOAuth2ScopeAbstractHandler {
         return CommonScope.OPENID;
     }
 
-    /**
-     * 所需要执行的方法
-     */
-    public void work(AccessTokenModel at) {
+    @Override
+    public void workAccessToken(AccessTokenModel at) {
         System.out.println("追加 openid " + at.accessToken);
         at.openid = SaOAuth2Manager.getDataLoader().getOpenid(at.clientId, at.loginId);
     }
 
+    @Override
+    public void workClientToken(ClientTokenModel ct) {
+
+    }
+
 }

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/scope/handler/SaOAuth2ScopeAbstractHandler.java

@@ -16,9 +16,10 @@
 package cn.dev33.satoken.oauth2.scope.handler;
 
 import cn.dev33.satoken.oauth2.data.model.AccessTokenModel;
+import cn.dev33.satoken.oauth2.data.model.ClientTokenModel;
 
 /**
- * 所有OAuth2 权限处理器的父接口
+ * 所有 OAuth2 权限处理器的父接口
  *
  * @author click33
  * @since 1.39.0
@@ -33,12 +34,17 @@ public interface SaOAuth2ScopeAbstractHandler {
     String getHandlerScope();
 
     /**
-     * 所需要执行的方法
+     * 当构建的 AccessToken 具有此权限时，所需要执行的方法
      *
      * @param at /
      */
-    default void work(AccessTokenModel at) {
+    void workAccessToken(AccessTokenModel at);
 
-    }
+    /**
+     * 当构建的 ClientToken 具有此权限时，所需要执行的方法
+     *
+     * @param ct /
+     */
+    void workClientToken(ClientTokenModel ct);
 
 }

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/strategy/SaOAuth2Strategy.java

@@ -79,18 +79,29 @@ public final class SaOAuth2Strategy {
 	/**
 	 * 根据 scope 信息对一个 AccessTokenModel 进行加工处理
 	 */
-	public SaScopeWorkFunction workAccessTokenByScope = (at) -> {
-		System.out.println("增强：" + at.accessToken);
-		System.out.println("权限：" + at.scopes);
-		// 遍历所有的权限处理器，如果此 AccessToken 具有这些权限，则开始加工
+	public SaOAuth2ScopeWorkAccessTokenFunction workAccessTokenByScope = (at) -> {
 		if(at.scopes != null && !at.scopes.isEmpty()) {
-			for (Map.Entry<String, SaOAuth2ScopeAbstractHandler> entry: scopeHandlerMap.entrySet()) {
-				if(at.scopes.contains(entry.getKey())) {
-					entry.getValue().work(at);
+			for (String scope : at.scopes) {
+				SaOAuth2ScopeAbstractHandler handler = scopeHandlerMap.get(scope);
+				if(handler != null) {
+					handler.workAccessToken(at);
 				}
 			}
 		}
+	};
 
+	/**
+	 * 根据 scope 信息对一个 ClientTokenModel 进行加工处理
+	 */
+	public SaOAuth2ScopeWorkClientTokenFunction workClientTokenByScope = (ct) -> {
+		if(ct.scopes != null && !ct.scopes.isEmpty()) {
+			for (String scope : ct.scopes) {
+				SaOAuth2ScopeAbstractHandler handler = scopeHandlerMap.get(scope);
+				if(handler != null) {
+					handler.workClientToken(ct);
+				}
+			}
+		}
 	};
 
 	/**