guancheng.huang/webman_ad
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3c5778aa47
webman_ad/app/service/GoogleOAuthService.php
hgc 5e86d520c1 修改schema
2024-12-20 19:39:36 +08:00

120 lines
4.4 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
namespace app\service;
use GuzzleHttp\Client;
use think\facade\Db as ThinkDb;
class GoogleOAuthService
{
public function getAuthUrl()
{
$clientId = getenv('GOOGLE_CLIENT_ID');
$redirectUri = getenv('GOOGLE_REDIRECT_URI');
$scope = 'https://www.googleapis.com/auth/adwords';
$responseType = 'code';
$accessType = 'offline';
// $state = 'state_parameter_passthrough_value'; // 可选保护防止CSRF
// 生成随机的state参数防止CSRF攻击
// $state = bin2hex(random_bytes(16)); // 生成一个随机字符串
// 将state保存到会话或数据库中稍后验证
// $_SESSION['oauth_state'] = $state; // 使用PHP会话来保存state
// $authUrl = "https://accounts.google.com/o/oauth2/v2/auth?client_id=$clientId&redirect_uri=$redirectUri&scope=$scope&response_type=$responseType&state=$state";
$authUrl = "https://accounts.google.com/o/oauth2/v2/auth?client_id=$clientId&redirect_uri=$redirectUri&scope=$scope&response_type=$responseType&access_type=$accessType";
return $authUrl;
}
public function getRefreshToken($authCode)
{
$client = new Client();
$response = $client->post('https://oauth2.googleapis.com/token', [
'form_params' => [
'code' => $authCode,
'client_id' => getenv('GOOGLE_CLIENT_ID'),
'client_secret' => getenv('GOOGLE_CLIENT_SECRET'),
'redirect_uri' => getenv('GOOGLE_REDIRECT_URI'),
'grant_type' => 'authorization_code',
],
]);
return json_decode($response->getBody(), true);
}
public function saveRefreshToken($refreshToken, $accessToken)
{
// 使用ThinkORM保存数据到bps_third_user表
// $thirdUser = new \App\Models\ThirdUser();
// $thirdUser->access_token = $accessToken;
// $thirdUser->is_default = true;
// $thirdUser->random_code = bin2hex(random_bytes(16)); // 生成随机码
// $thirdUser->third_type = 'google';
// $thirdUser->user_id = $userId;
// $thirdUser->save();
$data = [
'access_token' => $refreshToken,
'is_default' => 't',
'third_type' => 'google',
];
$tableName = 'bps_third_user';
$tableName = getenv('DB_PG_SCHEMA') ? getenv('DB_PG_SCHEMA') . '.' . $tableName : 'bps' . $tableName;
$sql = "
INSERT INTO {$tableName}
(access_token, is_default, third_type)
VALUES (:access_token, :is_default, :third_type)
ON CONFLICT (user_id)
DO UPDATE SET
access_token = EXCLUDED.access_token,
is_default = EXCLUDED.is_default,
";
// $sql = "
// INSERT INTO {$tableName}
// (access_token, is_default, random_code, third_type, user_id, facebook_user_id)
// VALUES (:access_token, :is_default, :random_code, :third_type, :user_id, :facebook_user_id)
// ON CONFLICT (user_id)
// DO UPDATE SET
// access_token = EXCLUDED.access_token,
// is_default = EXCLUDED.is_default,
// random_code = EXCLUDED.random_code,
// third_type = EXCLUDED.third_type,
// ";
ThinkDb::execute($sql, $data);
}
public function revokeToken($accessToken)
{
$client = new Client();
$client->post('https://oauth2.googleapis.com/revoke', [
'form_params' => [
'token' => $accessToken,
],
]);
// 在数据库中删除或标记该`refresh_token`为无效
// \App\Models\ThirdUser::where('access_token', $refreshToken)->delete();
}
public function useRefreshToken($refreshToken)
{
$client = new Client();
$response = $client->post('https://oauth2.googleapis.com/token', [
'form_params' => [
'refresh_token' => $refreshToken,
'client_id' => getenv('GOOGLE_CLIENT_ID'),
'client_secret' => getenv('GOOGLE_CLIENT_SECRET'),
'grant_type' => 'refresh_token',
],
]);
$data = json_decode($response->getBody(), true);
return $data['access_token'];
}
}
Reference in New Issue View Git Blame Copy Permalink