Refactor OAuth2 login for Halo 2.20 (#64)

This PR refactors OAuth2 login for adapting Halo 2.20. See halo-dev/halo#6702 for more.

#### How to build?

1. Checkout to halo-dev/halo#6702
2. Execute command `./gradlew publishToMavenLocal -Pversion=2.20.0+local.5` in Halo project
3. Execute command `./gradlew build` in current project.

```release-note
None
```

build.gradle

@@ -15,7 +15,7 @@ repositories {
 }
 
 dependencies {
-    implementation platform('run.halo.tools.platform:plugin:2.17.0-SNAPSHOT')
+    implementation platform('run.halo.tools.platform:plugin:2.20.0-SNAPSHOT')
     compileOnly 'run.halo.app:api'
 
     testImplementation 'run.halo.app:api'

src/main/java/run/halo/oauth/DefaultOAuth2AuthorizedClientService.java

@@ -16,6 +16,7 @@
 import reactor.core.publisher.Mono;
 import run.halo.app.extension.Metadata;
 import run.halo.app.extension.ReactiveExtensionClient;
+import run.halo.app.security.authentication.oauth2.HaloOAuth2AuthenticationToken;
 
 /**
  * Implementations of this interface are responsible for the management of Authorized Client(s),
@@ -60,6 +61,9 @@ public Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient,
         Authentication principal) {
         Assert.notNull(authorizedClient, "authorizedClient cannot be null");
         Assert.notNull(principal, "principal cannot be null");
+        if (principal instanceof HaloOAuth2AuthenticationToken haloOAuthToken) {
+            principal = haloOAuthToken.getOriginal();
+        }
         String registrationId = authorizedClient.getClientRegistration().getRegistrationId();
         return client.fetch(AuthorizedClient.class,
                 authorizedClientName(registrationId, principal.getName())

src/main/java/run/halo/oauth/HaloOAuth2AuthenticationWebFilter.java

@@ -0,0 +1,58 @@
+package run.halo.oauth;
+
+import org.springframework.security.oauth2.client.authentication.OAuth2LoginReactiveAuthenticationManager;
+import org.springframework.security.oauth2.client.endpoint.WebClientReactiveAuthorizationCodeTokenResponseClient;
+import org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService;
+import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter;
+import org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter;
+import org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler;
+import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
+import org.springframework.security.web.server.context.ServerSecurityContextRepository;
+import org.springframework.stereotype.Component;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+import org.springframework.web.server.WebFilterChain;
+import reactor.core.publisher.Mono;
+import run.halo.app.security.AuthenticationSecurityWebFilter;
+
+/**
+ * OAuth2 authentication web filter.
+ *
+ * @author johnniang
+ * @since 2.20.0
+ */
+@Component
+public class HaloOAuth2AuthenticationWebFilter implements AuthenticationSecurityWebFilter {
+
+    private final WebFilter delegate;
+
+    public HaloOAuth2AuthenticationWebFilter(Oauth2LoginConfiguration configuration,
+        ServerSecurityContextRepository securityContextRepository) {
+        var authManager = new OAuth2LoginReactiveAuthenticationManager(
+            new WebClientReactiveAuthorizationCodeTokenResponseClient(),
+            new DefaultReactiveOAuth2UserService()
+        );
+        var filter = new OAuth2LoginAuthenticationWebFilter(authManager,
+            configuration.getAuthorizedClientRepository());
+        filter.setRequiresAuthenticationMatcher(configuration.getAuthenticationMatcher());
+        var converter = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(
+            configuration.getClientRegistrationRepository()
+        );
+        var successHandler = new RedirectServerAuthenticationSuccessHandler("/uc");
+        successHandler.setRequestCache(configuration.getRequestCache());
+        filter.setAuthenticationSuccessHandler(successHandler);
+        filter.setAuthenticationFailureHandler(
+            new RedirectServerAuthenticationFailureHandler("/login?oauth2_error")
+        );
+        filter.setServerAuthenticationConverter(converter);
+        filter.setSecurityContextRepository(securityContextRepository);
+
+        this.delegate = filter;
+    }
+
+    @Override
+    public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+        return delegate.filter(exchange, chain);
+    }
+
+}

src/main/java/run/halo/oauth/HaloOAuth2RedirectWebFilter.java

@@ -0,0 +1,33 @@
+package run.halo.oauth;
+
+import org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter;
+import org.springframework.stereotype.Component;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+import org.springframework.web.server.WebFilterChain;
+import reactor.core.publisher.Mono;
+import run.halo.app.security.HttpBasicSecurityWebFilter;
+
+@Component
+public class HaloOAuth2RedirectWebFilter implements HttpBasicSecurityWebFilter {
+
+    private final WebFilter delegate;
+
+    public HaloOAuth2RedirectWebFilter(Oauth2LoginConfiguration configuration) {
+        this.delegate = createDelegate(configuration);
+    }
+
+    @Override
+    public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+        return delegate.filter(exchange, chain);
+    }
+
+    private static OAuth2AuthorizationRequestRedirectWebFilter createDelegate(
+        Oauth2LoginConfiguration configuration
+    ) {
+        return new OAuth2AuthorizationRequestRedirectWebFilter(
+            configuration.getClientRegistrationRepository()
+        );
+    }
+
+}