oadmin/sub2api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge pull request #1352 from StarryKira/feat/add-file-upload-oauth-scope

Browse Source 
Feat/add file upload oauth scope
This commit is contained in:
Wesley Liddick
2026-03-30 15:41:18 +08:00
committed by GitHub
parent b5642bd068 81ca4f12dd
commit 576af710be
1 changed files with 9 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
backend/internal/pkg/oauth/oauth.go
View File

@@ -24,20 +24,18 @@ const (
RedirectURI = "https://platform.claude.com/oauth/code/callback" RedirectURI = "https://platform.claude.com/oauth/code/callback"
// Scopes - Browser URL (includes org:create_api_key for user authorization) // Scopes - Browser URL (includes org:create_api_key for user authorization)
ScopeOAuth = "org:create_api_key user:profile user:inference user:sessions:claude_code user:mcp_servers" ScopeOAuth = "org:create_api_key user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload"
// Scopes - Internal API call (org:create_api_key not supported in API) // Scopes - Internal API call (org:create_api_key not supported in API)
ScopeAPI = "user:profile user:inference user:sessions:claude_code user:mcp_servers" ScopeAPI = "user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload"
// Scopes - Setup token (inference only) // Scopes - Setup token (inference only)
ScopeInference = "user:inference" ScopeInference = "user:inference"
// Code Verifier character set (RFC 7636 compliant)
codeVerifierCharset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~"
// Session TTL // Session TTL
SessionTTL = 30 * time.Minute SessionTTL = 30 * time.Minute
) )
// OAuthSession stores OAuth flow state // OAuthSession stores OAuth flow state
type OAuthSession struct { type OAuthSession struct {
State string `json:"state"` State string `json:"state"`
CodeVerifier string `json:"code_verifier"` CodeVerifier string `json:"code_verifier"`
@@ -147,30 +145,14 @@ func GenerateSessionID() (string, error) {
return hex.EncodeToString(bytes), nil return hex.EncodeToString(bytes), nil
} }
// GenerateCodeVerifier generates a PKCE code verifier using character set method // GenerateCodeVerifier generates a PKCE code verifier (RFC 7636).
// Uses 32 random bytes → base64url-no-pad, producing a 43-char verifier.
func GenerateCodeVerifier() (string, error) { func GenerateCodeVerifier() (string, error) {
const targetLen = 32 bytes, err := GenerateRandomBytes(32)
charsetLen := len(codeVerifierCharset) if err != nil {
limit := 256 - (256 % charsetLen)
result := make([]byte, 0, targetLen)
randBuf := make([]byte, targetLen*2)
for len(result) < targetLen {
if _, err := rand.Read(randBuf); err != nil {
return "", err return "", err
} }
for _, b := range randBuf { return base64URLEncode(bytes), nil
if int(b) < limit {
result = append(result, codeVerifierCharset[int(b)%charsetLen])
if len(result) >= targetLen {
break
}
}
}
}
return base64URLEncode(result), nil
} }
// GenerateCodeChallenge generates a PKCE code challenge using S256 method // GenerateCodeChallenge generates a PKCE code challenge using S256 method