支持速率限制

然后把oauth单独放一个页面一些UI调整
2025-07-30 12:19:38 -07:00
parent b965f90c97
commit 9262ef4076
11 changed files with 745 additions and 404 deletions
--- a/routes/oauth.js
+++ b/routes/oauth.js
@ -5,6 +5,7 @@ const OAuthToken = require('../models/OAuthToken');
 const User = require('../models/User');
 const { authenticateToken } = require('../middleware/auth');
 const { authenticateOAuthToken, requireScope } = require('../middleware/oauth');
+const { oauthAuthLimiter, oauthTokenLimiter } = require('../middleware/rateLimit');

 const router = express.Router();

@ -58,7 +59,7 @@ const handleValidationErrors = (req, res, next) => {
 };

 // 1. 授权端点 - 验证参数并返回授权信息
-router.get('/authorize', authenticateToken, async (req, res) => {
+router.get('/authorize', oauthAuthLimiter, authenticateToken, async (req, res) => {
  try {
    const { 
      response_type, 
@ -141,8 +142,8 @@ router.get('/authorize', authenticateToken, async (req, res) => {
  }
 });

-// 2. 用户同意授权端点
-router.post('/authorize/consent', authenticateToken, async (req, res) => {
+// 2. 用户同意/拒绝授权端点
+router.post('/authorize/consent', oauthAuthLimiter, authenticateToken, async (req, res) => {
  try {
    const { 
      client_id, 
@ -247,7 +248,7 @@ router.post('/authorize/consent', authenticateToken, async (req, res) => {
 });

 // 3. 令牌端点 - 交换授权码获取访问令牌
-router.post('/token', [
+router.post('/token', oauthTokenLimiter, [
  body('grant_type').notEmpty().withMessage('grant_type不能为空'),
  body('client_id').notEmpty().withMessage('client_id不能为空'),
  body('client_secret').notEmpty().withMessage('client_secret不能为空'),