♻️ 抽取 state 校验方法

src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java

@@ -76,7 +76,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
     public AuthResponse login(AuthCallback authCallback) {
         try {
             AuthChecker.checkCode(source == AuthSource.ALIPAY ? authCallback.getAuth_code() : authCallback.getCode());
-            AuthChecker.checkState(authCallback.getState());
+            this.checkState(authCallback.getState());
 
             AuthToken authToken = this.getAccessToken(authCallback);
             AuthUser user = this.getUserInfo(authToken);
@@ -158,12 +158,12 @@ public abstract class AuthDefaultRequest implements AuthRequest {
     protected String refreshTokenUrl(String refreshToken) {
         return UrlBuilder.fromBaseUrl(source.refresh())
             .queryParam("client_id", config.getClientId())
-            .queryParam("client_secret", config.getClientSecret())
+        .queryParam("client_secret", config.getClientSecret())
-            .queryParam("refresh_token", refreshToken)
+        .queryParam("refresh_token", refreshToken)
             .queryParam("grant_type", "refresh_token")
             .queryParam("redirect_uri", config.getRedirectUri())
-            .build();
+        .build();
-    }
+}
 
     /**
      * 返回获取userInfo的url
@@ -261,4 +261,16 @@ public abstract class AuthDefaultRequest implements AuthRequest {
     protected HttpResponse doGetRevoke(AuthToken authToken) {
         return HttpRequest.get(revokeUrl(authToken)).execute();
     }
+
+
+    /**
+     * 校验回调传回的state
+     *
+     * @param state {@code state}一定不为空
+     */
+    protected void checkState(String state) {
+        if (StringUtils.isEmpty(state) || !authStateCache.containsKey(state)) {
+            throw new AuthException(AuthResponseStatus.ILLEGAL_REQUEST);
+        }
+    }
 }

src/main/java/me/zhyd/oauth/utils/AuthChecker.java

@@ -66,15 +66,4 @@ public class AuthChecker {
             throw new AuthException(AuthResponseStatus.ILLEGAL_CODE);
         }
     }
-
-    /**
-     * 校验回调传回的state
-     *
-     * @param state {@code state}一定不为空
-     */
-    public static void checkState(String state) {
-        if (StringUtils.isEmpty(state) || !AuthStateCache.containsKey(state)) {
-            throw new AuthException(AuthResponseStatus.ILLEGAL_REQUEST);
-        }
-    }
 }