add first oauth

server/lib/Cargo.toml

@@ -14,4 +14,5 @@ serde_json = "1.0"
 serde_derive = "1.0"
 rocket_okapi = "0.5.1"
 schemars = "0.7.6"
-okapi = "0.4.0"
+okapi = "0.4.0"
+oauth2 = "3.0"

server/lib/src/lib.rs

@@ -14,8 +14,11 @@ use okapi::openapi3::Responses;
 use rocket::{
     http::{hyper::header::Location, Status},
     request::Request,
-    response::status,
-    response::Responder,
+    response::{
+        status,
+        Responder,
+        Redirect
+    },
     Response, State,
 };
 use rocket_contrib::json::Json;
@@ -127,6 +130,24 @@ impl<'r, T: OpenApiResponder<'r>> OpenApiResponder<'r> for LocationHeader<T> {
     }
 }
 
+
+
+pub struct SeeOtherResponse(pub String);
+
+impl<'r> Responder<'r> for SeeOtherResponse {
+    fn respond_to(self, req: &Request) -> Result<Response<'r>, Status> {
+        Redirect::to(self.0).respond_to(req)
+    }
+}
+
+impl<'r> OpenApiResponder<'r> for SeeOtherResponse {
+    fn responses(gen: &mut OpenApiGenerator) -> rocket_okapi::Result<Responses> {
+        let mut responses = Responses::default();
+        rocket_okapi::util::set_status_code(&mut responses, 303)?;
+        Ok(responses)
+    }
+}
+
 #[derive(Debug)]
 pub struct Error {}
 
@@ -178,19 +199,77 @@ pub fn v1_ide_state(
         .map_err(|_| status::NotFound("Sorry, I couldn't find it!".to_owned()))
 }
 
+
+use oauth2::{
+    AuthorizationCode,
+    AuthUrl,
+    ClientId,
+    ClientSecret,
+    CsrfToken,
+    PkceCodeChallenge,
+    RedirectUrl,
+    Scope,
+    TokenResponse,
+    TokenUrl
+};
+use oauth2::basic::BasicClient;
+use oauth2::reqwest::http_client;
+
 #[openapi]
 #[get("/open/<inquirer>/gitea?<clone_url>&<ref_name>")]
 pub fn v1_open_inquirer_gitea(
     inquirer: String,
     clone_url: String,
     ref_name: String,
-) -> status::Accepted<Json<OpenGitParam>> {
+) -> Result<SeeOtherResponse, Error>  {
     let param = OpenGitParam {
         inquirer,
         clone_url,
         ref_name,
     };
-    status::Accepted(Some(Json(param)))
+
+    // Create an OAuth2 client by specifying the client ID, client secret, authorization URL and
+    // token URL.
+    let client =
+    BasicClient::new(
+        ClientId::new("xx".to_string()),
+        Some(ClientSecret::new("xxx".to_string())),
+        AuthUrl::new("https://gitea.stubbe.rocks/login/oauth/authorize".to_string()).unwrap(),
+        Some(TokenUrl::new("https://gitea.stubbe.rocks/login/oauth/access_token".to_string()).unwrap())
+    )
+    // Set the URL the user will be redirected to after the authorization process.
+    .set_redirect_url(RedirectUrl::new("https://cloud.stubbe.rocks/login".to_string()).unwrap());
+
+    // Generate a PKCE challenge.
+    let (pkce_challenge, pkce_verifier) = PkceCodeChallenge::new_random_sha256();
+
+    // Generate the full authorization URL.
+    let (auth_url, csrf_token) = client
+        .authorize_url(CsrfToken::new_random)
+        // Set the desired scopes.
+        //.add_scope(Scope::new("read".to_string()))
+        //.add_scope(Scope::new("write".to_string()))
+        // Set the PKCE code challenge.
+        .set_pkce_challenge(pkce_challenge)
+        .url();
+
+    // This is the URL you should redirect the user to, in order to trigger the authorization
+    // process.
+    println!("Browse to: {}", auth_url);
+    Ok(SeeOtherResponse(format!("{}", auth_url)))
+
+    // Once the user has been redirected to the redirect URL, you'll have access to the
+    // authorization code. For security reasons, your code should verify that the `state`
+    // parameter returned by the server matches `csrf_state`.
+
+    // Now you can trade it for an access token.
+  //  let token_result =  client
+  //      .exchange_code(AuthorizationCode::new("some authorization code".to_string()))
+        // Set the PKCE code verifier.
+  //      .set_pkce_verifier(pkce_verifier)
+  //      .request(http_client).unwrap();
+
+    //status::Accepted(Some(Json(param)))
 }
 
 #[openapi]