first commit

This commit is contained in:
Beyhan Oğur
2026-04-26 21:52:23 +03:00
commit 880f412e2c
2662 changed files with 866266 additions and 0 deletions

99
core/schemas/oauth.go Normal file
View File

@@ -0,0 +1,99 @@
package schemas
import (
"context"
"time"
)
// OauthProvider interface defines OAuth operations
type OAuth2Provider interface {
// GetAccessToken retrieves the access token for a given oauth_config_id (server-level OAuth)
GetAccessToken(ctx context.Context, oauthConfigID string) (string, error)
// RefreshAccessToken refreshes the access token for a given oauth_config_id
RefreshAccessToken(ctx context.Context, oauthConfigID string) error
// ValidateToken checks if the token is still valid
ValidateToken(ctx context.Context, oauthConfigID string) (bool, error)
// RevokeToken revokes the OAuth token
RevokeToken(ctx context.Context, oauthConfigID string) error
// Per-user OAuth methods
// GetUserAccessToken retrieves the access token for a per-user OAuth session.
// If the token is expired, it automatically attempts a refresh.
GetUserAccessToken(ctx context.Context, sessionToken string) (string, error)
// GetUserAccessTokenByIdentity retrieves the upstream access token for a user
// identified by virtualKeyID, userID, or sessionToken (fallback), for a specific
// MCP client. Tokens looked up by identity persist across sessions.
GetUserAccessTokenByIdentity(ctx context.Context, virtualKeyID, userID, sessionToken, mcpClientID string) (string, error)
// InitiateUserOAuthFlow creates a per-user OAuth session and returns the authorization URL.
// Returns (flow initiation details, session ID for polling, error).
InitiateUserOAuthFlow(ctx context.Context, oauthConfigID string, mcpClientID string, redirectURI string) (*OAuth2FlowInitiation, string, error)
// CompleteUserOAuthFlow handles the OAuth callback for a per-user flow.
// Returns the session token that the user should send on subsequent requests.
CompleteUserOAuthFlow(ctx context.Context, state string, code string) (string, error)
// RefreshUserAccessToken refreshes a per-user OAuth access token.
RefreshUserAccessToken(ctx context.Context, sessionToken string) error
// RevokeUserToken revokes a per-user OAuth token and marks the session as revoked.
RevokeUserToken(ctx context.Context, sessionToken string) error
}
// OauthConfig represents OAuth client configuration
type OAuth2Config struct {
ID string `json:"id"`
ClientID string `json:"client_id,omitempty"` // Optional: Will be obtained via dynamic registration (RFC 7591) if not provided
ClientSecret string `json:"client_secret,omitempty"` // Optional: For public clients using PKCE, or obtained via dynamic registration
AuthorizeURL string `json:"authorize_url,omitempty"` // Optional: Will be discovered from ServerURL if not provided
TokenURL string `json:"token_url,omitempty"` // Optional: Will be discovered from ServerURL if not provided
RegistrationURL *string `json:"registration_url,omitempty"` // Optional: For dynamic client registration (RFC 7591), can be discovered
RedirectURI string `json:"redirect_uri"` // Required
Scopes []string `json:"scopes,omitempty"` // Optional: Can be discovered
ServerURL string `json:"server_url"` // MCP server URL for OAuth discovery (required if URLs not provided)
UseDiscovery bool `json:"use_discovery,omitempty"` // Deprecated: Discovery now happens automatically when URLs are missing
}
// OauthToken represents OAuth access and refresh tokens
type OAuth2Token struct {
ID string `json:"id"`
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
TokenType string `json:"token_type"`
ExpiresAt time.Time `json:"expires_at"`
Scopes []string `json:"scopes"`
LastRefreshedAt *time.Time `json:"last_refreshed_at,omitempty"`
}
// OauthFlowInitiation represents the response when initiating an OAuth flow
type OAuth2FlowInitiation struct {
OauthConfigID string `json:"oauth_config_id"`
AuthorizeURL string `json:"authorize_url"`
State string `json:"state"`
ExpiresAt time.Time `json:"expires_at"`
}
// OAuth2TokenExchangeRequest represents the OAuth token exchange request
type OAuth2TokenExchangeRequest struct {
GrantType string `json:"grant_type"`
Code string `json:"code,omitempty"`
RedirectURI string `json:"redirect_uri,omitempty"`
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
CodeVerifier string `json:"code_verifier,omitempty"` // PKCE verifier for authorization_code grant
}
// OAuth2TokenExchangeResponse represents the OAuth token exchange response
type OAuth2TokenExchangeResponse struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token,omitempty"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
Scope string `json:"scope,omitempty"`
}